Hi lrsims91 and welcome to techspot. =)
Good job with following the instructions.
Please run ccleaner again and remember to check every single box for cleaning.
After that please do the following.
Download the attached "
Combofix-Do.txt" (
from my attachment) and save it to the same folder as Combofix.
You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how
HERE
Next turn on "Show all files and folders, including hidden and system". See how
HERE
Go to start > run and type msconfig. Press the enter key.
Search for the following services. Uncheck them to disable from startup.
clock poll
NI.UWFX5_0001_NI530211
Press OK but do not restart your system yet.
Go to start > Control Panel > Add and Remove Programs.
Remove anything related to the following:
Viewpoint
Winantivirus Pro
SurfSideKick 3
After that,
run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
O2 - BHO: (no name) - {5b24bf3c-9d30-4a0f-a1ab-43bf6b161746} - C:\WINDOWS\system32\comdus.dll
O4 - HKLM\..\Run: [NI.UWFX5_0001_NI530211] "C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\QYV0VMJZ\WinFixerScannerInstall[1].exe" -nag /BEFOREINSTALL
O4 - HKCU\..\Run: [clock poll] C:\DOCUME~1\Patty\APPLIC~1\LIESLI~1\idlefastonce.exe
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\comdus.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\comdus.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\comdus.dll
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} -
http://69.56.176.75/webplugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab <
note this site and never visit it ever again. It is most likely the source of part of your infections.
O20 - AppInit_DLLs: c:\windows\system32\gebyvsr.dll
O20 - Winlogon Notify: comdus - C:\WINDOWS\SYSTEM32\comdus.dll
Close HJT.
Please search for this two folders and delete them if you did not create them. If you did, please let me know what are its contents and what you use them for.
C:\Program Files\
Gpotato
C:\Program Files\
LIESLICENSEMAGS
Drag the
Combofix-Do.txt that you downloaded earlier over on to
Combofix.exe and release.
This will ask Combofix to execute the instructions within my file.
Let Combofix run normally and do its job. Attach the resultant log in your reply.
Reboot into normal mode and rehide your protected OS files.
Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.
Regards,
Your friendly momok =)
This thread is for the use of lrsims91 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.