Hello again, cerebrum. Please tell us how your system is behaving.
Please save this page to
Notepad in order to assist you when carrying out the following instructions.
Before beginning the fix,
read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
------------------------------------------------------
I see you have
P2P software (
Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.
This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
References for the risk of these programs are
here,
here, and
here.
I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.
If you decide to uninstall Limewire, also delete these
Folders if they still exist:
C:\Documents and Settings\RAC\Application Data\Limewire
C:\Program Files\Limewire
------------------------------------------------------
We do not recommend the use of registry cleaners. Our colleague
miekiemoes has an excellent writeup
here
We suggest uninstalling it via Add or Remove Programs in your Control Panel.
------------------------------------------------------
I see you have
WildTangent Web Driver installed on your system. Although not technically spyware, it does have built-in components to update itself and collect information about your computer. We recommend uninstalling it. Please read
here for information, removal instructions, and a link to an automatic removal tool.
------------------------------------------------------
Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with HijackThis.
------------------------------------------------------
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist:
(Make sure you do not miss any)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {DF0C7BE5-5A0C-4A66-94ED-C8E9CEC86E36} - C:\WINDOWS\system32\qoMGyYPF.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {69518E7C-D986-4E77-A49C-49A204746D22} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {69518E7C-D986-4E77-A49C-49A204746D22} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AD2439F5-1E46-42CD-9CB7-CC5D74032497} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AD2439F5-1E46-42CD-9CB7-CC5D74032497} - (no file) (HKCU)
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82/users/zoom/web/...m::/update.exe
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c3dce5...p/RdxIE601.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O22 - SharedTaskScheduler: Network Load Monitor - {CC3E6789-0120-1A20-04B0-087AFF6D2EA4} - blank (file missing)
O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
Please remember to close all other windows, including browsers then click Fix checked.
Please close HijackThis now.
------------------------------------------------------
Delete the following
File if it still exists:
C:\WINDOWS\SYSTEM32\aonyfnux.ini
If any file resists deletion, reboot into Safe Mode and try again. Please let me know if you have trouble.
------------------------------------------------------
Please go to:
VirusTotal- On the page you'll find a Browse button.
- Next to the browse button you'll see a box to enter text.
- Please copy/paste the following bolded text into the box:
C:\WINDOWS\SYSTEM32\hbhhcknf.tmp
- Then click the Send File button just below.
- This will scan the file. Please be patient.
- Once scanned, copy and paste the results in your next reply.
------------------------------------------------------
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.- Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and Save it to your Desktop.
- Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
- Click the Download button to the right.
- Select the Windows platform from the dropdown menu.
- Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 License Agreement.
- Click Continue
- Click on the link to download Windows Offline Installation and Save the file to your Desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs
- Click (highlight) the following items:
- J2SE Runtime Environment 5.0 Update 4
- J2SE Runtime Environment 5.0 Update 6
- Java(TM) 6 Update 5
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
- After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button.
- There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and Applets
- Trace and Log Files
- Click OK on Delete Temporary Files Window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.
------------------------------------------------------
Please run this online scan to help look for remnants.
Establish an internet connection & perform an online scan with Internet Explorer at
Kaspersky Online Scanner
Click
Accept, when prompted to download and install the program files and database of malware definitions.
- Click Run at the Security prompt.
- The program will then begin downloading and installing and will also update the database.
- Please be patient as this can take several minutes.
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Click View scan report at the bottom.
- Click the Save Report As... button.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**
To optimize scanning time and produce a more sensible report for review:
- Close any open programs.
- Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
------------------------------------------------------
Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.
------------------------------------------------------
Please post the following in your next reply:
VirrusTotal results
Kaspersky report
new HijackThis log
report on system behavior