Posts by kylethedarkn

Well after looking at the site In different browsers I say scratch that idea and make a new one. Swap images could be used in the same way and with more compatability. Also I tried it in Safari, Firefox, and Internet Explorer and it only worked in IE and it didn't even work that well.

is

<table align="center">

Not standard anymore? Because thats always worked in both browsers for me. Assuming all the content is inside one main table.

I think the problem is that your antivirus programs are starting back up on the restart, so heres what to do. Go to Start>Run and type in "msconfig" without the quotes. Then go to the startup tab and uncheck all the boxes next to antivirus programs. Click ok and it should ask you to restart. unplug your internet and then hit restart. After it restarts run combofix again. It should work now.

Yes first delete and then redownload it. Then disconnect physically. And the easiest way to shut down your protect is to just exit them all from the taskbar by the clock. Usually if you right click them it will have a quit, exit, or disable option. Then run it again. Also could you get a screen shot with the exact error? In case you dont know the easiest way to take a screen shot is to hit the prt scrn button on the keyboard and then open MS paint and hit ctrl+v. Then just save it and attach it to your next post.

It seem you still had coolwebsearch on your computer. Are you sure you followed these directions.

Run HJT and checkmark the following.

O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)

Click "Fix Checked"

Now Download CWShredder (written by Merijn Bellekom) from
Save cwshredder.zip into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/program files/CWShredder

* Close all browsers
* Unzip into same directory
* Doubleclick cwshredder.exe
* Click <Check for updates> and let it install all updates
*Close CWShredder

Write down the following as you will have to boot into safemode to complete them. Reboot your computer and tap F8 during start up. Then select safe mode using the arrow keys and enter. Once in safemode run cwshredder again and do the following.

* Click <Fix>
If it asks you to delete a file, delete it
* Click <Next>
* Close CWShredder//

Now you can boot back to normal mode.

IF you didn't do those steps, then do them. If you did do those steps, then using my computer navigate to C:\Windows\System32\
and look for the following file.

D3**32.DLL (where each * could be any letter, number, or symbol)

If its there delete it. Also check if that file is in C:\Windows\ as well and still delete it if it is.

What do you mean about "I don't know if I did it right"?

What part is confusing you? HJT isn't going to find anything so I'd really like to get combofix working. Could you tell me specificly what you had trouble with. THanks.

Glad to hear it. If everythings back to normal then you can mark this thread as solved.(Theres a link under this post)

Yes physically disconnecting would be unplugging the ethernet cable from the modem.

Ok please do the following.

Delete this file.

C:\Config.Msi\14d1b09.rbf

Please download this file - combofix.exe by sUBs

* Save it to your Desktop
* Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
* Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

"%userprofile%\desktop\ComboFix.exe" /KillAll

* Click OK and this will start ComboFix.
* When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:

* ComboFix.txt
* Fresh HijackThis log run after all the other tools have performed their cleanup.

After you do that rename HiJackThis.exe to random.exe and run another scan. Post the log from that scan and from combofix in your next post.

Hmm I can tell your infected but since its hiding itself from the scanner I don't know what to delete. Try renaming HiJackThis.exe to random.exe. Run it again and post that log here. Also I would advise you to disable your internet connection while not using the computer.

Also follow these directions for combofix and see if it works.

Please download this file - combofix.exe by sUBs

* Save it to your Desktop
* Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
* Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

"%userprofile%\desktop\ComboFix.exe" /KillAll

* Click OK and this will start ComboFix.
* When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:

* ComboFix.txt
* Fresh HijackThis log run after all the other tools have performed their cleanup.

Please make sure you've done this and look again.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

If you've done that and they still aren't there then HJT deleted them. Also are you still getting pop-ups?

You have a few infection on your computer so lets get rid of em.

First of all open task manager(alt+ctrl+del), click the processes tab and end the following processes.

QdrModule9.exe
QdrPack9.exe
w?wexec.exe
tracert.exe

After you've done that run HiJackThis again and this time place a check mark in the boxes next to the following.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: (no name) - {948DA530-61AC-422C-D25F-31E676835F9B} - C:\WINDOWS\system32\npbjnrk.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Cpni] "C:\WINDOWS\system32\CROSOF~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe"
O4 - HKCU\..\Run: [Aggnesk] C:\WINDOWS\W?nSxS\w?wexec.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Santana\Application Data\WinTouch\WinTouch.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab

Now click "fix checked"

Now open control panel and then add/remove programs and remove the following.

WinTouch

Now use My Computer to delete the following files/folders.

