Posts by 'Stein

Haha glad we could help.

Last thing tho, post back a new HJT log to make sure the infection's completely gone.

Thanks.

Awsome, while I don't see evidence in the log that ya have SpyFalcon, I can judge by your symptoms that ya have it.

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download the trial version of Ewido.

• Install Ewido.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The program will prompt you to update. Click the Ok button.
• The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this linkto manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window …

Yea, good idea, let's try that. However, it'll get caught up on some running processes that we need ended.

SO, let's open the process manager and disable any of the following first:

~e5d141.tmp

where ~ is a random letter or number.

After doing that, run CCleaner and Ewido.

Post back here, after that, with the Ewido log and a new HJT log.

Thanks.

Well ya could always use CCleaner, but sometime's its a hastle.

Hmm. Lets try an LSPfix

Download LSP-Fix . Run it to the full extent, fixing everything it finds.

Post back here once ya've done that.

Thanks.

Welcome to daniweb :).

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to …

Hmm, I don't kno, but have ya simply tried uninstalling via the Add/Remove Programs list? Although it doesnt work every time, it works sometimes.

Try this, and tell us of the results.

Thanks.

Ahh ok, if ya actively use PartyPoker, its cool to keep on there.

WeatherBug is commonly installed anyways, but nearly always, its embedded with spyware. Also, its a major data hog. However, if ya wanna keep it on, it's your decision.

Lastly, its all good that everything's fixed.

One more thing. Could ya mark the thread as solved?

Thanks again :)

Hmm, I don't know about the Safe mode.

Do ya happen to be using a wireless mouse of the sort?

If so, try using a wired mouse.

I'll get back to ya after I look into this a bit.

Thanks.

Awsome, I see a clean log there.

Now, do this:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, are ya having any problems?

Thanks.

Ok, let's try uninstalling New.Net 1 more time. THis is sorta important.

Now, fix the following via HJT:

R3 - URLSearchHook: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
R3 - URLSearchHook: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 ,ClientStartup -s
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\PPPATC~1\dvdplay.exe" -vt ndrv
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O17 - HKLM\System\CCS\Services\Tcpip\..\{C745C310-98C5-45B1-B2A4-3100E822A6F0}: NameServer = 207.69.188.185 207.69.188.186

Now, restart the computer, and post back here with a new log.

Thanks.

Hmm, alrite. FIRST, let's begin by uninstalling New.Net from the Add/Remove Programs list. (NOTE: This is important to do).

Followup by downloading LSP-Fix.

Run it, fixing everything it finds.

Next, open HJT and fix the following:

R3 - URLSearchHook: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
R3 - URLSearchHook: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O2 - BHO: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O2 - BHO: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 ,ClientStartup -s
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\PPPATC~1\dvdplay.exe" -vt ndrv
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123

Next, post back here with a new HJT log.

Thanks.

Welcome to daniweb :)

Begin by opening HJT and checking the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O4 - HKLM\..\Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AF5EF7F-05E5-4C9B-AC5A-7785DB146BEE}: NameServer = 24.93.41.125,24.93.40.77
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AF5EF7F-05E5-4C9B-AC5A-7785DB146BEE}: NameServer = 24.93.41.125,24.93.40.77
O17 - HKLM\System\CS2\Services\Tcpip\..\{3AF5EF7F-05E5-4C9B-AC5A-7785DB146BEE}: NameServer = 24.93.41.125,24.93.40.77
O23 - Service: WiRNS (WiRNS.exe) - rbolen70 - C:\WiRNS\WiRNS.exe

After doing this, follow these intstructions.

Copy this advise to a Notepad file. Save it to your desktop. We will use it later

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WiRNS\WiRNSMon.exe
C:\WiRNS\WiRNS.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying …

So ya, like I mentioned otherwise, the log's clean, although I didn't like what Ewido caught.

Lastly, are ya stil having problems?

Thanks.

EDIT: Umm, amanda, I just caught this, but stay in your own thread next time, don't start a new one.

Sometimes it takes us time to get to each thread, so please be patient.

Lastly, post back in your original thread.

Thanks.

