Go to add/remove programs and unistall anything to do with
SurfMonkey
If you have turned off your antivirus or firewall turn them on, if you have none then please let me know.
Disable Teatimer
Please disable
Teatimer as it may interfere with the fix.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
Once your log is clean you can re-enable those settings in TeaTimer.
Update your Java Runtime Environment
- First try going to Start -> Control Panel -> double click Java
- Select the Update TAb at the top
- Click the Check for Updates button at the bottom
- If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
- After it installs the newest version Go back to Control Panel -> Add/remove programs
- Uninstall any older versions of Java
If for some reason you couldn't update through the above instructions.
- Click the following link
Java Runtime Environment 6 Update 5
- The 4th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
Fix entries using HiJackThis
- Launch HiJackThis
- Click the Do a system scan only button
- Put a check next to the entries listed below
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {4AAE457A-BF4D-78C6-D423-615578F4224E} - C:\WINNT\System32\lnibnkpw.dll (file missing)
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Java Virtual Machine] msvmjava.exe (User 'Default user')
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [7C690661] C:\WINNT\System32\lbfmlmkckjwigr.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft WinUpdate] bnvkscuu.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Updates] msupdate.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O24 - Desktop Component 0: (no name) - http://images.kodakgallery.com/photos1797/1/58/6/41/53/3/353410658106_0_ALB.jpg
O24 - Desktop Component 2: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplugin.com/active/?16213272
- IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
- Click the Fix checked button and close HiJackThis
- Reboot HijackThis if necessary
Delete Files and Folders
- Right Click on the start button and chose explore
- Show all hidden files and folders, see how HERE
- Navigate to the following files and folders and delete them(if still present)
C:\WINNT\System32\lnibnkpw.dll<---------This File
C:\WINNT\System32\lbfmlmkckjwigr.exe<---------This File
C:\Program Files\eSoftware<---------This Folder
If that does not work then repeat the process in safe mode. See how to boot into Safe mode
HERE.
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***
Find and Delete Suspect File
Using Start > Search > All Files and Folders
Click
Advanced Options and make sure the following are ticked
Search system folders, Search hidden files and folders, Search subfolders
Enter
bnvkscuu.exe and msvmjava.exe in the 'All or part of file name' box
Select C: in the 'Look in' dropdown box
Click
Search Now
Right-click on
bnvkscuu.exe and msvmjava.exe and select
Delete
Repeat for each copy of the file
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking
Empty Recycle Bin.
Go
here and scroll to find the
orange bar Remove CoolWebSearch. Click on it and save
cwshredder.exe on your desktop and have it ready to use.
Don't use it yet.
------------------------------------------------------------------------------
Now run
cwshredder.
Click
Scan only and fix what ever it finds and click
exit.
Run HJT again and post a fresh log.