C:\Program Files\QdrModule\
C:\Program Files\QdrPack\
C:\Documents and Settings\Santana\Application Data\WinTouch\
C:\WINDOWS\system32\CROSOF~1\
C:\WINDOWS\system32\npbjnrk.dll

Now run Hjt again and post a new log, so I can make sure all that worked.

Please look at the stickies and download the lastest version of HiJackThis and run a scan. Save the log and then copy and paste it here.

Your infected with Virtumondo. Please do the folloiwng.

Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

In that case after running smitfraudfix run a scan with avg and x-clean in safemode. Then run hjt again(not in safemode) and then post that new one and the logs from smitfraudfix and avg, and xclean if it makes logs.

Those dlls are Virtumondo again. Run Vundofix.exe again and it should find all of those and delete them. Then rename hijackthis.exe to random.exe and run it again. post the vundofix log and the new renamed hjt log in your next post.

Also sorry for the delay.

Ok since Vundofix didn't work lets do the following.

Run Hjt and place a check mark in the boxes next to the following.

O2 - BHO: (no name) - {4EF67EFD-F7F1-4EAC-8AAB-0A9B3F0B7558} - C:\WINNT\system32\qommn.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O20 - Winlogon Notify: fccyxwx - fccyxwx.dll (file missing)

Also do you know what either of these are. If not then place a checkmark next to them as well.

O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - file://\\noreastserver\VPHOME\CLT-INST\WEBINST\webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NoreastCap.local

Now click "fix checked"

Now using my computer, navigate to the following files and delete them.

C:\WINNT\system32\qommn.dll
C:\WINNT\system32\fccyxwx.dll(This may not be in system32, if it isn't do a search for it and then delete it)
C:\WINNT\web\related.htm

Sorry for the delay.

Woah sorry I was distracted by thanksgiving. There was some smitfraud that one of your scans found so I'd like you to run the removal tools. Heres the instructions.

Please download SmitfraudFix here:

Next, please reboot your computer in Safe Mode:

Restart your computer.
After hearing your computer beep once, but before the Windows icon appears, tap the F8 key constantly.
A menu with options will appear.
Choose to run Windows in Safe Mode, then press "Enter".
Choose your usual logon.

Once in Safe Mode, double-click on SmitfraudFix.exe.

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool may need to restart your computer to finish the cleaning process. If not, please restart as usual.
A text file will appear with results from the cleaning process; please copy/paste the content of that report into a follow-up to this answer.

Also the combofix log is still incomplete which means something is wrong. After running smitfraudfix try running combofix again.

Well unfortunetly I couldn't find anything malicious in the combofix log or the hjt log except for that one BHO which you can remove anytime.

This happened on my computer once or twice and this is what I found out.

Usually when this occurs wmiprvse.exe or something similar appeared in task manager. It is a valid process but it seems to cause that problem. So next time it starts happening check if wmiprvse.exe is running in the processes tab of task manager, and if it is end it. This solved my problem...I don't think it was malicious.

This is a classic case of a Virtumondo infection. Which is actually a pretty eas fix. So do the following.

Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Sorry bout that.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

Thats the malicious one, however still run the scan with combofix please. :)

Yes redownload it and when the box pops up choose save, and then save it to your desktop. If you don't it won't work correctly.

Still looks like an imcomplete log, but lets try this now instead.

Please download Combofix.exe from here to your desktop. Double click it to run and and when prompted type 1 and enter. Now DO NOT touch the mouse or keyboard until the scan is done completely. It should finish shortly after it restarts the computer. After its done it will open up notepad, copy and paste the contents here in your next post.

post the combofix log in your next post.

Yes rename HiJackThis.exe to something else that is random. It can be anything you want as long as you rename it. It should start up now so run it again and post that new log here in your next post.

Rename HijackThis to something else and run it again.

lol I said it first. :P Look at my last post.

Ok do this then. Change the name of HiJackThis.exe to something random. It can be anything you want, but just change it and run hjt again. After you run the scan with hjt with a changed name post it here.

Just double-checking. You did download it to your desktop right? Also do you alot of programs that run when you first turn on your computer.

If you do then go to start>run and type "msconfig" without the quotes. Then go to the startup tab and uncheck anything that isn't vital for startup.

After making sure your did both of these run combofix again and if it take more than say 20 mins creating the log...stop it and we'll go from there.

If everything is back to normal then you can mark this thread as solved.(there should be a link under this post) :)

In the earlier post I did say that the entries need investigating and proposed the method. Anyway you're welcome to go through the ComboFix stuff with Freefall123. Btw, I like ComboFix because it provides date and time for the various entries which helps to pinpoint dormant files with the same time signature. Not many peole use this approach - if they did, there'd be a lot less toing and froing of posted logs as people sort themselves out.