Awsome, no more problems. Good to hear :)

Now for the questions:

1)Teatimer - Yep, good job disabling it. I shoulda reminded ya to, but I guess I missed it...;)

2) HJT - Ya, it not coming up is cool. THat happens sometimes

And nope, no more logs.

1 last thing tho, could ya mark the thread as solved? (the 'Mark Solved' button) is on this screen (not the reply screen) right above the first post.

Thanks a ton.

Awsome, clean log.

Ya still having problems?

Thanks.

Wow, someone that followed directions. Thanks a ton Amanda :cheesy:

And ya, the HJT log is clean, although Ewido did catch a fair amount of things.

Are ya having any problems, or is this just a checkup (which is cool too)?

Thanks.

Well, first off, HJT wasnt run from a permenant folder.

Go to Program Files and create a new folder there, titled 'HJT'.

Now, drag the HJT icon into this new folder.

After doing this, follow up by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

After, this, continue by downloading CCleaner, and specifically …

Awsome, that infection's gone.

Now, uninstall the following programs via the Add/Remove Programs:

Weatherbug
PartyPoker

After this, check the following in HJT:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 120.3.20.2:16644
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

After fixing these, reboot into safe mode and delete the following folders:

C:\Program Files\PartyPoker
C:\Program Files\AWS

Lastly, reboot into normal mode again, and rehide system files:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Finally, are ya having any more problems?

Thanks.

Hmmm....the Ewido log doesnt show much either--mostly neglectable stuff...

Have the symptoms shanged any? Like, say again what problems still remain.

Thanks.

Heh no. Near the top, the yellow bar right above the first post. It should be around there (like, just looking at this page, not in reply format).

Thanks again.

Haha awsome, clean be ye.

If ya could mark the thread as solved, it'd be great.

Thanks again :)

Cool. OK, couple more things to fix with HJT:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.media-codec.com/v4/mediacodec-v4.403.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

After this,

Copy this advise to a Notepad file. Save it to your desktop. We will use it later

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\windows\system32\blank.htm

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let …

O, and 1 more thing, ya gotta rehide hidden folders:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Thanks.

Awsome, if ya could mark the thread as solved, it'd be great.

Thanks again :)

Well the log looks clean.

1 last thing, post the contents of C:\fixwareout\report.txt , so i can double check youre clean.

Thanks.

All's clean except for 1 entry, which won't go away.

Try taking it out in safe mode:

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

If not, it's not a huge deal.

Lastly, are ya experiencing any more problems?

Thanks.

Hmm about the Firefox, I don't think it was the FireFox itself that caused the problem, unless it was downloaded from a 3rd party, that might have included other software.

First off, you have a WareOut infection.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {F1255ED0-C4E7-C617-7C49-E713DD9CA572} - StatusCheck.dll (file missing)
O4 - HKLM\..\Run: [Kargo] syspanel.exe
O4 - HKLM\..\Run: [10010] cmon14.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKCU\..\Run: [progmen] TorontoMail.exe
O4 - HKCU\..\Run: [Testimonials] bingo9.exe
O4 - HKCU\..\Run: [NopeZ] ERTYDF.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E15FAC-B676-4A54-A7F7-BDBD9FEE7E18}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{416D0866-FD9C-4562-A7B5-662CA04F4DCB}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{9574568B-CDD5-4424-B7E0-3FC78449868A}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A18EA0EC-AB92-467D-ACE0-62656490C9E1}: NameServer = 85.255.114.5,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{E61979FE-5577-4B37-89B9-36B47C182F2E}: …

Hmm good, clean log.

However, I wanna run 2 more things, CCleaner and Ewido.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to …

Hmm, well lets take a look.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Adi,

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

kylethedarkn - please don't advise victims to illegaly cheat the system by using pre-used serial keys. Don't cheat the companys that help us in our fight agaisnt malware. Secondly, don't advise victims to visit sites where they are likely to further burden down their computer with more spyware.

Thanks.

NOTE: Save these directions in WordPad, as some of this fix will be done in Safe Mode.

Hmm alrite. First off, are ya sure ya followed ALL of tayspern's directions (uninstallation, killbox and all)?

