Thanks for reposting, ; I'll delete your post in the other thread. :)
Please perform the cleaning procedures below:
You will need to close/quit all web browser programs and disconnect from the Internet for the following, so you should print out these instructions or save them into a text file with Notepad.
(Before proceeding, uninstall Download Accelerator Plus if the version you have is the free version; the free version is adware)
1. Download and install these utilities (but do not run scans with them yet):
ewido Security Suite (trial version) - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/
- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.
- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.
- Open SpyBot and use its update feature to download and install the most current spyware definitions file. Close the program once the update is complete.
- Open AdAware, click the "Check for updates now" button, and follow the prompts to install the most current spyware definition database. Close the program once the update is complete.
- Open Norton Antivirus and use its Live Update feature to make sure that you have the most current virus definitions installed. As with the above programs, don't run a scan with it yet; just close it once it is updated.
3. Download and install the CCleaner utility, but don't run it yet.
4. Open the Services utility in your Administrative Tools control panel.
- In the list of services, locate the service named "Remote Packet Capture Protocol" or "rpcapd" and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.
5. Run HijackTHis, put a check mark next to the following entries, and then click the "Fix checked" button. Close HJT once it has finished performing its fixes:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: HyperSearchHook - {38D55B8C-85D5-407A-A4A1-39F2CC84B5A5} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
R3 - URLSearchHook: (no name) - {04079856-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {20346F4C-43D6-781F-B1C0-06C2494B880D} - C:\DOCUME~1\CHRISK~1\APPLIC~1\Roam the\SOFTFACE.exe (file missing)
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [Logo Bait Cast Site] C:\Documents and Settings\All Users\Application Data\Mix Type Logo Bait\Memo Readme.exe
O4 - HKLM\..\Run: [strtas] l071.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunServices: [strtas] l071.exe
O4 - HKCU\..\Run: [AMOK DRIVE] C:\DOCUME~1\CHRISK~1\APPLIC~1\PLATFO~1\TIME BUILD.exe
O4 - HKCU\..\Run: [strtas] l071.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\Program Files\BT2Net\bt2plugin.dll (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\Program Files\BT2Net\bt2plugin.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
- Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
rpcapd
6. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).
7. Run CCleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.
8. Run Norton, SpyBot, ewido, AdAware, and MS Antispyware beta consecutively; have the programs fix all malicious items they find.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.
9. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Search for and delete the following files (some of these should already have been deleted by the removal utilities):
C:\WINDOWS\about.htm
sndcfg16.exe
l071.exe
- Delete the following folders entirely:
C:\Program Files\Common Files\Hyperbar
C:\Documents and Settings\Chris Kenny\Application Data\Roam the
C:\Documents and Settings\All Users\Application Data\Mix Type Logo Bait
C:\Documents and Settings\Chris Kenny\Application Data\PLATFO~1 <-This folder name is truncated here; the full name of the folder will begin with "PLATFO", followed by more letters and/or numbers
C:\Program Files\DAP
C:\Program Files\WinPcap
10. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.
