Okay Alex- I started this last night but had to close up for a storm.
I see this old one is still around:
minibugtransporter.dll
C:\PROGRAM FILES\AWS\WEATHERBUG\MINIBUGTRANSPORTER.DLL
MINIBUGTRANSPORTER.DLL
Minibug is an adware that displays ads on to your computer. It seems to be a variant of adware WeatherBug. Crogram Files\AWS\WeatherBug. Weatherbug is installed as a secondary application with many popular pieces of software including AOL Instant Messenger.
There was removal in Malwarebytes, but it sounds like you might still have at least part of it installed. I don't see it in the HJT log- did you remove the program? since it is classified as Aware, the removal is optional , but recommended. So let's see what's left:
1. If you have v6, it has it's own uninstaller so use that. If not> Add/Remove Programs: Look for Weatherbug. If seen, highlight and uninstall.
2. To delete the
AWS directory
1. Open "MY COMPUTER" icon on your desktop.
2. Double-click the C drive.
3. Double-click “Program Files” folder to open.
4. Right click on the folder titled "AWS" and select DELETE.
Extra removal instructions for Windows XP
1. Open "MY COMPUTER" icon on your desktop.
2. Double-click the C drive.
3. Double-click on Document and Settings
4. Double-click the folder that has your name next to it (or the name of whomever the machine is registered to)
5. Double-click the
“Application Data” folder to open it and delete the folder entitled
“WeatherBug”.
7. Restart your computer and the uninstall is complete.[/list]
I notice you have nview loading:
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
This is a legitimate program. I just want to make sure you're using it and loading it intentionally as it can cause some problem on the system:
rundll32.exe nview.dll, nViewLoadHook
Command: Unknown at this time.
Description: This is a DLL to enable
multiple display monitors on a single computer. It can be a cause of numerous problems on some computers
You need to update the Adobe Reader. You have v6 and it's now up to v9+. The older version presents a vulnerability:
- Visit this Adobe Reader site and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
- Check this site also. Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
Once you have that all out of the way, please
Empty the Recycle Bin then
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Rescan with HIJT when finished. Attach new log and Combofix report into next reply.
Let me know existing system problems when through.