Spyware and other crap

Ok good...

Download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed -> http://www.outerinfo.com/howto.html

Download RootkitRevealer.zip -> http://www.sysinternals.com/Files/RootkitRevealer.zip
* Create a new folder named RKR to your C-drive, C:\
* Extract all of the RootkitRevealer.zip file contents to C:\RKR folder
* Open C:\RKR folder and doubleclick RootkitRevealer.exe file
* Click Scan button and wait for the scanning to end
* NOTE! Don't use your computer when the scan is in progress
* When the scan has finished, click on File
* Then click on the Save button
* Save the RootkitRevealer log to your desktop

Post the RootkitRevealer log to here.

 

I'm sorry for the long delay. I can't thank you enough for your help and patience. Here's the RKR log:

HKLM\S-1-5-21-2743126638-3542878219-2910769467-1003\Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users\doubleagentoo2\recent IM ScreenNames 7/23/2006 6:15 PM 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\CHROME\shell\open\ddeexec 7/22/2006 9:00 PM 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\CLSID\{A35A10C2-B27C-68CF-4C664C85E35F1A3D}\{28B3EA4A-F41A-DA4A-412614F8881DEC21}\{CC778E34-E0F1-1673-DAC48331F9D4EFD7}* 3/29/2006 12:41 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{B9046776-195D-89EA-3E66F9BC5DAE5B9B}\{E7989E73-D3F8-C437-CB8470F59A56421D}\{FFD68A1F-1364-19C2-ECF1A15A7898EBE6}* 3/29/2006 12:41 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version 5/19/2005 9:10 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\ftp\shell\open\ddeexec 7/22/2006 9:00 PM 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\gopher\shell\open\ddeexec 7/22/2006 9:00 PM 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\HTTP\shell\open\ddeexec 7/22/2006 9:00 PM 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\https\shell\open\ddeexec 7/22/2006 9:00 PM 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 7/23/2006 9:37 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version 5/19/2005 9:10 PM 0 bytes Key name contains embedded nulls (*)
D: 0 bytes Error mounting volume

 

Hi again steinbeck

Please post a fresh HjT log to here too.

 

Sorry for the long delay. Here are the new logs, I'm sorry HjT still can't export the text:




THANKS!

 

Ok...

Cleaning instructions:

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe

Download the latest version of VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked
I've marked the entries to fix with red boxes.




Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\PurityScan

Use the Windows "search" function
-> Start
-> Search
-> All files and folders
-> More advanced options

Checkmark these options:
- "Search system folders"
- "Search hidden files and folders"
- "Search subfolders"

->Search for this and delete if found: cmd.dll

Run ATF Cleaner -> Check select all -> Press Empty selected

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.

-> When the scan has completed:
-> If infections were found you'll be prompted about what to do.
-> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
-> Then press Apply all actions and answer yes to all if it asks about something
-> Click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log (try to save the log normally this time)
-> Ewido's log