Now were getting somewhere...
First:
Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Look for "Hidden files and folders"
Select "Show hidden files and folders"
Click on Apply then OK.
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Reboot into
SAFE MODE
To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.
Next:
Please run
Hijackthis and select
"Do a system scan only" and place a
check beside each of the following:
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zypqhnsx.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [niwoqido] C:\Program Files\ComPlus Applications\niwoqido77798.exe
O4 - HKLM\..\Run: [7c2f5885] rundll32.exe "C:\WINDOWS\system32\pvwnemao.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C8833201749139
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\Marlene\APPLIC~1\ECURIT~1\mshta.e xe" -vt yazb
O4 - HKCU\..\Run: [Dkqbgd] "C:\Program Files\Common Files\M?crosoft\w?auclt.exe"
O4 - HKCU\..\Run: [mkqu] C:\Program Files\Common Files\mkqu\mkqum.exe
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ugmatlvn.exe (file missing)
Close ALL browsers and open windows except HijackThis and click
'Fix Checked'.
Now Please
REBOOT your computer
Next:
Go to the start menu
Select
Run and type in
explorer
Now navigate using the left hand menu to the following folders. Delete the file or folder, if present, highlighted in
black
C:\WINDOWS\system32\
niwoqido77798.exe<--DELETE FILE
C:\windows\system32\
mrofinu572.exe<--DELETE FILE
C:\WINDOWS\system32\
mshta.exe <--DELETE FILE
C:\Program Files\Common Files\M?crosoft\w?auclt.exe
<--DELETE FILE
Reboot into Normal Mode
post a new log