Posts by 'Stein

Cool, that right there is a clean log :)

Heh ya, don't worry about the killbox anymore...the entry's no longer in HJT.

Lastly, are ya having any more problems?

Thanks.

Alrite, fix another entry:

O4 - HKCU\..\Run: [Natfupov] C:\WINDOWS\system32\?dobe\?hkdsk.exe

Now, open killbox, check "delete on reboot, and kill the following file:

C:\WINDOWS\system32\Adobe\Chkdsk.exe

Now, let the computer restart, and post back here with a new log.

Thanks.

Awsome, the log's completely clean :)

O, and be sure to rehide system files if ya havn't done so already:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

___________

what should I do to insure that this doesn't happen again?

Haha glad ya asked.

Here's what I'd do.

1) Keep Symantec AntiVirus. Run it say, once a week.

2) Keep Ewido. After 14 days the 'Background Guard' and the 'Automatic Updates will expire, but all this basically means is that you'll have to click the 'update' button before ya run a scan. Run a scan about once a week.

3) Keep CCleaner. Run this about once a week.

4) Keep Microsoft Defender. Although this doesn't have a good scan system, it provides excellent 'realtime' service. A scan here wouldn't be that necessary.

Hmm, and that seems about it.

Any questions?

Thanks.

Good good, the log's alot cleaner. Also, Ewido removed a fair amout of junk.

However, couple more things to fix. Fix the following with HJT:

O2 - BHO: (no name) - {62E2E094-F989-48C6-B947-6E79DA2294F9} - (no file)

Also, these 2 below depend on whether your father uses MusicMatch. If he DOES use it, leave them alone. If he doesn't use the program, be sure to check these also:

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

If that O2 entry above is still present in the new log (the one you're gonna send back), we're gonna have to kill it with CWShredder.

Awsome, after fixing these, are ya having any more problems?

Post back with a new HJT log.

Thanks.

Edited for grammar.

Heh ya, like I said in the other post, please only 1 post per problem.

Thanks.

Hmm, well let's double check this and get a better picture of your computer.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential,

Lastly, we please ask you to post only one thread at a time. Also, be sure to include replies inside the original thread (here).

Thanks.

Awsome, all clean except for 1 entry.

Check off this one with HJT:

O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)

And other then that, it all looks good.

Any more problems?

Last thing, post a new HJT log just to make sure that entry disappears.

Thanks.

Awsome, good to hear.

Last thing, could ya mark the thread as solved?

Thanks again :)

Yep, roger that, you're infected.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your …

Awsome, the log's clean.

O ya, be sure to do this:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, what problems (if any) are ya still having?

Awsome, I only see 1 piece of spyware now. Fix the following:

O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)

Now, restart the computer and post a new log back here.

Lastly, are ya still having problems?

Thanks.

Arg alrite. This one's pesky :)

Some of this may sound repetetive, so just bear with us.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing …

Ok, before ya do the fix listed above, ya need to move HJT into a permenant folder.

To do this, create a new folder inside Program Files, and name it HJT. Now, drag the HJT icon into this new folder, and now run HJT from here.

Now we're gonna do some cleaning before we HJT the entries.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, …

Um...ya. Again, you're infected with the AntiSpyLab Virus.

SO, post a log back here so we can tell exactly how to fix this.

I can tell ya ahead of the time, we're gonna need to fix some more entries with HJT, and clean up with CCleaner and Ewido.

Thanks.

Tijay-read what I said in the earlier post

..er, not exactly.

First, youre running HJT from a termporary folder. Fix this by creating a new folder in Program Files, and naming it HJT. Now, drag your HJT icon into this new folder and run a new scan.

THEN, fix the following via HJT:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [iemk.exe] C:\WINDOWS\system32\iemk.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/148e7f004f671f2...p/RdxIE601.cab

Now, run Killbox:

Copy this advise to a Notepad file. Save it to your desktop. We will use it later

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\iemk.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing …

Heh and to think some of us are still underclassmen in High School and can't drive yet :mrgreen:

But ya, I'm ready whenever ya got the logs lol.

Alrite, I see several things. BUT, we're gonna get all the small stuff first.

