rikkker

Thanks for being so patient.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

==========================================================

*I noticed that you have two antivirus programs installed on your computer.It is important that you uninstall one of them as they may conflict with each other.

==========================================================

eAcceleration Stop-Sign See Here for more information.


LimeWire - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't good at all. They collect information about you and your usage. We recommend uninstalling it.

==========================================================

Download and install Ewido Security Suite

When installing, under "Additional Options" uncheck..

• Install background guard
• Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.


Download LSPFix.exe


Please download Cleanup! and install it. Do NOT run it yet.

==========================================================

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

==========================================================

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time).

C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\windows\system32\rlvknlg.exe

==========================================================

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Acceleration Software
wild tangent
LimeWire
AWS/Weatherbug

==========================================================

Instructions for using LSPFix

1. Double click on LSPFix.exe to run it.
2. Once running, you will be required to tick the disclaimer - "I know what I'm doing".
3. You'll find a window with 2 panes,if there is any thing in the remove pane please put it back into the keep pane.
4. Now highlight any instances of rlls.dll
5. Then click on the arrow pointing to the right, >>.
6. This will move the entry to the right pane labeled Remove
7. Click the Finish button to complete the fix.

If you are unsure about removing certain files, please come back and post the filenames here and I will advise you how to proceed.


==========================================================

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon0.dll",VerifyStatus
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Please remember to close all other windows, including browsers then click Fix checked. (make sure you do not miss any)[/b]

==========================================================

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\Acceleration Software
C:\Program Files\Common Files\eAcceleration
C:\WINDOWS\wt
c:\windows\system32\rlvknlg.exe
C:\Program Files\AWS
c:\windows\system32\rlls.dll
PowerReg Scheduler V3.exe <<<-you will have to search for this one.
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

==========================================================

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
   • Delete Newsgroup cache
   • Delete Newsgroup Subscriptions
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.

* CleanUp! will not create any backups!!

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

==========================================================

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click Complete System Scan to begin scanning.
• Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

• "Perform action on all infections"
• Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** This scan may take over an hour, after choosing the action for the first item you do not need to stay at the PC

==========================================================

Reboot your system in Normal Mode.

==========================================================

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Click on see report. Then click Save report

Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

Please post a fresh Hijack This log so that we can check if your system is clean.


In your next post i will need fresh logs from:

1)HijackThis
2)Ewido log
3)Panda ActiveScan log