Posts by DMR

What are the errors you are getting?

Yes- please give us the full and exact text of the errors.

You have a version of the "Vundo" infection.

Please follow the removal instructions given in this post carefully and fully. The instructions use example filenames and example HijackThis log entries; you should replace those examples with the following file names and entries from your log:

HijackThis entries:

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\pmnli.dll
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\system32\sstqo.dll
O20 - Winlogon Notify: pmnli - C:\WINDOWS\SYSTEM32\pmnli.dll
O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll

File names:

C:\WINDOWS\SYSTEM32\pmnli.dll
C:\WINDOWS\system32\sstqo.dll

Once you've completed the removal procedure, run HJT and post a new log for us to review.

kcto88,

I notice that you are running a very old version of HijackThis. You should get the latest version (1.99.1) and post the log that that version generates. The newer version probes more areas of your system than previous versions.

Also:

C:\Documents and Settings\Kevin To\Local Settings\Temp\Temporary Directory 1 for hjt[1].zip\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

cabowler,

I notice that you are running a very old version of HijackThis. You should get the latest version (1.99.1) and post the log that that version generates. The newer version probes more areas of your system than previous versions

Please do the following:

You will need to close all web browser programs before performing these procedures, so you should print out the following instructions or save them into a text file with Notepad.

1. Click on the "Run..." option under your Start menu, type the following in the resulting "Open:" box, and then hit Enter:

services.msc

In the resulting list of Windows Services, locate the following services and perform the procedure below for each:

NTBOOTMGR (NTBOOT)
NTLOAD
NTSVCMGR

- Double-click on the service.
- In the resulting window, click the Stop button if the service is reported to be currently running.
- Once the service is stopped, choose the "Disabled" option in the "Startup Type" drop-down menu, and then click OK.

Close the Services window after reconfiguring all three of the services.

2. Run HijackThis again and have it fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

3. Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. …

security file

Well that certainly clears things up...

i dont seem to have america online on my computer

Er- the following entries in your HJT log indicate otherwise:

Running processes:
.
.

C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe

Your log is clean, and as it does not indicate that you are running any SQL database software, I'd guess that the BlackIce messages are warnings of probes from the outside; the IP addresses would be those of the attacking/probing computers. BlackIce will block these, but there's really nothing you can do to stop the probes entirely.

If you are running an SQL server, you need to apply all of the most current security patches ASAP.

If your system is usable in Safe Mode, you would run Ad Aware and your other utility program just as you would when booted normally: just locate their shortcuts and click on them.

By the way- if you are able to get/run HijackThis on the system, this thread describes how to eliminate the "bridge.dll" error with HJT.

I didn't mean specifics about your system, I meant specifics about the particular "security log" that you're asking about.

Hi battousai, welcome to TechTalk :)

You are running a very old version of HijackThis; you need to get the most current version (1.99.1) and post the log that that version generates. You can get the latest version of HijackThis here.

Hopefully, yes.

Let us know if any "unwanted guests" creep back in to your system...

What security log? What program or version of Windows are you referring to?

Please give us some specifics to go on.

Welcome to Daniweb, deacon :)

1. First of all, the header information in your HJT log shows that your versions of Windows XP and Internet Explorer are very out of date:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Please use Windows' Automatic Update feature to bring your system up to date; many of the updates you're missing address/fix security loopholes through which malware can infect your computer. I definitely wouldn't suggest going all the way to Service Pack 2 until we're sure that you're infection-free, but you need to at least upgrade to Service Pack 1 with all of its most current critical updates.

Once you've done that, the upgrades/updates should be reflected in your HJT log's header info as follows:

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

2. Once you've installed the updates above, please do the following:

Please download, install, and run the following two utilities:

Microsoft Antispyware beta
ewido Security Suite

Be sure to use each program's automatic update feature to get the most current detection databases installed before actually running the scans/fixes. If you initially receive a warning message from ewido saying "Database not found" when you first run the program, just click "OK" for this. Next- in the main screen, click "Update" and click "Start Update".