So, we're gonna pull an Ewido/CCleaner uppercut.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

Heh, definitely sounds like spyware. HOWEVER, let's diagnose it.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Haha welcome (you and your father) to Daniweb :)

First, lemme clear up some of the confusion

...it seems a person needs to run CCleaner, then Ewido...

Well, that's generally my advice for several reasons. Oftentimes, many minor trojans, tracking cookies, cookies in general, viruses etc, live in *.tmp folders. CCleaner (full name CrapCleaner) does more or less just this. It empties, (if directions are followed correctly) the majority of the places where minor viruses reside. Also, it cleans up many of the junk stored in a computer after time.

Ewido is a well-known anti-malware software used to predominantly clean out small infections not seen by HijackThis.

For these reasons, I personally assign this fix (first Ewido/CCleaner, then new log) most often. However, based on what I see in the HJT log, my next plan of action is different.

_____________

run HJT again and clear the checkboxes on programs that are unfamiliar or undefined?

Well, this one is alittle harder to explain, sorta because it goes into how HijackThis works and such. But, here's the short and easy version :)

The first thing to look at is the prefix (O2, O3, etc). This prefix shows what type of list it is. CastleCops is a good site for help with learning them.

However, it's sorta more difficult then how CC explains it.

The other thing to remember is that, often it says "File Missing". The majority of the time, the …

Hmm, did ya happen to run this in Safe Mode?

1 more thing. Be sure all programs are enabled on startup (do this through the 'msconfig' utility).

Then, restart, and post back here with a log from normal mode.

Thanks again.

Hahah awsome, thats good to hear :)

Couple things. One, ya need to rehide Hidden folders:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Now, when ya post for the other computer, be sure to start a new thread.

Lastly, could ya mark this thread as solved?

Thanks again :)

Awsome, that's a clean log.

Are ya still having problems?

Thanks.

Good good. Well, there should be a button in the yellow header right above the first post on this page (the one you're looking at now).

Thanks again, and I'm glad to hear its fixed :)

CCleaner - Run scans in both 'Cleaner' tab and 'Issues' tab. Correct

Ewido - run the scan and post it here. Correct

Thanks :)

Hmm, well the log looks clean to me.

One more thing, could ya post the contents of the following file:

C:\rapport.txt

It's the scan log of SmitFraudFix.

After looking at that, we'll verify youre clean.

Thanks again.

Heh alrite good. Let's begin by uninstalling AdwareAlert via the Add/Remove Programs list. It was formerally on the Rogue List, and I don't trust any software that has ever been on that list.

Next, followup by placing checks next to the following in HJT:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

After placing checks, close all windows (including this one) and hit 'Fix Checked'.

Now, restart the computer and continue by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and …

Heh alrite, that works.

One more thing, could ya mark this thread as solved?

Thanks again.

Awsome. Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Awsome, let's begin by fixing the following using HJT:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)

After this, restart the computer and post back here. I see a possibliity of a SpyAxe infection, but I only see 1 component for it. We'll fix that only if ya still are having problems.

That leads me to my last question.

Are ya still having problems?

Thanks.

Hmm, well a couple things.

First, ya need to run HJT from a permenant folder.

To do this, go to Program Files and create a new folder there, and name it 'HJT'. Then, move the HJT icon into this folder and run a new scan.

And lastly, before we fix anything else, let's let Ewido/CCleaner take out all the small infections.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If …

Heh ya, several problems.

Try using CCleaner and Ewido on this computer too.

For CCleaner, use the same instructions I provided above.

For Ewido, follow the instructions below:

Continue by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Thanks.

Hmm, well I don't see anything too significant in the log.

Have ya tried Ewido/CCleaner?

If not...

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After …

1 last thing.

Could ya mark the thread as solved?

Thanks again :)

Hmm alrite. Well the log's clean.

Do this before doing any more:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

About the background - lemme do some more research into it all and I'll get back.

Thanks.

Hmm, let's fix this one again and see if it disappears:

O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll (file missing)

At this point, are ya having any more problems?

After fixing the above, post a new log.

Thanks.

Awsome, a clean log.

Do ya have any more problems?

