Welcome back.
We shifted the bulk but there are a few more cleaning steps to take.
I notice that you have two anti-virus programs on your machine. (Symantec & McAfee) That's not a good idea!!
Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall one of them.
Go to Start->Run and type in
regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in
notepad and hit OK. Then copy and paste the following into Notepad:
Code:
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\artm_newreg]
[-HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}]
Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
Go to the Control Panel and then Add/Remove. Uninstall the following:
Kazaa
LimeWire
Zango
WinAntiVirusPro 2006
Run HJT and fix the following:
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [cfd3fda6.exe] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cfd3fda6.exe
O4 - Startup: Backyard Skateboarding Registration.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{8F722C94-13EA-43E6-A920-5110A1A32B21}\{37003C6E-DC86-4233-B5CE-665D82DFA7EB}\ATR1.EXE
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O21 - SSODL: udBVxhcj - {9421B6D8-3E8B-1C72-81A5-AD3093A6DE3E} - C:\WINDOWS\system32\vxr.dll (file missing)
Delete the following folders:
C:\Program Files\Kazaa
C:\Program Files\LimeWire
C:\Program Files\Common Files\WinAntiVirus Pro 2006
C:\Documents and Settings\HP_Administrator\Application Data\WinAntiVirus Pro 2006
c:\documents and settings\all users\start menu\programs\Zango
Download & launch
KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)
Select the following option -
delete on Reboot
Use your mouse to select all the filenames listed below & then right-click & select Copy
- C:\WINDOWS\system32\dlh9jkdq8.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cfd3fda6.exe
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\Documents and Settings\Kay Bee\Application Data\Install.dat
* Go to the File menu, and choose
Paste from Clipboard
* Click the
RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
Reboot your computer to Normal Mode:
Establish an internet connection & perform an online scan with Internet Explorer at
Kaspersky Online Scanner
Answer Yes, when prompted to install an ActiveX component.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded click on NEXT
- Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK & have it scan My Computer
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
In your next post please provide:
1 - A New HJT Log
2 - Online Scan
3 - A description of how your system is now.