Run a full system scan with each utility, and have each …

Hmm- no immediate ideas at the moment. I've got to log off shortly, but I'll mull on it and post again if I get any bright ideas.

ep2002,

Please post your exact hardware specs and any other such information which might be helpful. The more information we have, the faster we'll be able to help you.

dianekjs,

I've moved your thread to our Viruses, Spyware, and other Nasties forum, as the "bridge.dll" error is definitely an indication of a spyware infection.

If possible, download HijackThis on to another computer, copy it to a floppy or CD, and install it on to the problematic computer that way. Since the system is unstable when booted normally, you may have to boot into Safe Mode to do this (or anything else, for that matter). To get to the Safe Mode boot option, tap the F8 key repeatedly just as your computer is starting up (before the Windows logo appears).

If you can manage to get HijackThis on to the computer, follow these instructions for running the program:

Download HijackThis from:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept …

Cool; let us know if anything suspicious crops up.

Also- read this thread for some good suggestions on how to protect your computer against future infections.

Good- looks like that took care of lockx.exe. :)

Are you still seeing sysmptoms of possible infections, or does the system seem to be running correctly now?

OK- that's much better, but some infections remain. Please do the following:

* You must have all web browsers closed in order for HijackThis to fully perform its fixes, so you should print out the following instructions or save them into a text file with Notepad.

1. Uninstall the SurfAccuracy program through your Add/Remove Programs control panel if possible.

2. Have HijackThis fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.s1s1s1search.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [Avmllkyg] C:\Program Files\Nmzod\Svevz.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [kzqv] C:\WINDOWS\kzqv.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] msmsgr.exe
O4 - HKLM\..\RunServices: [Kernel Service Driver] msnmsgrs.exe
O4 - HKCU\..\Run: [dsle] yahoomsg.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000132.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000132.exe
O4 - HKCU\..\RunServices: [dsle] yahoomsg.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxmk121BBUS

3. Open the Services utility in your Administrative Tools control panel.

- In the list of services, locate the service named "Remote Packet Capture Protocol" …

1. Run another scan with HijackThis and have it fix the following three entries:

O4 - HKLM\..\Run: [stratas] LOCKX.EXE
O4 - HKLM\..\RunServices: [stratas] LOCKX.EXE
O4 - HKCU\..\Run: [stratas] LOCKX.EXE

2. Delete the following file:

C:\WINDOWS\SYSTEM\LOCKX.EXE

3. Empty your Recycle Bin.

4. Reboot, run HijackThis again, and post the new log.

...the better question is how do I avoid these problems.

This thread has many helpful suggestions on that.

Any other questions, feel free to PM me, as I fix AOL software daily. :)

Actually, we ask that members keep troubleshoots "on the forums" rather than use mechanisms like PMs, email, chat, etc. By doing so, we provide helpful information not only to the member currently experiencing the problem, but also to others who may be having similar problems.

From the related section of our forum rules:

Keep it on the site
Please do not post asking for an answer to be sent to you via email. Problems and their responses assist others who read them. Please refrain from responding to people's questions via email for the same reason. Moderators may snip email addresses out of such posts without notice. That being said, please do not email or PM forum staff with your support questions. Also please do not ask support questions in the DaniWeb IRC chat. The chat is meant to offer a more laid back community atmosphere where members can get to know each other, and not as a venue to constantly ask/answer people's computer frustrations.

Hope this is the whole thing HJT new log....

Yes, you got it this time. Also- the log is clean. :)

Is OIN still in your Add/Remove Programs control panel?

I didn't do it; honestly!

At least not, erm, this time... :o

The "lockx.exe" entries in your log are definitely indicative of the infection, but there are probably other hidden components of the infection as well. Please do the following so that we can see if that's true:

- Run Hijackthis.

- In HJT's main window, click on the Config button.

- Click the Misc. Tools button on the resulting page.

- In the StartupList section of the Misc Tools page, put a check mark in the boxes next to the "List also minor sections (full)" and "List empty sections (complete)" options.

- Click the "Generate StartupList log" button and then click "Yes" in the resulting confirmation box.

- When the scan is finished, the results will be displayed in a Windows Notepad file named "startuplist.txt". Paste the entire contents of that file into you next post here.

