Hi candyx,
And welcome to Techspot.
You have what is known as a LOP infection, we will have to look deeper but first, we need to disable some real time protection before fixing it. (Afterwards re-enable active protection) please follow my instructions in order and ask questions if you are unsure how to proceed at any point.
Step 1
Uninstall - AOL Active Security Monitor
Disable Spyware Doctor Active protection
1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".
Disable Teatimer
- Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
- Open Spybot S&D
- Click on Mode at the top and make sure that Advanced is checked
- Expand the Tools tab in the left pane
- Single click on the Resident Icon also in the left pane
- Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
- Close spybot
-------------------------------------------------------------------------------
Step 2
Remove bad HijackThis entries
- Run HijackThis
- Click on the System Scan Only button
- Put a check beside all of the items listed below (if present):
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\fast film.exe
O4 - HKCU\..\Run: [license error] C:\DOCUME~1\SALLY1~1\APPLIC~1\GLUEGR~1\anti iso.exe
O16 - DPF: {FA463B6E-93D5-4E02-B7F2-E0BA98DA73FC} (SHLaunch Control) - http://nchat2.haduri.com/chat/shlaunch_0930.cab
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
---------------------------------------------------------------------------------------
Step 3
Please
download the
Killbox by Option^Explicit.
Note:
In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
C:\DOCUME~1\SALLY1~1\APPLIC~1\GLUEGR~1\anti iso.exe
- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
------------------------------------------------------------------------------
Step 4
After the computer is restarted we need to check on one of those folders
Show hidden files through windows explorer
- Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
- On the Tools menu in Windows Explorer, click Folder Options
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders
- Remove the checkmark from the checkbox labeled Hide protected operating system files
- Remove the checkmark from the checkbox labeled Hide file extensions for known file types
- Put a checkmark in the checkbox labeled Display the contents of system folders.
Now launch windows explorer (double click my computer)
Navigate to - C:\Documents and Settings\SALLY1~1\Application Data\GLUEGR~1 <-It will be a random named folder that starts with GLUEGR and will contain the file anti iso.exe
If there manually delete the folder GLUEGRxxxx
---------------------------------------------------------------------
Step 5
Download and Run ATF Cleaner
Download
ATF Cleaner by Atribune to your desktop.
Double-click
ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the
Empty Selected button.
Firefox or Opera:
Click
Firefox or
Opera at the top and choose:
Select All
Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
NO at the prompt.
Click
Exit on the
Main menu to close the program.
-----------------------
Update your Java Runtime Environment
- Click the following link
Java Runtime Environment 6 Update 6
- The 5th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder
------------------------------------------------------------------------------
Step 6
Run Kaspersky Online AV Scanner
Order to use it you have to use Internet Explorer.
Go to
Kaspersky and click the
Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
After all of that please run a fresh Hijackthis scan and attach the log here with the kaspersky scan,
Also make sure that you update your protection and activate the realtime protection we disabled in step 1. I recommend leaving Tea-timer off though, as I will recommend an alternative that will save you on resources