This post is based on your previous two posts, not your most recent post, execute the following instructions where they apply and to the best of your ability.
Dear reena, get your computer system out of "Selective Startup" and put it into "Normal Startup"!!!!!
Dear reena, don't add any new software to your computer system unless I explicity ask you to add stuff to your computer, "GET RID OF BITDEFENDER"!!!
Dear reena, I've put a tremendous amount of time in on your log, so let's try and get rid of these unneccessary programs from your computer system. No kidding, No fooling around!!!
***************************
(Note: Please read through these instructions a couple of times before executing the steps in this post.)
You may want to print out these instructions or save them as a text file with "Notepad" to your desktop.
******************************
I found the following Antivirus program "remnants" on your computer system: AVG, Avast, TrendMicro's PC-Cillin Anti-Virus software, Norton antivirus and ClamWin. I will have you fix the HijackThis lines and delete the associated files/folders on these items, until you decide what antivirus software you want to install on your computer system. Having mulitple antivirus programs on your computer system is overkill and they may interfere with each other. You only need one antivirus program to protect your computer system (i.e. I suggest installing AVGFREE antivirus software.)
********************************
I found the following Anti-spyware program "remnants" on your computer system: eacceleration Stop Sign, Windows Defender, Spyware Doctor, Spyware Nuker, STOPzilla, SpyHunter, Regrun, True Sword and SpyBlocs. I will have you fix the HijackThis lines and delete the associated files/folders on these items, I want you to uninstall all of the these programs except Spyware Doctor. Having mutiple anti-spyware programs on your computer system is overkill and they may interfere with each other. You only need one anti-spyware program to protect your computer system (i.e. I would like you to keep Spyware Doctor).
**************************
I found the following file sharing programs on your computer: Blubster, FileFreedom, Limewire, BitTorrent 4.2.0 and Shareaza v1.8. File-sharing programs serve as vehicles for downloading spyware on to your computer system. I had you keep Shareazea v1.8 and BitTorrent 4.2.0. I think BitTorrent is a questionable application, but I had your keep it because I found another application on your computer that relies on this application (i.e. if were me I would unistall the the BitTorrent 4.2.0 application). Shareazea v1.8 is a safe file-sharing application. For other safe file-sharing alternatives see the following link: http://www.spywarein...m/articles/p2p/
************************
Please run the following Symantec removal tools to get rid of some of the spyware on your computer.
1. http://securityrespo...ter.b.worm.html (W32.Blaster.B.Worm)
2. http://sarc.com/avce...e.ieplugin.html (Adware.IEPlugin)
3. http://www.symantec.....webhancer.html (Trackware.Webhancer)
4. http://sarc.com/avce...are.istbar.html (Adware.Istbar)
5. http://www.sarc.com/...re.keenval.html (Adware.Keenval)
6. http://sarc.com/avce...toptimizer.html (Adware.NetOptimizer)
7. http://www.symantec....rgainbuddy.html (Adware.BargainBuddy)
8. http://www.symantec....dware.gain.html (Adware.GAIN)
Miscellaneous removal instructions
9. http://www.pchell.co...ort/gator.shtml (Gator removal instructions.)
*****************************
Click Start then Control Panel then Add and Remove Programs. Look for the following installed program/programs and if they are listed click on each one and then click on the Remove or Change button and if asked select "Yes" or "Ok" to remove:
SaveNow and/or WhenUShop and/or SaveUninst.exe
WebRebates and/or Web CPR
Internet 404 and/or MSIETS and/or Tools for Internet Explorer
superbar
Marketscore and/or Netsetter
NavHelper
Ebates Moe Money Maker
Gator
Bullseye Network and/or Cashback and/or Navisearch
TopText and/or TopText ILookup and/or HotText and/or ContextPro
BonziBUDDY
Date Manager
PrecisionTime
Optional programs you can uninstall, through the Add/Remove program:
WildTangent is an online gaming package that is installed by a number of third party applications
and even OEMs, ISPs , AIM and P2P. It collects personal information from customers when they buy one of
their products (such as name, contact information and payment and billing information and system information)
and sends that info back to wildtangent. Most security experts regard this as spyware. If you installed
this and want to keep be aware of this. If you didn’t install this software remove it through add/remove programs.
Uninstall the following program/programs through Add/Remove programs (if they exist):
WildTangent
****************
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546. I suggest you remove the program now.
Uninstall the following program/programs through Add/Remove programs (if they exist):
Viewpoint or Viewpoint Manager or Viewpoint Media Player
Use the following link as a reference: http://ask-leo.com/viewmgrexe.html
****************************
P2P Networking - is a content-distribution system based on peer-to-peer principles that uses system resources and bandwidth for distribution. The content may be ads, commercials, or music, which are downloaded from the network for use by other programs. This content may contain spyware. P2P Networking has been reported to be responsible for serious system slowdowns. Here you can read more about P2P Networking.
