Hello jwhta Welcome to TSF!
Please read through the instructions carefully before starting the fix.
I see you have
BroadJump on your system. This is the newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. I suggest that you carry out the fixes indicated below but I would approach your ISP as soon as possible and ask them how to remove it and why they installed it in the first place. Do not attempt to uninstall the program yourself.
I suggest that you remove
Microsoft Antispyware - As you have all ready experienced, it's not very good as a form of protection. I recommend you read the following thread that discusses this product being
RogueWare:
===============================================
Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.
Download The Temp folders must be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download
Cleanup! (
Alternate Link) if the main link does not work and install it. You will use this later.
Download
Please download
KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)
Download
CoolWebShredder
1. Open CWShredder and click - I AGREE
2. Click - Check For Update
3. Close CWShredder after updating
Download
Ewido Security Suite - Install &
Update it's database but do not run it yet.
===============================================
'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING
This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.
If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.
===============================================
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
Disable Microsoft AntiSpyware:
MSAS may hinder the removal of some entries. Please disable it for the following fix. You can re-enable it after you're clean.
* Right click the
Microsoft AntiSpyware icon located in the system tray
* Click on Security Agents Status (Enabled)
* Click on
Disable Real-time Protection
Enable the viewing of Hidden files
1. From Windows Explorer, go to Tools>Folder Options>View tab.
2. Enable the option for `Show hidden files and folder´
3. Disable the option for `Hide file extensions for known types´
4. Disable the option for `Hide protected operating system files´
5. Click Yes to confirm & then click OK
===============================================
When doing the fix, you shall be viewing these instructions from Notepad.
Copy the filename's listed below so you can delete them with
Killbox
.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy
• FILE DELETION LIST
C:\DOCUME~1\CHARLES\LOCALS~1\Temp\B.tmp.exe
C:\WINDOWS\system32\ddci.dll
C:\WINDOWS\addfg32.dll
C:\WINDOWS\system32\d3wy.dll
C:\DOCUME~1\CHARLES\LOCALS~1\Temp\A.tmp.exe
C:\WINDOWS\system32\winus32.exe
Launch
KillBox.exe
1. Go to the File menu, and choose 'Paste from Clipboard' * this feature does not work on older versons of Killbox
Click the dropdown-arrow next to the "Full Path of File to Delete" field.
Verify that the filenames you pasted are found in there.
2. Select/tick the following:
o Delete on Reboot
o End Explorer Shell While Killing File
o Unregister dlll Before deleting * if it's not grayed out
3. Click the RED
X button.
4. Click
Yes at the 'Delete on Reboot' prompt.
5. Click
No at the 'Pending Operations prompt'.
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run
missingfilesetup.exe Then try Killbox again.
===============================================
CLOSE ALL OTHER WINDOWS. NOTHING ELSE SHOULD BE RUNNING
Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {36609D71-2D80-48C8-8975-EEB39B3D3B0F} - C:\WINDOWS\system32\ddci.dll (file missing)
O2 - BHO: Class - {5883D979-5C1C-5AE9-C370-C39713BB8756} - C:\WINDOWS\addfg32.dll (file missing)
O2 - BHO: Class - {CD0FD544-5710-E7D8-7CDF-35F3B6A22A9A} - C:\WINDOWS\system32\d3wy.dll (file missing)
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\CHARLES\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [B.tmp] C:\DOCUME~1\CHARLES\LOCALS~1\Temp\B.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\CHARLES\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [B.tmp.exe] C:\DOCUME~1\CHARLES\LOCALS~1\Temp\B.tmp.exe
O4 - HKLM\..\Run: [winus32.exe] C:\WINDOWS\system32\winus32.exe
Please remember to close all other windows, including browsers then click Fix checked.
===============================================
Run
Cleanup! with the following configuration:
1. Click Options...
2. Move the arrow down to
Custom CleanUp!
3. Put a check next to the following:
o Empty Recycle Bins
o Delete Cookies
o Delete Prefetch files (Windows XP only)
o [color=red[X][/color]Scan local drives for temporary files (Please
uncheck this option)
o Cleanup! All Users
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will delete all the files in your temp folders without making a backup
===============================================
Run
CWShredder & click on Fix.
===============================================
Run
Ewido:
1. Click Scanner
2. Click
Complete System Scan to begin scanning.
3. Click OK when prompted to clean files
4. With the first file it prompts to clean, select the option:
a. "Perform action on all infections"
b. Choose clean and click OK.
5. Once finished, click the
Save report button
6. Save the report to your desktop
Close Ewido * Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.
===============================================
REBOOT TO NORMAL MODE
Perform an online scan with Internet Explorer, Please use
Panda - requires Internet Explorer
1. Click on the
Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
2. Click On 'Scan Now'
3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
4. Begin the scan by selecting
My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
5. If it finds any malware, it will offer you a report. Click on
see report
6. Then click
Save report
7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
===============================================
In your next post, please include fresh logs from:
1. HiJackThis
2. Online scan
3. Ewido
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now