Posts by 'Stein

Hmm, clean log.

2 things

1) Can ya tell me again which folder it keeps getting caught at?

and 2) we're gonna run a complete startup list.

SO, here's the directions for it:

Open HJT, and go to 'Config' > 'Misc Tools'

Now, check the box for "List also minor sections"

Now, click 'Generate StartupList log'

Post that back here.

Thanks.

Heh no, I'm happy you're checkin.

YES, do teh same for LocalService and NetworkService.

Thanks.

Hmm, let's do a CCleaner run. (I THINK ya have this program up already. If so, just run 2 scans in each tab, "Clean' and 'Issues'. If not, follow the directions below.)

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user …

Not bad. The HJT log's clean.

Do this:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, are ya still having any problems?

Thanks.

Heh, whoops, me bad ;)

Alrite, let's begin by uninstalling AIM

Now, reboot into safe mode.

First, fix the following via HJT:

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

Now, delete the following folder:

C:\Program Files\AIM

Now reboot into normal mode and post back here with a new HJT scan.

Thanks.

Hmm, if ya could rerun HJT in normal mode and post back here, it'd be great.

Thanks.

Welcome to Daniweb :)

Well, ya got several infections. Begin by fixing the following with HJT:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [defender] C:\windows\defender1.exe
O4 - HKLM\..\Run: [newname] c:\\newname18.exe
O4 - HKLM\..\Run: [{9C-C6-65-50-ZN}] c:\windows\system32\ppdsregq.exe CORN004
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinqqaf.exe CORN004
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinqqaf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\dp16gt.dLL (file missing)
O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe

After this, use KIllbox:

Copy this advise to a Notepad file. Save it to your desktop. We will use it later.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

EDIT: Fix this line before running the fix below:

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

Let's run Ewido/CCleaner. (I think ya kno the drill), but here's the instructions anyways:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents …

HJT log....heh, post when ya get the chance :)

Thanks.

Hmm, well that's a clean log.

Are ya still having speed problems?

Thanks.

Cool, that right there is a clean log :)

Heh ya, don't worry about the killbox anymore...the entry's no longer in HJT.

Lastly, are ya having any more problems?

Thanks.

Alrite, fix another entry:

O4 - HKCU\..\Run: [Natfupov] C:\WINDOWS\system32\?dobe\?hkdsk.exe

Now, open killbox, check "delete on reboot, and kill the following file:

C:\WINDOWS\system32\Adobe\Chkdsk.exe

Now, let the computer restart, and post back here with a new log.

Thanks.

Awsome, the log's completely clean :)

O, and be sure to rehide system files if ya havn't done so already:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

___________

what should I do to insure that this doesn't happen again?

Haha glad ya asked.

Here's what I'd do.

1) Keep Symantec AntiVirus. Run it say, once a week.

2) Keep Ewido. After 14 days the 'Background Guard' and the 'Automatic Updates will expire, but all this basically means is that you'll have to click the 'update' button before ya run a scan. Run a scan about once a week.

3) Keep CCleaner. Run this about once a week.

4) Keep Microsoft Defender. Although this doesn't have a good scan system, it provides excellent 'realtime' service. A scan here wouldn't be that necessary.

Hmm, and that seems about it.

Any questions?

Thanks.

Good good, the log's alot cleaner. Also, Ewido removed a fair amout of junk.

However, couple more things to fix. Fix the following with HJT:

O2 - BHO: (no name) - {62E2E094-F989-48C6-B947-6E79DA2294F9} - (no file)

Also, these 2 below depend on whether your father uses MusicMatch. If he DOES use it, leave them alone. If he doesn't use the program, be sure to check these also:

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

If that O2 entry above is still present in the new log (the one you're gonna send back), we're gonna have to kill it with CWShredder.

Awsome, after fixing these, are ya having any more problems?

Post back with a new HJT log.

Thanks.

Edited for grammar.

Awsome, all clean except for 1 entry.

Check off this one with HJT:

O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)

And other then that, it all looks good.

Any more problems?

Last thing, post a new HJT log just to make sure that entry disappears.

Thanks.

Awsome, good to hear.

Last thing, could ya mark the thread as solved?

Thanks again :)

Yep, roger that, you're infected.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your …

Awsome, the log's clean.