Hi mrain01,

Let's start with the following:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

You're welcome folks. It's good to back from vacation and in full swing here again! :)

chyenn,

Now that your system appears to be clean, please read the following thread for some suggestions on how to protect yourself from future infections:

http://www.daniweb.com/techtalkforums/thread27519.html

OK- ewido found and cleaned some "unwanted guests". :)

However, you are still posting incomplete HJT logs. It looks like you are cutting-n-pasting directly from the HJT report window, which doesn't display the full contents of the log file. Please use the following method to post the entire log:

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

Erm- before you worry about what hardware to buy, check the motherboard to see what kinds of expansion slots it has on it. A machine that old may not have many (if any) PCI slots available, and it's pretty hard to find old ISA cards these days. Also keep in mind that even if the machine does have available PCI slots, they will be the original PCI bus spec (version 1); newer PCI network cards may not work in those slots.

1. Your HJT logs look very incomplete. Are you sure that you are posting the full contents of the log files?

2. Your versions of Windows XP and Internet Explorer are very out-of-date. Please use Windows' Automatic Update feature to at least get your system upgraded to the most current state of Service Pack 1; I'd hold off on going to Service Pack 2 until we're sure that your system is entirely clean.

Once you've installed the Windows updates, run HJT again and post the new log.

Erf... you've got more than a few nasties indicated in htat log. Please do the following:

You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed). Also update your version of ewido and run that.

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed …

Hi Killabee786, welcome to our site. :)

We don't deal with technical questions in this particular forum; it's just a place for new members to introduce themselves. However, if you post your question in our Geek's Lounge forum, you should get some input from other members.

ok now we are getting somewhere.

Yes, we are; good troubleshooting. :)

The "Services and Controller" program is a component of Win 2K and XP which manages Windows operating system services. The actual program file is named services.exe; you will see it listed as a running process in your Task Manager. On a Win 2K system, services.exe should live in the C:\WINNT\system32\ folder; on an XP system it will live in the C:\Windows\system32\ folder. If you find a file named services.exe living in any other folder, there's a pretty good chance that that version of services.exe is part of an infection.

The next time Zone Alarm gives you the “Services and Controller app..." message, allow the connection, and also tell ZA to remember your choice (in other words, tell ZA not to prompt you in the future).

No, the results are right. People came out of the woodwork, nay, I say they bothered to create an account, just to vote for Good old Dave :D

LOL! Sure, I'll buy that answer...

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/GroupGrins.gif[/img]

Hi Sugona- welcome :)

We don't deal with technical problems in this particular forum, but if you post your Yahoo messenger question in the Windows Software forum we can probably help you out.

Hi jillian175,

Welcome to the site, and thanks for reposting your HJT log in the proper forum. :)

Hmm... looks like DMR is somehow the sexiest...

*whistles*

Um, hmmm, yeah... DMR thinks a certain moderator, who shall of course remain *cough**Alex**cough* nameless, remembers the fun that my little marsupial friends used to have with polls over at JustLinux. :mrgreen:

chyenn,

To narrow down a few things regarding the Internet connection problem:

1. What exact type of connection do you have (dial-up, cable, DSL)?

2. If it's cable or DSL, do you connect directly to the modem, or do you go through a router or switch first?

3. If you're running any firewall software, disable it completely.

4. Some tests:

1. Open your Internet Options control panel, click on the Connections tab, and then on the "LAN Settings" button. In the LAN settings window, make sure none of the proxy-related boxes are checked, and also try toggling the status of the "automatically detect settings" box.

2. Open Internet Explorer and see if you can reach Google and/or Yahoo by their IP addresses as opposed to their URL. In IE's address/location bar, type in the following locations one at a time and tell us what happens:

http://66.102.7.147
http://66.94.230.37

3. Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window

- At the DOS prompt, type the following commands, hit Enter after each, and tell us the exact results:

ping 127.0.0.1
ping 66.102.7.147
ping www.google.com

- Again at the DOS prompt, type the following command, hit Enter, and post the …

Hey people... just for info, this issue was first discussed in this thread: http://www.daniweb.com/techtalkforums/thread14172.html ... Im having the exact same problem as Hypnotoad did...

Please do the following, as the contents of your HijackThis log will differ from Hypnotoad's log:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Ummm, what horrible things?

