Posts by kylethedarkn

Did you run Lspfix because i forgot the link. Here is the link I forgot.
I want you to run it and do the steps i posted above if you didn't already. Also right down all of the dlls that lspfix lists.

Also I recommend Downloading and using the Mozilla Firefox Browser. It has better security and it has tabs so you can have more than one website open in the same window. You can download Firefox from here.

Not if you are only downloading Ewido while you firewall and AV programs are down. In other words dont go to any other sites besides this one and the ewido sites while your firewall and AV program are disabled. As soon as Ewido is finished downloading turn them back on and you should be fine.

By all other applications it means any open windows and any firewalls you have running. Just re-enable the firewalls after the ewido installation is complete.

Yes I use Ewido Myself and it is a great Spyware scanning program. It finds alot more than other scanners.

As for the compatability that is for other Anti-Virus programs and Firewalls. Since Ewido is not an AV program but a Malware Scanner and has no firewall it should be safe to run with your other AV programs. You can always Uninstall it after we fix the problems with your computer

Feel free to post those logs anytime.

Run HJT and check the following.
F1 - win.ini: load=REGRUNCHK.EXE
F1 - win.ini: run=REGRUNCHK.EXE
O4 - HKLM\..\Run: [Windows Recycler] OBYPHB.EXE
O4 - HKLM\..\RunServices: [RegRunChk] C:\WINDOWS\SYSTEM\REGRUNCHK.EXE
O4 - HKLM\..\RunServices: [System32] System32.exe
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKLM\..\RunServices: [Windows Recycler] OBYPHB.EXE
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.117:8094/Java/cs4ms090.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/au/games4.cab
Close all other windows and click fix checked.

Plz download LSPFix from here. Put it in its own folder and run it. check the box that says "i know what i am doing" and put any of the following dlls to the remove section webhdll.dll, wbhshare.dll, whiehlpr.dll, whieshm.dll, whAgent.exe. Then click finish.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I …

This log looks a little lacking. Did you do it in safe mode?
First move HJT to a permanent folder such as C:\HJT or something similar. Run HJT and check the following.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} -
C:\WINDOWS\System32\msdhmd.dll
Close all other windows and click fix checked.

Do you know what this is.
Internet Assigned Numbers Authority

Do you live in California?

Now go to Jotti's and upload and scan the following file.
C:\WINDOWS\system32\sd.exe
Post the results in you next log.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select …

Run HJT and check the following.
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download...nagerv1001.cab
O18 - Filter: text/html - (no CLSID) - (no file)
Close all other windows and click fix checked.

Now Reboot to safe mode by tapping F8 during start up and delete the following folder.
C:\Program Files\winupdates\

Reboot back to normal and post a new HJT log.
Still having problems?

First move HJT to a permanent folder such as C:\HJT or something similar. Now run HJT and check the following.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.1.87.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\q4nu0e59eh.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmVv\command.exe (file missing)
Close all other windows and click fix checked.

Go to Start>>Run and type services.msc in the box and hit enter. Now look through the service for a service named Command Service. Right click it and go to properties. Where it says start up type change it to disable.
Now run HJT again and click on config and then misc tools>>Delete an NT service. Type Command Service in and hit enter. If that doesn't work type cmdsercice into the box and hit enter.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until …

Not much wrong with your log, but lets fix what is wrong.
Move HJT to a folder on your desktop not actually on your desktop.
So not this C:\Documents and Settings\Owner.TheVatsals\Desktop\HijackThis.exe
This C:\Documents and Settings\Owner.TheVatsals\Desktop\HJT\HijackThis.exe
Run HJT and check the following.
O4 - Startup: PowerReg Scheduler.exe
Close all other windows and click fix checked.

I see you are running ewido but im not sure if it is up to date so im going to give you the new ewido download and instructions.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help …

If you Open up the CPU there should be 2 wires that look exactly the same one should be plugged into your current hard drive. Take the other one and hook it up to your old hard drive. It should work as a slave drive once you turn your computer back on.

Yes by checking the following i meant to tick the box thats right behind them.

You don't have to fix the 016 line but its been known to cause some trouble but im not going to force you to do anything so its up to you.

For the ones that started with R0 I wasn't sure if when you were copying and pasting the log if you removed any websites that were there for privacy.

Ok and as for the 017 i was just making sure you knew the server you were using.

Make sure to do the Ewido scan and post the log here along with a new HJT log.

Let me know if your still having problems after you complete the Ewido scan.

BTW-It's no problem answering your questions.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, …

Run HJT and Check the following.
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.globalhauri.com/Eng/...p/vrupdate.cab
If you removed the sites in front of the following items on purpose dont check them.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
The following is a resource hog and is optional to check, it is unneeded.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Close all other windows and click fix checked.

