Is this the same computer - my goodness - If I had to guess it is your browsing habits or maybe even one particular site that you visit with internet explorer - this is because a lot of the infections were in temp folders and IE cache. You should be using Firefox or Opera for normal browsing as they are considered more secure browsers - also did you install spyware blaster - if not we need to put it on there
You also need to clean out temp files again, but first lets get the rest of the vundo off there.
Remove bad HijackThis entries
- Run HijackThis
- Click on the System Scan Only button
- Put a check beside all of the items listed below (if present):
O2 - BHO: {bae1eba1-b682-fa3a-8784-90f75711fe80} - {08ef1175-7f09-4878-a3af-286b1abe1eab} - C:\WINDOWS\system32\cjaxuj.dll
O2 - BHO: (no name) - {7D4131E0-81BB-4CE0-BCFC-871579711840} - C:\WINDOWS\system32\hgGvuVnM.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [9c227889] rundll32.exe "C:\WINDOWS\system32\kdbswvui.dll",b
O4 - HKLM\..\Run: [BM9f114b15] Rundll32.exe "C:\WINDOWS\system32\ndncbjat.dll",s
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
---------------------------------------------------------------------------------------------
Please
download the
Killbox by Option^Explicit.
Note:
In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\cjaxuj.dll
C:\WINDOWS\system32\hgGvuVnM.dll
C:\WINDOWS\system32\kdbswvui.dll
C:\WINDOWS\system32\ndncbjat.dll
- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.
If your computer does not restart automatically, please restart it manually.
----------------------------------------------------------------------------------
After reboot go to add/remove programs and uninstall:
AskSBar
Then navigate to and delete this folder:
C:\Program Files\AskSBar
---------------------------------------------------------------------------------
Malwarebytes' Anti-Malware
- Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please attach this log with your reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
------------------------------------------------------------------------------------------
Download and Run ATF Cleaner
Download
ATF Cleaner by Atribune to your desktop.
Double-click
ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the
Empty Selected button.
Firefox or Opera:
Click
Firefox or
Opera at the top and choose:
Select All
Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
NO at the prompt.
Click
Exit on the
Main menu to close the program.
---------------------------------------------------------------------
Run Kaspersky Online AV Scanner
Order to use it you have to use Internet Explorer.
Go to
Kaspersky and click the
Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply