Still got some baddies running...
Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)
O4 - HKLM\..\Run: [hole dupe file vc] C:\Documents and Settings\All Users\Application Data\Safe16holedupe\Settings Enc.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/tem...bcontrol024.cab
C:\Documents and Settings\All Users\Application Data\
Safe16holedupe <--delete that folder.
Reboot and post another hijackthis log and the log from the following tool..
Please empty any Quarantine folder in your antivirus, empty your recycle bin and purge/delete all recovery items in the spybot program if you use it…BEFORE!!! running this tool.
Download this virus checker and tool from eScan
Mwav.exe (Use Link 3)
1. Save it to a folder.
2. Reboot into safe mode
3. Double click the
Mwav.exe file.
(This is a stand alone tool and NOT just a virus checker......so it won't install anything)
4. Select
all local drives, scan
all files, press
SCAN and when it is completed, anything found will be displayed in the lower pane.
5. In the
Virus Log Information Pane (Bottom Window)
Left click and
Highlight all the info in the Lower pane--- Use
"CTRL C" on your Keyboard to copy all found in the lower pane and save it to a notepad file.
DO NOT post the log from the “View Log” button as that log does NOT contain the info we are after.
*Note* If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning.
We are not going to use this to remove anything..but to ID the bad guys.
Once you copy that to a notepad file...highlight the text and copy it here along with a new hijackthis log.