Hi again Fred,
You have nasty infection's (CWS,ISTbar,Trojan's) . This
may take a couple of attempts so dont be put off if the
problem isnt fixed after this first stage,Its going to be
a bit of work for you as you have a couple of serious
entries showing :
Copy & Paste this to notepad so you can still view it in
safe mode!!!
Disable system restore (goto start,right click my
computer then goto properties then choose system restore
and put a check in the box ' Turn off system restore '
then click apply ) . When you are clean you can re-enable
system restore by following the same as above but
unchecking the turn off box.
Run a online Virus scan at both of these site's :
Trend Micro
http://housecall.antivirus.com/
Panda
http://www.pandasoftware.com/activescan/
Enable Hidden Files & Folders:
Go to My Computer->Tools/View->Folder Options->View tab
and make sure that 'Show hidden files and folders'
(or 'Show all files') is enabled. Also make sure
that 'Display the contents of system folders' is checked.
Windows XP's search feature is a little different. When
searching you click on 'All files and folders' on the
left pane,
click on the 'More advanced options' at the bottom. Make
sure that Search system folders, Search hidden files and
folders, and Search subfolders are checked.
Download These:
Download Hoster
http://andymanchesta.com/Downloads/hoster.zip
Download to your desktop to use later
Download Ewido Security Suite
http://download.ewido.net/ewido-setup.exe
Download Ad-Aware SE
http://www.download.com/3000-2144-10045910.html?
part=69274&subj=dlpage&tag=button
Download Trend Micro's Damage Clean Up Tool
http://www.trendmicro.com/ftp/products/tsc/tsc.zip
Save it to your desktop
Download Deldomains
http://andymanchesta.com/Downloads/DelDomains.inf
Save To Desktop
Download Ccleaner
http://download.ccleaner.com/download119bin.asp
Save to Desktop or c/drive
Open spybot search & destroy if you have it and click
mode>then advanced>then tools>then resident>. Disable
Spybots TeaTimer and SDHelper if it's active as it's
protecting the registry entry keys (If you dont have
Spybot ignore this step)
Removal:
check add/ remove screen on the control panel
(start>control panel>add/remove) for these and remove any
found :
Weatherbug
MS AUpdate
MS Updates
ISTbar
Restart into Safe mode (Reboot and keep tapping F8 untill
you see the option screen then choose safe mode)
Run Ewido Security Suite and let it delete anything found.
Run The Trend Damage clean up tool and save the log
Run Hijack This and put a check next to these entries :
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
init35x.exe (CWS)
F3 - REG:win.ini: run=C:\WINDOWS\inet20038\services.exe
(CWS)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-
A3021C6E7D52} - (no file) (Istbar)
O4 - HKCU\..\RunServices: [p2pnetwork]
p2pnetwork.exe (Backdoor.Win32.Rbot)
O9 - Extra button: (no name) - SolidConverterPDF - (no
file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-
B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone:
http://ny.contentmatch.net (HKLM)
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} -
http://download.sidestep.com/get/k00719/sb026.cab
O20 - Winlogon Notify: avpx32 - C:\WINDOWS\SYSTEM32
\avpx32.dll (Trojan Haxdoor)
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32
\draw32.dll (Trojan Haxdoor)
Close all open windows except hijack this and press ' Fix
Checked '
Stay in safe mode !!
Run Hoster - Double click and press ' Restore original
hosts ' Exit hoster
Run Deldomains - Right click deldomains and choose
install (all you will notice is the desktop icons flash
then its finished and reset the zones)
Run Ad-Aware and choose to do a full system scan (delete
anything found)
Run Ccleaner on all 3 settings (windows,applications and
issues) and clear anything found
Goto Search choose all files and folders make sure you
have ticked the hidden files part as explained
above.Search for
init35x.exe
(Delete this file if found)
C:\WINDOWS\inetdata (delete
the folder)
C:\WINDOWS\system32\p2pnetwork.exe (Delete this file)
C:\WINDOWS\SYSTEM32\avpx32.dll (Delete this
file)
C:\WINDOWS\SYSTEM32\draw32.dll (Delete this
file)
C:\Programfiles|AWS
(Delete Folder)
If Windows does not permit you to delete some or all of
the files because it gives you an error message saying
you do not have permission to delete them, try right-
clicking on the files and unchecking any "read-only" or
other restricted permissions. Then try to delete them
again. If you get the same error message, try renaming
them first, such as from "cm.dll" to "cm.bad", and then
trying to delete them again.(If that doesnt work let me
know and we can use killbox on them)
Run Ccleaner Again.
Reboot into Normal mode and run a new hijack log to see
if the entries are still showing up
If the problem is not solved download Microworlds E'scan
http://www.mwti.net/antivirus/mwav.asp
Save it to your desktop,double click to extract
files,make sure you tick all possible scan entries(all
folders and all drives) then press scan.When its finished
it will display any bad files in the lower pane.Left
click and high light all the text the pree Control and C
to copy it,Paste that back into the next reply plus a
fresh hijack this log
Regards Andy