Uninstall the following program/programs through Add/Remove programs (if they exist):
P2P Networking
***********************
NewDotNet is an ad supported software. The application is running silently in the background as a browser helper object (BHO). It pops up ad windows while you are surfing the web and periodically connects to the remote server to check for available updates.
new.net was originally designed to shorten web addresses. They created some new virtual top level domains like .mp3, .xxx, .travel which can only be visited on computers with the new.net addons installed.
The software is mostly bundled with other software products like file sharing tools or other ad supported freeware tools.
NewDotNet is a browser hijacker and can update itself without any input from you. Anything that modifies your windows HOSTS file is a hijacker and we don't want it! The "purpose" of this is to add support for additional domains like .AGENT .INC .LOVE .SHOP .SPORT. We suggest you remove this.
Here are instructions to remove NewDotNet: http://www.newdotnet.com/removal.html
Here are other links that provide removal instructions for NewDotNet:
http://www.antisourc...e.php/newdotnet
http://www.pchell.co...t/savenow.shtml
http://www.bleepingc...tNet-t3095.html
*********************
Internet Optimizer is advertised as software to improve internet connections, it hogs system resources and may hijack error pages.
Uninstall the following program/programs through Add/Remove programs (if they exist):
Internet Optimizer
************
WeatherCast is an application that displays real-time weather forecasts. WeatherCast may also display advertisements and download updates from its parent server.
See the following links:
http://www.spywarere...eatherCast.html
http://spweb.whenu.c...st_help.html#13
http://www.whenu.com...eathercast.html
Uninstall the following program/programs through Add/Remove programs (if they exist):
WeatherCast
*****************************
Weatherbug is considered adware, I recommend that you remove Weatherbug entirely. It is becoming
a nuisance and may install spyware/malware if you are not using the paid version.
WeatherPulse by Tropic Designs is, in my opinion, a better program and does not install any spyware/malware;
You can download it here (free): http://www.tropicdesigns.net. See the following link:
http://www.pchell.co...eatherbug.shtml.
Uninstall the following program/programs through Add/Remove programs (If they exist):
WeatherBug
****************
LimeWire is a Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malware". That is LimeWire is a program that can be used as a vehicle for downloading spyware on to your computer system.
Uninstall the following program through Add/Remove programs (if they exist):
LimeWire and/or LimeShop
See the following link: http://www.spywarein...m/articles/p2p/.
Restart your computer.
*************************
Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):
F3 - REG:win.ini: load=?????? ???????
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ZHRMWEO] C:\WINDOWS\ZHRMWEO.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\dsxddk.exe reg_run
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] "D:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [WhenUSearch] "D:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [VVSN] D:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [vdtmetpuuxpl] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [uivefig] c:\windows\system32\tfjvqdq.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Ashish\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [svdqhlcfmxjx] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [starmxn] c:\windows\system32\htolxdf.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Ashish\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [SaveNow] C:\Program Files\SaveNow\SaveNow.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [rrogjno] c:\windows\system32\cdfncyq.exe
O4 - HKLM\..\Run: [qwvdxeh] c:\windows\system32\ngnjibv.exe
O4 - HKLM\..\Run: [quffjh] c:\windows\system32\oazzpd.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [nsvduv] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [ncsdguw] c:\windows\system32\hpvbdfr.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\msbb.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [KeenValue] C:\Program Files\Common files\KeenValue\KeenValue.exe
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nplanr.exe reg_run
O4 - HKLM\..\Run: [jkrmnxp] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [iymheyx] c:\windows\system32\wpayhqu.exe
O4 - HKLM\..\Run: [ivhykbxx] c:\windows\system32\ivhykbxx.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [FlaCPY] "c:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [fhnbcxg] c:\w32\mtptt?????????
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
O4 - HKLM\..\Run: [ebobkd] c:\dows\syste????????
