Hi rupert and welcome to techspot. =)
I found no instances of a firewall running on your system. I also noticed that your windows is completely unpatched. I recommend you get a firewall immediately and run it, before updating to the latest patch before you continue.
Here are some recommendations for firewalls;
please use one and only one. Using more than one is not recommended as it will hog your system resources.
Zonealarm
Kerio
Comodo
Also, you mentioned that you had followed the instructions from our preliminary removal thread; yet you have not posted your AVG Antispyware, Combofix logs as well as the results of the AVG antirootkit scan. I need to see those logs before I can do a thorough cleaning of your system.
You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how
HERE
Next turn on "Show all files and folders, including hidden and system". See how
HERE
Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
IESet
After that,
run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper2.dll (file missing)
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ckjtkqwb.exe
Fix all O17 entries.
Close HJT.
Navigate in Windows Explorer and delete the following
files and
folders in
bold.
C:\Program Files\Internet Explorer\
ckjtkqwb.exe
I also require you to search on your system for all instances of
IExplorer.dll and delete them.
Reboot into normal mode and rehide your protected OS files.
Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.
Regards,
Your friendly momok =)
This thread is for the use of rupert only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