Do you know what the following is?
qld.bigpond.net.au
Be sure to tell me if you know what is in your next post.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading …

Norton is usally the cause of this and is not recommended.(It Sucks)
Macafee is a better program or even AVG.(There are links in the sticky)
But lets try one more thing.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
…

You didn't follow the ewido steps make sure you complete all the steps and be sure to click apply all actions at the end.

yeah norton is known to cause problems with the internet. personally i prefer macafee. you can mark this thread as solved(there is a link at the top of the page)

Can you get screen shot plz.

All It Tells us is what Processes are running on your computer(Some might be malicious)

What you IE settings Are(to see if you have homepage hijacker)

What your browser helper objects are(could be malware)

What toolbars you have(some are not good)

What processes run at startup(helpful so when we delete malware it wont say being used by another process)

What you see when you right click in IE(Shows us if your infected)

What extra buttons you have in your toolbar(could be malicious)

What your trusted zones in IE are(so we can make sure malware didn't add any sites that could harm your computer)

What dowloaded programs are actively running on you computer(most victims have malcious downloaded programs)

Lets us know what dlls that will be loaded when user32.dll is loaded(used often by malware to start up early)

What your running services are(shows us if you have malicious services such as NewDotNet)

The system files it shows us is information that we already know and that most people have running on their computer. By system files I beleive your refering to files such as svchost.exe, lsass.exe, snmp.exe, winlogon.exe, spoolsv.exe, smss.exe, and many others. I assure you that by posting your HJT log here you are no way putting yourself in any danger.

Yoy can mark this thread as solved then.(There should be a link at the top of the page that says "mark as solved")

Ignore it.

There just backups of all the files you've deleted you can delete those if you want. They are not dangerous to your computer.

I dont see anything but try the following.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted software all boxes …

Ok First run HJT and check the following.
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\WINNT\system\svchost.exe
O4 - HKLM\..\Run: [SNP Generic Host Process] C:\WINDOWS\system\svchost.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm411YYDE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
Close all other windows and click fix checked.

Now go to Add/Remove Programs in Control Panel and remove the following.
MyWay, My Websearch, or anything similar.

Now Reboot to safe mode and delete the following files and folders if they exist.
C:\WINNT\system\svchost.exe
C:\Program Files\MyWebSearch

Reboot back to normal and run HJT again. Pos the new HJT log here and tell me if your still having problems.

Norton has an email scanner. And if you want an email service that has a good spam blocker I recommend gmail.

Download HiJackThis from here.

Make a new folder called HJT in the C: directory(C:\HJT) Extract the zip contents to that folder. Run HJT and select the scan option. After it finishes scanning there should be a save log button. Once clicked it should open up a notepad file with the log. Copy and Paste the contents of the note pad file in your next reply.

Run HJT and check the following.
O2 - BHO: (no name) - {970AFABC-A8C9-94D0-8D5F-66EF852F2B74} - (no file)
O2 - BHO: (no name) - {B34A3D57-22E8-9B1C-F14D-54AE4F9B30C5} - (no file)
O2 - BHO: (no name) - {542B81FF-1330-FBFA-2F41-FB39CBD7B103} - (no file)
O2 - BHO: (no name) - {464A85DC-DE9C-3A3A-DFB1-1C7D5F2206F3} - (no file)
O2 - BHO: (no name) - {BF364FA3-3377-DBDC-66BF-B40D8A65C712} - (no file)
O2 - BHO: (no name) - {C0F801E8-B022-67A7-68DD-CBEC09276656} - (no file)
O2 - BHO: (no name) - {E0021B01-FF54-F0F2-3749-85057B36F6CC} - (no file)
O3 - Toolbar: (no name) - {BA200138-FEC7-4CF0-B09B-46230A8528A0} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b3.../java/RntX.cab
The following is a resource hog and is not needed at startup.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Close all other windows and click fix checked.

Go to control panel>>add/remove programs and remove the following.
Viewpoint Manager(might be different but similar)

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you …

Ok well run HJT and check the following.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab
Close all other windows and click fix checked.

Reboot to safe mode and delete the following folders.
%windir%\Network Diagnostic\xpnetdiag.exe
(%windir% is C:\windows most likely)

Reboot back to normal and run HJT again. Post the new log here and tell me if you are expiriencing problems still.

It is normal to see programs in the prefetch folder because it is a temp folder you can go ahead and delete everything in that folder if you want.
I found some malware on you computer though so first run HJT and check the following.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 67.183.232.181 l2testauthd.lineage2.com
O1 - Hosts: 67.183.232.181 l2authd.lineage2.com
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [Kbldipd] C:\WINDOWS\system32\w?nspool.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.1.87.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
The following is optional it is a valid process but is a resource hog and is not needed on startup.
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
Also i dont know what you F:\ drive is but if you not completely sure that F:\Install.exe is a process by aol put on by you then check the following.
O4 - Global Startup: AOL DSL Setup.lnk = F:\INSTALL.EXE
Close all other windows and click fix checked.