Yes its a very good program with dates it also has the nice added feature of running scripts to delete most files.

Get rid of Norton, it is by far the worst virus protection availible. Here is a link to a page with the removal tool.(Because you can't uninstall norton without it, weird huh?)

I recommend you get either Mcafee(Which costs some money, unless you have comcast) or AVG(Which has a free version that is just as good as the money version it just doesn't have some of the extra perks), though there are many other choices out there.

The wisest thing you can do, IMHO, is to look up whatever Crunchie does in the Virus forum and do the same yourself. That includes ComboFix and a number of other tools used in a structured way.

There is always my famous post of 3rd September (search under the mis-spelt name "Virtunonde") which provides a sound alternative method - which I personally feel is rather applicable to your case.

You've got to get rid NOW of the stuff I#ve pointed out to you.

Sorry to step in again, but don't get rid of those BHOs only one of them is actually malware, the others are legit.

This is the one that is malicious an we'll remove it later.

For now though please do the following.

Please download Combofix.exe from here to your desktop. Double click it to run and and when prompted type 1 and enter. Now DO NOT touch the mouse or keyboard until the scan is done completely. It should finish shortly after it restarts the computer. After its done it will open up notepad, copy and paste the contents here in your next post.

Post the combofix log and a new hjt log in your next post.

Anywho, all symptoms have magically disappeared, must of got em with something I did, so I'm just mark this thread as solved.

If you use my own method (posted 3-Sep-07) and reachable by searching on the mis-spelt term "Virtunonde", it's all detailed step by step.

The other method, the one used by Crunchie in this forum, is well documented if you just follow one of the threads. I'd much rather you did the work; your HJT files are abnormally long and unless there's anothe knight on the forum prepared to give the time, you should do this yourself - coming back to us where you might have a point of clarification, of course.

I'll take a crack at it if you don't mind.

Ok heres the process of getting rid of virtumondo via vundofix.

Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt.

Also after running …

.... and don't forget the running processes at the topof the CPU usage list.

Yeah and that too. :)

Also that dll doesn't appear to be a legit windows dll or any other legit source. So I would recommend doing this.

Run HiJackThis and place a checkmark in the box next to the following.

O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\mknmhunf.dll",b

Now click "fix checked"

Now using my computer delete the following file.

C:\WINDOWS\system32\mknmhunf.dll

That should fix everything up. :)

Also, your HiJackThis log appears to be missing some entries, such as the Ro, R1, R2.. and several others. What I want to know is did you remove these yourself because of privacy issues(and if so please give the full log, you can cesor what you want private but dont remove the whole thing) or did those entries never show up in the first place?

Sorry, but I have to step in here. This is not a complete HJT log. Please redownload HJT from here and run it again. The hjt log should include the running processes(which you had) and then a fairly long list starting with R0/R1 and then going thru 02 03 04 09 .... and finally 23. All you have is the 23 part which doesn't help all that much. Make sure you copy and paste the whole things. :)

Sorry for the delay, but good news Combofix is working again so lets get started.

Please download Combofix.exe from here to your desktop. Double click it to run and and when prompted type 1 and enter. Now DO NOT touch the mouse or keyboard until the scan is done completely. It should finish shortly after it restarts the computer. After its done it will open up notepad, copy and paste the contents here in your next post.

Is your computer still freezing as frequently or only when try to burn a CD?

Nice Find! Now Combofix is working again so I'd like you to run it just to make sure everything is gone. Just to let you know it restarts your computer so don't freak out.

Please download Combofix.exe from here to your desktop. Double click it to run and and when prompted type 1 and enter. Now DO NOT touch the mouse or keyboard until the scan is done completely. It should finish shortly after it restarts the computer. After its done it will open up notepad, copy and paste the contents here in your next post.

Combofix and Deckards system scanner are similar, but combofix deletes problem files automatically and dss does not. It also has the abitlity to delete files.

Also you have entries in your hosts file that were created by this trojan, so you should use hjt this to fix that. To do this run hjt and select "open misc tools section" and then click on "Open hosts file manager"
Now select the bogus entries by click on them and then click delete line. (The ones you should delete will be pretty obvious...if youve never seen the site thats listed delete the line)

:).. if you open Applications tab in CCleaner, you will see a Mozilla/FF section for cleaning files there...

Yes but that isn't the cause of the crash as I have using Ccleaner for a while now. Also check your Pm's please because I sent you and crunchie a post containing my symptoms as well as many others including my friends and family. It seems to be a new type of malware or an old one that has resurfaced, but I don't know how you would get rid of it now that combofix isn't working.

