Hi j1477,
You’re most welcome, j1477.
Let’s take care of the malware first, and then see about the other problems, OK?
OK, let’s do this next.
Please download
Flash_Disinfector.exe by sUBs and save it to your desktop:
NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.
- Double-click Flash_Disinfector.exe to run it.
- Follow any prompts that may appear.
- Wait until the program has finished scanning, then please exit the program.
NEXT:
Let’s use another internet browser so that you can at least download stuff and perhaps run some other online scanners.
Mozilla's Firefox browser is
fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you do decide to install Firefox, please take a moment to read
Switching from IE to Firefox.
Use the Firefox browser until we can solve the Internet Explorer problem.
NEXT:
Please download
Dr.Web CureIt and save it to your desktop.
NOTE: In the event you already have Dr.Web CureIt, this is a new version that I need you to download.
Now scan with
Dr.Web CureIt:
- Double-click the drweb-cureit.exe file. It will then suggest to run an "Express Scan" -- this you should allow.
- After this (Dr.Web writes "Done" at the bottom left), you click "Options" menu -> "Change settings".
- Choose the "Scan" tab, uncheck the mark at "Heuristic analysis".
- Choose the "Actions" tab, and choose "Rename" under all the "Malware" issues. Then click "OK".
- Back at the main window, you should now mark the drives that you want to scan (a red dot shows which drives have been chosen).
- Click the green arrow at the right, and the scan will start. The first time Dr.Web finds something, you click "Yes to All", and it will after this automatically fix what is found.
- After the scan, go to the "View" menu -> "Report list".
- Then go to the "File" menu -> "Save report list".
- Save the report to your desktop. The report will be called DrWeb.csv. Copy and paste the contents of the report in your next reply.
- Close Dr.Web CureIt.
- REBOOT your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
NEXT:
Please go to
Start -> Control Panel -> Software -> Add or Remove Programs and remove any of the following that are listed:
Bitdownload
Bitgrabber
Bitroll
CiD Manager
CiD Help
Download Plugin for Internet Explorer
Messenger Plus!
Messenger Plus! 2
Messenger Plus! 3
Messenger Plus! 3 & Sponsor
Messenger Plus! Live
Messenger Plus! Live & Sponsor
Netpumper
Search Plugin
WinZix
Zone Media
This is because they are usually bundled with the malware. Don't worry if you can't find them all.
If during uninstall, you are asked for uninstall Verification, please enter the numbers that will appear in the window.
Then reboot.
<-- Important!
NEXT:
Please run
HijackThis and click "
Scan". Place a check (tick) next to the following entries (if present):
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Laura\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
Close
ALL programs and browsers (including this one), leaving
ONLY HijackThis open, then click "
Fix checked".
Then please exit HijackThis.
NEXT:
Please launch
OTMoveIt:
- Double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\unvise32.exe
C:\WINDOWS\system32\hldrrr.exe
C:\SUHDLOG.DAT
C:\DOCUME~1\Laura\APPLIC~1\BitDownload
C:\Program Files\BitDownload
C:\Documents and Settings\Laura\Application Data\hidires
- Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
- Click the red MoveIt! button.
- Close OTMoveIt.
- Please post the log from OTMoveIt, located here:
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes.
NEXT:
Please open
Notepad (Start -> Run -> type
notepad in the Open field -> OK) and copy and paste the text present
inside the code box below (don't forget to copy and paste REGEDIT4 as well):
Code:
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20941b4c-de19-11db-8e3e-4c0010523213}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48e3a2b4-dc63-11db-8e2d-4c0010523213}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bd69b7e-d51a-11db-8e11-9a96f8d92f88}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97bc178-e1a5-11db-8e52-4c0010523213}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c75d3d6c-eab9-11db-8e77-4c0010523213}]
Save this as
fix.reg and change the "
Save as type" to "
All Files" and place it on your desktop.
It should look like this:
Double-click on it and when it asks you if you want to merge the contents to the registry, click "
Yes" or "
OK". You should receive a message that it was successful.
In case you still are unsure on how to create a REG file, please take a look
HERE with screenshots.
NEXT:
Please
REBOOT your computer normally into Windows and post these logs in your next reply:
- The log from the Dr.Web CureIt scan.
- The log from OTMoveIt.
- A new ComboFix log.
- A new HijackThis log.
How are things running now? Please let me know of any problems that still persist.