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [dydeshare.exe] C:\WINDOWS\System32\dydeshare.exe
O4 - HKLM\..\Run: [dsqfifqz] C:\WINDOWS\System32\ivhykbxx.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecwy32.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\Geke3L.exe
O4 - HKLM\..\Run: [0BaDC] C:\WINDOWS\hfelxcfq.exe
O4 - HKCU\..\Run: [Ugtlbkye] C:\WINDOWS\system32\??stem\javaw.exe (PurityScan)
O4 - HKCU\..\Run: [shimgvw] C:\WINDOWS\System32\shimgvw.exe
O4 - HKCU\..\Run: [rtutils] C:\WINDOWS\System32\rtutils.exe
O4 - HKCU\..\Run: [Iinl] C:\Program Files\sami\emia.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Ashish\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Ashish\Client\HelpExp.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: BonziBUDDY.lnk = C:\Program Files\BonziBUDDY\BonziBDY.EXE
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common Files\KeenValue\keenvalue.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
Optional Fixes
I highly recommend you to fix these items:
If you choose to remove WildTangent, put a check next to the following entry as well:
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
If you choose to remove Viewpoint Manager, put a check next to the following entry as well:
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
If you choose to remove P2P Networking, put a check next to the following entries as well:
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
If you choose to remove NewDotNet, put a check next to the following entry as well:
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
If you choose to remove Internet Optimizer, put a check next to the following entry as well:
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
If you choose to remove WeatherCast, put a check next to the following entry as well:
O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q
If you choose to remove WeatherBug, put a check next to the following entry as well:
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
If you choose to remove LimeWire, put a check next to the following entry as well:
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
Optional Antivirus Fixes
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [ClamWin] "D:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Optional Anti-spyware Fixes
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SWN2] D:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [STOPzilla] D:\Program Files\STOPzilla!\STOPzilla.exe /install={0D3939DF-923C-4B4A-AB80-B0C1762A8BC4} /uilevel=3 /inithp=
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [@RegRunOnSecure] D:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [SpyBlocs] C:\Program Files\eBlocs\SpyBlocs\GLFAA.exe
O4 - HKCU\..\Run: [Regrun2] D:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
Optional miscellaneous Fixes
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT (Peer to Peer File sharing program)
O4 - HKCU\..\Run: [RediffBOL] C:\Program Files\rediff.com\messenger\Bol.exe hide (Instant Messenger program)
O4 - HKCU\..\Run: [FileFreedom_Plugin] C:\Program Files\FileFreedom\wtm.exe (Pee to Peer File sharing program)
Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.
Next, make sure your PC is configured to show hidden files. Here is how to do this:
Windows XP
* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".
Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html
Delete the following file/files marked in blue (if they exist):
C:\WINDOWS\System32\stlbdist.DLL
C:\WINDOWS\ZHRMWEO.exe
C:\WINDOWS\system32\dsxddk.exe
C:\WINDOWS\System\WinStart001.EXE
msblast.exe <-- (Do a search for this file and then delete it.)
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\ivhykbxx.exe
c:\windows\system32\tfjvqdq.exe
C:\WINDOWS\system32\n20050308.EXE
C:\Documents and Settings\Ashish\Local Settings\Temp\tb_setup.exe
c:\windows\system32\htolxdf.exe
C:\Documents and Settings\Ashish\Local Settings\Temp\se.dll
C:\WINDOWS\uptodate.exe
C:\WINDOWS\System32\bridge.dll
c:\windows\system32\cdfncyq.exe
c:\windows\system32\ngnjibv.exe
c:\windows\system32\oazzpd.exe
c:\windows\system32\rlvknlg.exe
c:\windows\system32\hpvbdfr.exe
C:\WINDOWS\msbb.exe
C:\WINDOWS\system32\nplanr.exe
c:\windows\system32\wpayhqu.exe
C:\WINDOWS\System32\idctup20.exe
c:\Program Files\Common Files\Java\flacpy.exe
C:\WINDOWS\farmmext.exe
C:\WINDOWS\emsw.exe
C:\WINDOWS\System32\dydeshare.exe
C:\windows\system32\elitecwy32.exe
C:\WINDOWS\alchem.exe
C:\WINDOWS\System32\
C:\WINDOWS\hfelxcfq.exe
C:\WINDOWS\System32\shimgvw.exe
Delete the following folder/folders marked in blue (if they exist):
c:\program files\support.com
C:\Program Files\winex
D:\Program Files\WhenUSearch
C:\Program Files\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE <-- (Search for the following file and delete the immediate directory that contains the file.)
C:\Program Files\Web_Rebates
C:\Program Files\webHancer
D:\Program Files\VVSN
C:\WINDOWS\system32\vidctrl
C:\Program Files\Common Files\Totem Shared
C:\program files\tvs
C:\Program Files\SuperBar
C:\Program Files\SaveNow
C:\Program Files\DelFin
C:\Program Files\Power Scan
C:\WINDOWS\system32\nsvsvc
C:\Program Files\NavExcel
C:\Program Files\DownloadWare
C:\Program Files\Common files\KeenValue
C:\Program Files\Blue Haven Media
C:\Program Files\KaZaA
C:\Program Files\ISTsvc
C:\WINDOWS\System32\IEDriver
C:\Program Files\Ebates_MoeMoneyMaker
C:\Program Files\Common Files\CMEII
C:\Program Files\Bargain Buddy
C:\WINDOWS\system32\??stem\javaw.exe <-- (Be aware/careful of the location where you find this file, then delete the immediate directory that contains this file.)