As it appears Zandiago is busy with something else at the moment I will take over for him. I seems you are infected with Zango, Mywebsearch, Troj/Zlob-J, seekmo, protection bar, ask bar, smitfraud, and New.net.

Ok lets get started then.

Please download SmitfraudFix to your desktop from here:

Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user which you had done the previous steps.

When your computer has started in safe mode and you see the desktop, close all open Windows, double-click on the SmitFraudfix icon. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended). This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically.
When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you …

It seems to be a rather harmless bit of spyware because when I visit those two site and click the links you are talking about no pop-under window comes up. Just to be safe could you run HiJackThis and post the log here. Thank you. :)

That helps significantly. You are infected with Zango, Viewpoint, VirtuMondo, CoolWebSearch, and the Trojan Torj/Zlobns-J. Seems you didn't really get rid of what you had.

Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Now Download CWShredder (written by Merijn Bellekom) from
Save cwshredder.zip into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/program files/CWShredder

* Close all browsers
* Unzip into same directory
* Doubleclick cwshredder.exe
* Click <Check for updates> and let it install all updates
*Close CWShredder

Write down the following as you will have to boot into safemode to complete them. Reboot your computer and tap F8 during start up. …

Ok seems you have an infection.

Lets get started by opening control panel and then add/remove programs.
Remove the following programs if present.

Viewpoint
MyWaySA/MyWaySearchbar/Myway/MyWaySearchAssistant

Ok now run HJT and place a checkmark in the boxes next to the following.(Some of these may not be there)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...on/Coupons.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now close all internet browsers and click "fix checked".

Now I would like you to run an online scan here.

Click on Active scan and when prompted select My Computer to scan. When the scan is done save the log and copy and paste it into your next post.

After that scan with HJT again and save another log. Post the new HJT log along with the panda active scan log here in your next post.

That dll file doesn't seem to be a system file which means its probably just a left over from the infection you had...so yeah, please post a HJT log. :)

Not a good thing. Hmm, I really wish combofix was working...oh well. the only thing that the scan found before it was interrupted was what appears to be a crack.

If you didn't download this on purpose then delete it immediately.

Heres the file in question.

C:\Documents and Settings\dis0003\My Documents\WPA\aircrack-ng-0.6.2-win\bin\airodump-ng.exe

If you didn't put that there delete it.

Since Combofix is down lets try this.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in your next post
5. Please attach extra.txt to your next post do not copy and paste it.
*To attach click the icon above this text box that looks like a paperclip. Then click browse and navigate to extra.txt and select it, then hit upload. You can then close the pop up window.

What DSS will do:

* create a new System Restore point in Windows XP and Vista.
* clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all …

Yeah I don't like the fact AVG ignored it, so lets try this.

First try using My Computer to delete SmartDownload.exe. It should be in My Documents. If you can't see it then, at the top of the window go to tools>Folder Options. Then go to the view tab and check the box that says "show hidden files and folders" and uncheck the box that says "Hide protected operating system files and folders". Now check if its there again and delete it. It probably won't let you delete it, thats ok.

Now do this. You might want to print out the following as you will have to go into safe mode, and in safe mode you can't access the internet.

Ok boot into safe mode by restarting your computer and taping F8. A menu should come up and select "safe mode" using the arrow keys and enter.

Once in safe mode try deleting the file again. And after that regardless of what happens run AVG again in safe mode, and save the log again.

Also Include a new HJT log with the AVG log. Thanks for your patience.

Ah, now I see what that was. You need to restart your computer for SpywareBot to be removed completely so do that now.

When your done with that I would like you to run a scan with PandaActiveScan.

After its done scanning, which may take awhile, save the log and post it here.

Ok so somehow since your last log you've goten infected with Adware.Win32.SpywareBot.

So heres what I'm gonna have you do. You might want to write down the following directions as the internet will be unavailible during safe mode.

Boot into safe by restarting your computer and tapping F8. Then use the arrow keys to select safe mode and hit enter.

Now once in safe mode delete the following folder.

C:\Program Files\SpywareBot

Reboot back to normal mode and run HJT again. Post the new log here. Also is explorer.exe still messed up after doing this?

Those poker programs just always seem to be troublesome, thats all. You don't have to remove them, but still remove viewpoint(an annoying program that downloads itself to your computer) and remove limewire from the start up.

Ok now I want you to run a scan with AVG Anti-Spyware NOT AVG Anti-Virus

You can download it here. After you finish downloading and installing it, update it and then go to scan>complete system scan. When that is done set it to quarintine everything and hit apply all actions. Now save the log.(There should be a button next to the apply all actions button) After you click that one click save as and save the txt document to my documents. Copy and paste the contents of that text file here in your next post.