O ya, be sure to do this:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, what problems (if any) are ya still having?

Awsome, I only see 1 piece of spyware now. Fix the following:

O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)

Now, restart the computer and post a new log back here.

Lastly, are ya still having problems?

Thanks.

Um...ya. Again, you're infected with the AntiSpyLab Virus.

SO, post a log back here so we can tell exactly how to fix this.

I can tell ya ahead of the time, we're gonna need to fix some more entries with HJT, and clean up with CCleaner and Ewido.

Thanks.

Tijay-read what I said in the earlier post

Heh and to think some of us are still underclassmen in High School and can't drive yet :mrgreen:

But ya, I'm ready whenever ya got the logs lol.

Alrite, I see several things. BUT, we're gonna get all the small stuff first.

So, we're gonna pull an Ewido/CCleaner uppercut.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

Heh, definitely sounds like spyware. HOWEVER, let's diagnose it.

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Haha welcome (you and your father) to Daniweb :)

First, lemme clear up some of the confusion

...it seems a person needs to run CCleaner, then Ewido...

Well, that's generally my advice for several reasons. Oftentimes, many minor trojans, tracking cookies, cookies in general, viruses etc, live in *.tmp folders. CCleaner (full name CrapCleaner) does more or less just this. It empties, (if directions are followed correctly) the majority of the places where minor viruses reside. Also, it cleans up many of the junk stored in a computer after time.

Ewido is a well-known anti-malware software used to predominantly clean out small infections not seen by HijackThis.

For these reasons, I personally assign this fix (first Ewido/CCleaner, then new log) most often. However, based on what I see in the HJT log, my next plan of action is different.

_____________

run HJT again and clear the checkboxes on programs that are unfamiliar or undefined?

Well, this one is alittle harder to explain, sorta because it goes into how HijackThis works and such. But, here's the short and easy version :)

The first thing to look at is the prefix (O2, O3, etc). This prefix shows what type of list it is. CastleCops is a good site for help with learning them.

However, it's sorta more difficult then how CC explains it.

The other thing to remember is that, often it says "File Missing". The majority of the time, the …

Hahah awsome, thats good to hear :)

Couple things. One, ya need to rehide Hidden folders:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Now, when ya post for the other computer, be sure to start a new thread.

Lastly, could ya mark this thread as solved?

Thanks again :)

Awsome, that's a clean log.

Are ya still having problems?

Thanks.

Hmm, well the log looks clean to me.

One more thing, could ya post the contents of the following file:

C:\rapport.txt

It's the scan log of SmitFraudFix.

After looking at that, we'll verify youre clean.

Thanks again.

Heh alrite good. Let's begin by uninstalling AdwareAlert via the Add/Remove Programs list. It was formerally on the Rogue List, and I don't trust any software that has ever been on that list.

Next, followup by placing checks next to the following in HJT:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

After placing checks, close all windows (including this one) and hit 'Fix Checked'.

Now, restart the computer and continue by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and …

Awsome. Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

• C:\HijackThis\
• C:\Programs\hijackthis\
• C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Thanks.

Awsome, let's begin by fixing the following using HJT:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)

After this, restart the computer and post back here. I see a possibliity of a SpyAxe infection, but I only see 1 component for it. We'll fix that only if ya still are having problems.

That leads me to my last question.

Are ya still having problems?

Thanks.

Hmm, well a couple things.

First, ya need to run HJT from a permenant folder.

To do this, go to Program Files and create a new folder there, and name it 'HJT'. Then, move the HJT icon into this folder and run a new scan.

And lastly, before we fix anything else, let's let Ewido/CCleaner take out all the small infections.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If …

Hmm, well I don't see anything too significant in the log.

Have ya tried Ewido/CCleaner?

If not...

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After …

1 last thing.

Could ya mark the thread as solved?

Thanks again :)

Awsome, a clean log.

Do ya have any more problems?

If yes, post back with those and we'll work on them.
If no, please mark the thread as solved.

Thanks again :)

Awsome, log's clean.

Are ya still having problems?

Arg, that's annoying.

Try running it again in safe mode, and if that doesn't work, we'll do it all manually.

Thanks.

Ok, we now know that you're infected with the Troj/Podrop-C trojan, which has a possiblity for rootkits.