C:\Program Files\sami
C:\Program Files\Alset
C:\Program Files\ezula
C:\Program Files\ClockSync
C:\Program Files\BonziBUDDY
C:\Program Files\Date Manager
C:\Program Files\Common Files\GMT
C:\Program Files\Common Files\KeenValue
C:\Program Files\PrecisionTime
Optional folder/folders marked in blue to be deleted (if they exist):
If you uninstalled WildTangent you need to remove the next folder also:
C:\Program Files\WildTangent
If you uninstalled Viewpoint Manager you need to remove the next folder also:
D:\Program Files\Viewpoint
If you uninstalled P2P Networking you need to remove the next folder also:
C:\WINDOWS\System32\P2P Networking
If you uninstalled NewDotNet you need to remove the next folder also:
D:\Program Files\NEWDOTNET
If you uninstalled Internet Optimizer you need to remove the next folder also:
C:\Program Files\Internet Optimizer
If you uninstalled WeatherCast you need to remove the next folder also:
C:\Program Files\WeatherCast
If you uninstalled WeatherBug you need to remove the next folder also:
C:\Program Files\AWS
If you uninstalled LimeWire you need to remove the next folder also:
D:\Program Files\LimeWire
Optional antivirus folder/folders marked in blue to be deleted (if they exist):
C:\Program Files\Alwil Software (Avast)
C:\Program Files\Trend Micro (Trend Micro's PC-cillin)
C:\Program Files\Navnt (Norton Antivirus)
D:\Program Files\ClamWin (ClamWin)
C:\Program Files\Grisoft (AVGFREE)
Optional anti-spyware file/files/folder/folders marked in blue to be deleted (if they exist):
C:\Program Files\Acceleration (eacceleration Stop Sign)
C:\Program Files\Common Files\eAcceleration (eacceleration Stop Sign)
C:\Program Files\SpyHunter (SpyHunter - Rogue antispyware program.)
D:\Program Files\Windows Defender (Windows Defender)
D:\Program Files\Spyware Nuker (Spyware Nuker)
D:\Program Files\STOPzilla! (StopZilla)
C:\WINDOWS\winbait.exe (RegRun)
D:\Program Files\Greatis (RegRun)
C:\Program Files\eBlocs (SpyBlocs - Rogue antispyware program.)
See the following link as a reference: http://www.spywarewa...nti-spyware.htm
Optional miscellaneous folder/folders marked in blue to be deleted (if they exist):
C:\Program Files\Blubster (Bluster - File sharing software)
C:\Program Files\rediff.com (rediff.com instant messenger - Security issues - see the following link: http://seclists.org/...3/Jan/0252.html )
C:\Program Files\FileFreedom (FileFreedom file sharing program - may download adware)
Finally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
Restart your computer.
****************************************************
Your computer may have a CoolWebSearch Infection.
Please Download CoolWebShredder, Extract it and run the Program. Press the "Fix Button" Let it fix all variants.
Please restart your computer.
****************************
Please download and run a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe. Please restart your computer.
Dear reena, if your having trouble connecting to the Internet, you can download the file definitions for the "Trojan Hunter" application manually at the following location: http://www.misec.net...unter/updating/
***********************************
TrendMicro™ HouseCall ActiveX Scan
- Please go [color="purple"]HERE
*******************************
Download, install, update, configure and run a scan with Ad-Aware SE at the following link: http://rstones12.gee...areSE_setup.htm
Restart your computer.
************************************
Dear User, I would like you to add-on VX2 Cleaner to your Adware SE application. Here is how to do this:
How to use Lavasoft’s VX2 Cleaner add-on
Close Ad-Aware and Ad-Watch (if running)
Download the free VX2 Cleaner here
Install the VX2 Cleaner
Start Ad-Aware
Go to "Add-ons"
Select the VX2 Cleaner add-on and click "Run Tool"
If your computer isn’t infected, click "Close".
If your computer is infected
Select "Clean System"
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer
See the following link: http://www.lavasoft....x2cleaner.shtml
Please restart your computer.
*******************************
Next, please download and run Spybot Search and Destroy 1.4 Here is a link to download Spybot S & R 1.4.
Here is a link on how to use How to use Spybot S & D.
Please reboot your computer.
***************************
Restart your computer and then please post a new HijackThis log.
In addition, let me know in detail how your computer system is running after performing the above steps.
Edited by rambro, 16 June 2006 - 07:09 AM.