These horrible things:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINNT\system32\awtqn.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: awtqn - C:\WINNT\system32\awtqn.dll

Summerland:

1. Uninstall WeatherBug through your Add/Remove Programs control panel if you haven't done so already.

2. Have HijackThis fix:

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

3. Open Windows Explorer, locate and delete the following folder entirely, and then empty your Recycle Bin.
C:\Program Files\AWS

4. For the WinFixer parasite, follow the instructions in post #2 of this thread. However- do not use the file names/paths given in that post when you do your particular fix. Instead:

- When you get to the first "Type in the filepath as instructed by the forum staff" step, use the following filepath:

C:\WINNT\system32\awtqn.dll

- When you get to the second "Type in the filepath as instructed by the forum staff" step, use the following filepath:

C:\WINNT\system32\nqtwa.*

5. When you get to the HijackThis step directly after the above two steps, have HJT fix the following entries instead of the ones listed in the post:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINNT\system32\awtqn.dll
O20 - Winlogon Notify: awtqn - C:\WINNT\system32\awtqn.dll

6. Complete the rest of the steps, making sure to copy-n-paste …

...but there are other solutions.

Yup- the following links have more on that; please give them a read and try the suggestions given there, as you may still have malicious components messing with your Net connection.

http://www.daniweb.com/techtalkforums/thread27570.html
http://www.daniweb.com/techtalkforums/thread27519.html

If the problems persist after trying the above suggestions:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Your HJT log indicates the presence of more than a few infections. Please follow these general spyware/virus removal procedures to get some/most of the "unwanted guests" off of your system:

You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating …

Thank you for the "gory details", chrisbliss; excellent explanation. :)

OIN is definitely an unwanted guest, but I don't see any malicious components listed in your HJT log, so we'll have to try another route.

You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Open your ewido Security Suite program and use its online update feature to make sure you have the most current spyware database installed. Donot run a system scan yet, just close the program after the update completes.

2. Download and install Microsoft Antispyware beta. Open the program and do the online update as you did with ewido; again- do not run a scan yet.

3. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the …

The top portion of your HJT log, which contains some important summary data, is missing from your post. Can you please run HJT again and post a full and complete log?

Your latest log looks cleaner :)

Let's go for the remains. You should print these instructions out or save them into a text file, as you will need to have Internet Explorer (andany other web browser) closed when you do the HiajckThis fixes.

1. I'd suggest you do the following; the family of programs below have a dubious reputation:

Open ‘Add/Remove Programs’ in the Control Panel. If you find any of the following programs listed, select them and click the "Remove" button: My Search Bar, MyWay Speed Bar, My Web Search Bar . For the MyWeb variant, be sure to also remove ‘Fun Web Products Easy Installer’.

2. Have HijackThis fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstqo.dll (file missing)
O20 - Winlogon Notify: sstqo - sstqo.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -

3. Please download, install, and run the following two utilities:

Microsoft Antispyware beta
ewido Security Suite

Be sure to use each program's automatic update feature to get the most current detection databases installed before actually running the scans/fixes. If you initially receive a warning message from ewido saying "Database not found" when you …

1. Uninstall the SurfAccuracy program through your Add/Remove Programs control panel if possible.

2. Follow these general malware removal instructions to clean up as many of the other "nasties" as possible:

A) Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

B) Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

Note: For ewido, if you initially receive a warning message saying "Database not found" when you first run the program, just click "OK" for this. Next- in the main screen, click "Update" and click "Start Update". After the update completes, run a full system scan and save the scan report it generates.

C) Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- …

Sorry this thread wasn't answered earlier; we're running a bit shorthanded at the moment.

Your log shows indications of at least a couple of infections. Please follow the general cleaning instructions below and post a new HijackThis log after that:

You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, …

Use the Event Viewer utility in your Administrative Tools folder to review the contents of your System and Application logs. Look for any warning or error messages in the logs which might possibly be related to the problems and post the full contents of any such messages you find.

Can you tell us what exact problems/symptoms you are experiencing, please?

Here are links to a couple of HJT tutorials which should help you better understand the log entries:

http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
http://www.help2go.com/article153.html