Due to this, we're gonna try killing it with Adaware, seeing that Ewido hasnt already take it out:

Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

• Download Ad-Aware SE Personal 1.06:
  • Download Ad-Aware SE Personal.
  • Save aawsepersonal.exe to a convenient location (eg. the Desktop).
• Install Ad-Aware SE Personal
  • Double-click on aawsepersonal.exe to install the program.
  • Follow the default settings for installation.
  • After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
• Update Ad-Aware SE Personal
  • Double-click the Ad-Aware SE Personal icon on your Desktop.
  • Click "Check for updates now" then click "Connect".
  • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
• Configure Ad-Aware SE Personal
  • Click on the Gear button at the top of the window.
  • Click "General" on the left hand side to display the General Settings box.
    • Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
      • "Automatically save logfile"
      • "Automatically quarantine objects prior to removal"
      • "Safe Mode (always request confirmation)"
      • "Prompt to update outdated definitions" - change to 7 days from the default 14.
  • Click …

Yep, nearly clean--just 1 more entry.

Open HJT, and fix the following:

O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

After this, We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

After doing both of these, post back here with 1 more log.

Thanks.

Arg. Well, looking at the log, that entry's gone, regardless.

So, I'm gonna ignore it for now, and bring it up if we need to.

Fix 1 more entry with HJT:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080.

After this, ya appear clean.

Are ya still having problems?

Awsome, glad we could help :)

Last thing, could ya mark the thread as solved?

Thanks again.

Haha glad we could help.

Last thing tho, post back a new HJT log to make sure the infection's completely gone.

Thanks.

Awsome, while I don't see evidence in the log that ya have SpyFalcon, I can judge by your symptoms that ya have it.

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Next, download the trial version of Ewido.

• Install Ewido.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The program will prompt you to update. Click the Ok button.
• The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this linkto manually update Ewido. Make sure to close Ewido before installing the update.

Next, download CCleaner, specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window …

Yea, good idea, let's try that. However, it'll get caught up on some running processes that we need ended.

SO, let's open the process manager and disable any of the following first:

~e5d141.tmp

where ~ is a random letter or number.

After doing that, run CCleaner and Ewido.

Post back here, after that, with the Ewido log and a new HJT log.

Thanks.

Hmm. Lets try an LSPfix

Download LSP-Fix . Run it to the full extent, fixing everything it finds.

Post back here once ya've done that.

Thanks.

Hmm, I don't know about the Safe mode.

Do ya happen to be using a wireless mouse of the sort?

If so, try using a wired mouse.

I'll get back to ya after I look into this a bit.

Thanks.

Awsome, I see a clean log there.

Now, do this:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Lastly, are ya having any problems?

Thanks.

Hmm, alrite. FIRST, let's begin by uninstalling New.Net from the Add/Remove Programs list. (NOTE: This is important to do).

Followup by downloading LSP-Fix.

Run it, fixing everything it finds.

Next, open HJT and fix the following:

R3 - URLSearchHook: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
R3 - URLSearchHook: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O2 - BHO: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O2 - BHO: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 ,ClientStartup -s
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\PPPATC~1\dvdplay.exe" -vt ndrv
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123

Next, post back here with a new HJT log.

Thanks.

Awsome, that infection's gone.

Now, uninstall the following programs via the Add/Remove Programs:

Weatherbug
PartyPoker

After this, check the following in HJT:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 120.3.20.2:16644
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

After fixing these, reboot into safe mode and delete the following folders:

C:\Program Files\PartyPoker
C:\Program Files\AWS

Lastly, reboot into normal mode again, and rehide system files:

We need to re hide system files. To do so, please follow the steps below:

1. Double-click My Computer.
2. Click the Tools menu, and then click Folder Options.
3. Click the View tab.
4. Put a check by "Hide file extensions for known file types."
5. Under the "Hidden files" folder, select "Show hidden files and folders."
6. Check "Hide protected operating system files."
7. Click Apply, and then click OK.

Finally, are ya having any more problems?

Thanks.

Hmmm....the Ewido log doesnt show much either--mostly neglectable stuff...

Have the symptoms shanged any? Like, say again what problems still remain.

Thanks.

Haha awsome, clean be ye.

If ya could mark the thread as solved, it'd be great.

Thanks again :)