Go to Jotti's Online file scanner and upload and scan the following files.
C:\Program Files\Cjma\Mhbbpq.exe
C:\Program Files\uhlt\abno.exe
F:\INSTALL.EXE
Remember the results from the scans you'll need it later.

Also download purityscan uninstaller from here and run it.

Please download and install ewido anti-spyware tool

• Close all other …

Then you can mark this thread as solved.(there should be a link at the top of the page that says mark as solved.)

Yup everythings clean. And you aren't having any problems right?

Hmm nothing wrong there.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

could you post the link that says for backgrounds because i cant read that

Open Task Manager then click on the processes tab there will be a list of all your running processes. Take a screen shot by pressing crtl+Prt Scrn and then open paint by typing mspaint.exe into the run box. When you have paint open hit Ctrl+v and it will paste the screen shot. Now save the picture and upload it using an image uploader like this one. Then click on the picture button in you next reply(the little mountain one) and paste the link the image uploader gives you.

PS: you might not be able to see all the running processes when you open up task manager so make the window bigger by dragging the sides out or maximize the task manager window before you take the screen shot.

That log is clean. Can u still not see the taskbar? If you cant then take screen shots of your running processes. Paint---mspaint.exe

Its a HOSTS file and you could leave it one your computer so just run ewido and post the log.

Yup and also do the following.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted software all boxes should be …

Disable norton before updating.

no just rename it not re-download it.

Ok rename HiJackThis.exe to something different like scanner.exe then try again. Also post a new log from after you change the name.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted software all boxes should be selected
• On right side under Reports: click …

Run HJT and Check the following.
O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
The 017 lines belong to

RIPE Network Coordination Centre

If you dont know what that is or dont live in europe
check the following.

O17 - HKLM\System\CCS\Services\Tcpip\..\{45BC1876-5493-48A9-8C51-9EF298459BF0}: NameServer = 85.255.116.37,85.255.112.85

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BA3220C-A403-4870-9929-EFE1BECFBD51}: NameServer = 85.255.116.37,85.255.112.85

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
Close all other windows and click fix checked.

Now go to Jotti's and upload and scan the following files.
C:\WINDOWS\System32\camg.dll
C:\Program.exe

Now Reboot to safe mode by tapping F8 during start up and delete the following files.
C:\WINDOWS\vsnpmi03.exe
Also Delete the files that you scanned with Jotti's if they are bad.

Reboot normally and run HJT again and post a new log and tell me if you are still having problems.

Well do the HJT steps and tell me if there is any improvment.

Try just typing explorer.exe in the box w\o the system thing.

Run HJT go the the config button then backups and restore the backups and then post the log here and we will start fresh.

ok in task manager go to File>New Task and type in %System%\explorer.exe(Dont forget the \)
After you do that your desktop and start menu might reappear.

If that doesn't work Open IE(iexplorer.exe) and type C:\ in the address bar. That should take you to Windows Explorer and from there Click the up one folder button(folder w\ a green arrow) and see if there is a control panel shortcut if not go to Tools>Folder Options and go to the view tab then check the box that says show Contol Panel in My Computer.

Well first of all open control panel and go to add\remove programs and look for the following.
My Way, My Websearch Bar, or something similar. If you find it remove it.
Now run HJT and check the following if present.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zang...ridge-c356.cab
Close all other windows and click fix checked.

Now Reboot to safe mode and delete the following folder if present.
C:\Program Files\MyWaySA

Reboot to normal mode and and run HJT again and post the new log here. Also are you still expiriencing any problems?

Yes it is safe to delete. You dont have anything that worrys me in your log but do the following. Run HJT and check the following.
O1 - Hosts: localhost 127.0.0.1
Close all other windows and click fix checked.

Are you expiriencing any problems with your computer?

Well attach the old hard drive to the main cords and reboot in safe mode and it should work then copy the files you want onto CD's then turn off your computer put the new drive back in and then put the files on the new one.

Its up to you it will work either way.

Ok, There is an updated version of Ewido which you can download and install from here.

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted software all boxes should …

HJT is a tool used to scan your computer's current state. It tells us what programs your have running and helps us remove malicious items.

Download HiJackThis from here.

Make a new folder called HJT in the C: directory(C:\HJT) Extract the zip contents to that folder. Run HJT and select the scan option. After it finishes scanning there should be a save log button. Once clicked it should open up a notepad file with the log. Copy and Paste the contents of the note pad file in your next reply.