Hi Rich18144
Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.
Download Ewido Security Suite at
http://www.ewido.net/en/download/ and install it. Update to the newest definitions. If you have trouble updating, you may do it manually at
http://www.ewido.net/en/download/updates/ Do NOT the Ewido scan yet.
Please download Nailfix at
http://www.noidea.us/easyfile/file.php?download=20050515010747824 Unzip it to the desktop but do NOT run it yet.
Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
Once in Safe Mode, please double-click on nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Next run a full scan in Ewido. Save the log from the Ewido scan so that you can post it later.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: IEsearch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - c:\progra~1\2search\plugin.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll (file missing)
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{8F0C6EF2-15A1-4018-A35F-BAE84C3A7A60}\SVCHOST.EXE
O4 - HKLM\..\Run: [uwpvjpa] c:\windows\system32\knkxez.exe
O4 - HKLM\..\Run: [vhhfufk] c:\windows\system32\crikjvw.exe
O4 - Global Startup: BTTray.lnk = ?
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {8FACB588-4A4B-46C1-807B-1F08D0AC7592} (eTours Control) - http://www.360etours.net/tours/activex/eTours.ocx
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
Close all open windows except for HijackThis and click Fix Checked.
Locate and
delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
c:\progra~1\2search
C:\WINDOWS\System32\Services
files...
C:\WINDOWS\Nail.exe
c:\windows\system32\knkxez.exe
c:\windows\system32\crikjvw.exe
C:\WINDOWS\svcproc.exe
Restart your computer.
Download FindIt's.zip
http://forums.net-integration.net/index.php?act=Attach&type=post&id=142443 to your desktop.
1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient... Note: If you are having problems using FindIt's.bat (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running FindIt's.bat.
3. Then post the results here along with the new HijackThis log. Also post the Ewido scan results here.
Lobos