Now, fix the following with HJT:

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinkrag.exe
O20 - AppInit_DLLs: repairs303169572.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\mgwsock.dll (file missing)
O23 - Service: sE@•¤qÛmŠxmÊ¿Ú (iE™V‘¸7é,)Ã@`À¿Ÿ©g߈å"º0©) - Unknown owner - C:\WINDOWS\hostsvc.exe (file missing)

After this, reboot into safe mode.

Open Killbox, and select 'Delete on Reboot'.

Copy/Paste the following folders into the box:

C:\Program Files\SurfSideKick 3\Ssk.exe
C:\WINDOWS\system32\lwinkrag.exe
C:\WINDOWS\hostsvc.exe

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Let the computer reboot.

Now, reboot into safe mode again.

Open killbox, and select both 'delete on reboot' and 'unregister dll'.

Delete the following files with killbox:

C:\Program Files\SurfSideKick 3\SskBho.dll
C:\WINDOWS\system32\mgwsock.dll

Let the computer reboot.

Post a new log.

Thanks.

Arg, you're pretty infected.

First, begin by uninstalling the following via Add/Remove Programs:

MyWebSearch
Copernic
WeatherBug
Viewpoint Media Player

Next, continue by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies

Welcome to Daniweb :) You definitely have a SpyAxe infection, but we need to double verify this.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Welcome to Daniweb :) Hmm ya, ya definitely have some remnants of spyware that Adaware didnt clean.

Let's begin by uninstalling the following via the Add/Remove Programs:

New.net

After doing this, download LSP-Fix, and run a scan with it, fixing everything.

Next, continue by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Ok, first thing, I want to double check that last file is deleted. I had a typo in the last post:mad:

For the very last file I mentioned, this should be the correct filename:
C:\WINDOWS\sypjp.exe
(in other words, its the same, without the '[ b] and such. Ya might need to refollow the last process I mentioned, and be sure to delete that folder.

Ok, good.

Now, uninstall the following programs via Add/Remove Programs:

WinAmp
SaferScan

After this, open HJT and fix the following:

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SaferScan] C:\Program Files\SaferScan\saferscan.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx

Now, restart the computer, and follow up by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update …

Haha happy to hear it worked.

Last thing, could ya mark this thread as solved?

Thanks again :)

Welcome to Daniweb :) First, let's begin by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

After doing this, open HJT and fix the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) …

Welcome to Daniweb :). Yes, in fact, ya got several fair sized infections.
We'll fix the SpyAxe infection first, and then follow up with New.Net

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download the trial version of Ewido.

• Install Ewido.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The program will prompt you to update. Click the Ok button.
• The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this linkto manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
…

Heh, alrite, you're infected with a SpyAxe variant.

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download the trial version of Ewido.

• Install Ewido.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The program will prompt you to update. Click the Ok button.
• The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this linkto manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display …

Welcome to Daniweb :). Heh, sure are infected, I'll say that.

Okie, this post might be a bit lengthy...

First, uninstall the following programs via Add/Remove Programs:

WeatherBug
Viewpoint Media Player
PartyPoker

Now, let's continue by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download the trial version of Ewido.

• Install Ewido.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The program will prompt you to update. Click the Ok button.
• The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this linkto manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
…

Last thing, could ya mark the thread as solved?

Thanks again :)

Welcome to Daniweb :) I'm seeing several things, but all appear to be fixable, so thats good.

Begin by downloading Ewido Security Suite.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"

  Now, close the program without running it.

  
  After doing this, continue by downloading CCleaner, and specifically choosing the most recent version.

  Then, follow these steps:

  1. Close all programs so that you are at your desktop.
  2. Double-click on the "My Computer" icon.
  3. Select the "Tools" menu and click "Folder Options".
  4. After the new window appears select the "View" tab.
  5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
  6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders". …

Hmm ok, let's try doin this first:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, …

First, fix the following:

R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

After doing this, restart the computer, and post a fresh log.

Now, what exactly is the problem you're having?

Thanks.

Hmm good, log's clean.

About the MusicMatch. What I would first try is reinstaling the software for it, because this is often a common issue.

Lastly, are ya having any other problems beside this one?

Thanks.

Hmm, well the log's clean.

Let's do 2 things.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, …

Wow, good find comatose. :)

Haha thanks again :)