Hi reggieblack,
This is going to take a few more stages, as we start to clean the remnants of the mess which was on your computer. Please stick with me until I say your machine is clean.
--------------------------------------------------------------
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
Also be sure to carry out the instructions in the sequence listed below.
--------------------------------------------------------------
Download
CWShredder and run it. Click Check for Update. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.
--------------------------------------------------------------
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
Internet Speed Monitor
Kazaa Media Desktop 2.0.2 <<< known to bundle malware inside its install files.
Viewpoint Manager
Viewpoint Media Player <<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546
Additional info:
http://vil.nai.com/vil/content/v_137262.htm
Optional Removal
WildTangent GameChannel
WildTangent Web Driver
*** Wild Tanget's privacy policy used to state they also collect and share individuals information, but that is no longer the case ***
--------------------------------------------------------------
Open
notepad and copy/paste the text in the quotebox below into it:
Quote:
KILLALL::
File::
C:\WINDOWS\system32\bvdnsbm.dll
C:\WINDOWS\tsitra72.exe
C:\WINDOWS\system32\dn224c1e06.dat
C:\WINDOWS\ytfse.exe
C:\WINDOWS\runnen
Folder::
C:\PROGRA~1\COMMON~1\omuu
C:\FOUND.014
C:\Program Files\ISM2
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFED3F50-D194-FE61-BB28-FF8A32F52EB9}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Irdr"=-
"Fvfmsyvt"=-
"Duogpd"=-
"omuu"=-
"ISMModule7"=-
"Bxvhv"=-
"ISMPack7"=-
|
Save this as
CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Follow the prompts, and post the resulting log, C:\ComboFix.txt
Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
--------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries
(If they still exist, make sure you do not miss any)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-explorer.net/search_page.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.runsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.runsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.runsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/w...oft/wtinst.cab
Please remember to close all other windows, including browsers then click Fix checked.
--------------------------------------------------------------
No AntiVirus Onboard
I see no evidence of an AntiVirus program on your system. This must be resolved. Here are two very good free Antivirus products which are available:
Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.
Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.
--------------------------------------------------------------
Restart the computer after installing a Anti-Virus
--------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
--------------------------------------------------------------
Please update me on how your system is behaving?
--------------------------------------------------------------
Please reply back with the following:
C:\ComboFix.txt
New HiJackThis Log