Hi digimime
Please read through the instructions before you start (you may want to print this out).Ewido Trojan’s and malware remover
http://www.ewido.net/en/download/This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet
Download
Pocket Killbox and unzip it; save it to your Desktop.
Reboot into Safe Mode: Click here if you don't know how to do this.Clear out the files in the Prefetch folder. Go to start> run> type into the box
Prefetch and delete all the files in that folder.
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:
Run ewido fullscan save the log psot the log with the other items
Run killbox and click the radio button that says
Delete a file on reboot.
Copy and Paste them one at a time into the
full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.Let the system reboot.
C:\WINDOWS\INF\btgrab.inf
C:\WINDOWS\INF\polall1r.inf
C:\WINDOWS\INF\farmmext.inf
C:\WINDOWS\SYSTEM32\SWLAD1.dll
C:\WINDOWS\SYSTEM32\setup_incred_1.exe
C:\WINDOWS\SYSTEM32\ss_msi1_setup.exe
C:\WINDOWS\SYSTEM32\PopOops2.dll
C:\WINDOWS\SYSTEM32\xmlparse.dll
C:\WINDOWS\SYSTEM32\msbb321.dll
C:\WINDOWS\SYSTEM32\PopOops.dll
C:\WINDOWS\SYSTEM32\SWRT01.dll
C:\WINDOWS\SYSTEM32\SWLAD2.dll
C:\WINDOWS\SYSTEM32\xmltok.dll
C:\WINDOWS\SYSTEM32\c58bKs.dll
C:\WINDOWS\SYSTEM32\Lycos.dll
C:\WINDOWS\SYSTEM32\biK.exe
C:\WINDOWS\SYSTEM32\lsp.dll
C:\WINDOWS\SYSTEM32\im64.dll
C:\WINDOWS\SYSTEM32\msbb.exe
C:\WINDOWS\SYSTEM32\msbbhook.dll
C:\WINDOWS\SYSTEM32\sahagent1019.exe
C:\WINDOWS\SYSTEM32\ezStub3.dll
C:\WINDOWS\SYSTEM32\stmtreco.exe
C:\WINDOWS\SYSTEM32\randreco.exe
C:\WINDOWS\SYSTEM32\lmlysfj.exe
C:\WINDOWS\SYSTEM32\DrPMon.dll
C:\WINDOWS\kxut.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\farmmext.exe
C:\WINDOWS\satmat.ini
C:\WINDOWS\TEMP\biK.inf
C:\WINDOWS\TEMP\bi.dll
C:\WINDOWS\TEMP\biprep.exe
C:\WINDOWS\TEMP\Belt.ini
C:\WINDOWS\TEMP\polmx2.inf
C:\WINDOWS\TEMP\polmx2.exe
C:\WINDOWS\TEMP\twc\installer\bin\AddFavorites.vbs
C:\WINDOWS\TEMP\bi.cab
C:\WINDOWS\TEMP\bi.cab[bi.inf]
C:\WINDOWS\TEMP\bi.cab[bi.dll]
C:\WINDOWS\TEMP\bi.inf
C:\WINDOWS\TEMP\randreco.exe
C:\WINDOWS\TEMP\THIE3F.TMP\polall1r.inf
C:\WINDOWS\TEMP\THIE3F.TMP\polall1r.exe
C:\WINDOWS\TEMP\THI675.TMP\polall1r.inf
C:\WINDOWS\TEMP\THI675.TMP\polall1r.exe
C:\WINDOWS\farmmext.ini
C:\WINDOWS\Downloaded Program Files\lsp_.dll
C:\WINDOWS\Downloaded Program Files\xmlparse_.dll
C:\WINDOWS\Downloaded Program Files\xmltok_.dll
C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe
C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\BI.DLL
C:\WINDOWS\svcproc.exe
C:\WINDOWS\fjooqt.exe
C:\WINDOWS\TSAd.dll
C:\WINDOWS\VcpDLL.dll
C:\WINDOWS\Nail.exe
C:\WINDOWS\BIPREP.EXE
C:\WINDOWS\SAHUninstall.exe
C:\WINDOWS\POLMX2.EXE
C:\Program Files\Common Files\updater\data1.dat
C:\Program Files\Common Files\updater\data2.dat
C:\Program Files\TimeSink\AdGateway\TSADBOT.EXE
C:\Program Files\Lycos\Sidesearch\offline.htm
C:\Program Files\VBouncer\VBouncerInner.EXE
C:\Program Files\AdDestroyer\AdDestroyer.exe
C:\Program Files\Support.com\backup\wm\wmplayer.exe\80384_58be8be6f_[wmplayer.exe]
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Web_Rebates\disp1150.exe
C:\Program Files\Web_Rebates\README.txt
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
C:\Program Files\Ebates_MoeMoneyMaker\disp350.exe
C:\SahAgent.log
C:\undo\backup.cab[BI.INF]
C:\undo\backup.cab[BIK.INF]
C:\undo\backup.cab[POLMX2.INF]
C:\undo\backup.cab[POLALL1R.INF]
C:\undo\backup.cab[Belt.ini] Reboot when prompted. as normal
Delete the following folders.
C:\Program Files\Common Files\
updater[b]<--Dele the whole folder
C:\Program Files\[b]TimeSink\AdGateway[b]<--Dele the whole folder
C:\Program Files\Lycos\[b]Sidesearch[b]<--Dele the whole folder
C:\Program Files\[b]VBouncer[b]<--Dele the whole folder
C:\Program Files\[b]AdDestroyer[b]<--Dele the whole folder
C:\Program Files\[b]Support.com\backup\wm\wmplayer.exe\80384_58be8be6f_[wmplayer.exe]
C:\Program Files\[b]Web_Rebates[b]<--Dele the whole folder
C:\Program Files\[b]Ebates_MoeMoneyMaker[b]<--Dele the whole folder
C:\[b]SahAgent.log[b]<--Dele the whole folder
C:\[b]undo[b]<--Dele the whole folder
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
[b]Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.
Kc