Sorry for the late reply; I've been busy.
Step 1:
Run HijackThis and do a system scan. Place a check in the box next to the following entries (if there):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [http]www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll (file missing)
O2 - BHO: (no name) - {157CCC88-44B0-4858-8412-60BB1E8EB121} - C:\WINDOWS\system32\awtqp.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: H - {B1FBF2E1-C164-4ebe-AB04-B839655CC927} - gyrpsy23.dll (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)
O2 - BHO: - {DA9E35FF-E796-4ABF-A61C-C5F669B9CD3B} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [http]wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - [http]www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - [http]yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [http]atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - [http]moviefone.kontiki.com/securedelivery/main/kdx.cab\
O20 - AppInit_DLLs:
O20 - Winlogon Notify: khfecay - khfecay.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
Close all open programs except HijackThis. Click the Fix Checked button. Wait for the fixing to complete, which may take awhile, and then close HijackThis.
Step 2:
Boot into safe mode, under your normal user name (not the administrator account). See how
HERE.
In Windows Explorer, turn on "show all files and folders, including hidden and system." See how
HERE.
Search your system for the filename
alcmtr.exe and delete all instances found.
Then navigate to and delete the following
bold files (if there):
C:\WINDOWS\system32\
UninstallPCTT.exe
C:\WINDOWS\system32\
4472F5F453.sys
Once that's done, reboot into normal mode and rehide your protected files.
Step 3:
Please navigate to
www.virustotal.com.
Click the Choose... button.
Navigate to the following file:
C:\WINDOWS\system32\ps.dat
Click Open. Then click Send File.
Wait until it's done scanning, then copy and paste the results into a Notepad file and save it to your computer.
Step 4:
Rerun HijackThis and ComboFix. Post their logfiles, as well as the VirusTotal log.
Regards
This thread is for the use of 326_grn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.