If yes, post back with those and we'll work on them.
If no, please mark the thread as solved.

Thanks again :)

Okie, couple more to fix:

O15 - Trusted Zone: http://www.windowsupdate.com
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll

Now, follow the following directions:

Copy this advise to a Notepad file. Save it to your desktop. We will use it later.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "delete on reboot" and put a check in the "unregister dll.

5) Open the text file with these instructions in it, and copy the file name

C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Post back here a new HJT log for review.

Thanks.

Awsome, log's clean.

Are ya still having problems?

Awsome, that's good.

2 more things to do:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

After doing this, could ya mark this thread as solved?

Thanks again :)

Ok, we'll just work from the other thread then.

No more posting here.

ANd ya, next time, we ask that you use only one thread.

Thanks.

Heh jeez, welcome to Daniweb by the way :)

Ok, about the log--try posting it where each entry has 1 line.

In other words, leave all the line breaks.

For an example, look at one of the other threads.

Post back with a new log.

Thanks.

Arg, that's annoying.

Try running it again in safe mode, and if that doesn't work, we'll do it all manually.

Thanks.

Hmm. Have ya tried Ewido/Adaware?

EDIT: ^ with a cleaning of CCleaner

Ok, we now know that you're infected with the Troj/Podrop-C trojan, which has a possiblity for rootkits.

Due to this, we're gonna try killing it with Adaware, seeing that Ewido hasnt already take it out:

Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

• Download Ad-Aware SE Personal 1.06:
  • Download Ad-Aware SE Personal.
  • Save aawsepersonal.exe to a convenient location (eg. the Desktop).
• Install Ad-Aware SE Personal
  • Double-click on aawsepersonal.exe to install the program.
  • Follow the default settings for installation.
  • After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
• Update Ad-Aware SE Personal
  • Double-click the Ad-Aware SE Personal icon on your Desktop.
  • Click "Check for updates now" then click "Connect".
  • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
• Configure Ad-Aware SE Personal
  • Click on the Gear button at the top of the window.
  • Click "General" on the left hand side to display the General Settings box.
    • Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
      • "Automatically save logfile"
      • "Automatically quarantine objects prior to removal"
      • "Safe Mode (always request confirmation)"
      • "Prompt to update outdated definitions" - change to 7 days from the default 14.
  • Click …

Yep, nearly clean--just 1 more entry.

Open HJT, and fix the following:

O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

After this, We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

After doing both of these, post back here with 1 more log.

Thanks.

Ok, what we're gonna try to do is run the fix again, and then download a reg file to merge to the registry after.

SO, this will surely sound like ya've done it before, but ya.
____________________

1) Either print out or save these instructions in a Notepad document, as Internet Explorer needs to stay closed during the entire fix.

2) Go to the Add/Remove Programs list and uninstall anything having to do with Surf Sidekick.

If it isn't listed in Add/Remove Programs, or it doesnt work, click on Start, then Run and type the following in the Open field:

C:\Program Files\SurfSideKick 3\Ssk.exe /u

and press the OK button. A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix.

3) Open HJT and check the following:

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O20 - AppInit_DLLs: repairs303169572.dll
O23 - Service: sE@•¤qÛmŠxmÊ¿Ú (iE™V‘¸7é,)Ã@`À¿Ÿ©g߈å"º0©) - Unknown owner - C:\WINDOWS\hostsvc.exe (file missing)

Now hit 'Fix Checked' and close HJT.

4) Restart the computer

5) Delete the following folders if any are there:

C:\PROGRAM FILES\SurfSideKick
C:\Program Files\SurfSideKick 3\
C:\Program Files\Common Files\VCClient\

6) Now search for any of the following files, and delete any …

1 more to fix:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080

Also, is this the same computer that's in your other thread?

Arg. Well, looking at the log, that entry's gone, regardless.

So, I'm gonna ignore it for now, and bring it up if we need to.

Fix 1 more entry with HJT:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080.

After this, ya appear clean.

Are ya still having problems?

Awsome, glad we could help :)

Last thing, could ya mark the thread as solved?

Thanks again.

Hmm, can ya tell what the popup is of?

Thanks.