Hi Touch&go,
Hmmm, it might be best if you print this off, as you have a fair few nasties there..
Please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close
all browser windows and click the
Fix checked button…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/i...w.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: Holdgreyface - {1AE5A37A-77FF-0A8B-CE6E-B5983B20F12F} - C:\PROGRA~1\SIZEAC~1\Stupid Intra.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O3 - Toolbar: Idol Axis - {FBDF72D5-0AE9-FDDB-4806-DC5A4AED9CF9} - C:\PROGRA~1\SIZEAC~1\Stupid Intra.dll
O4 - HKLM\..\Run: [Pop inside] C:\PROGRA~1\HOLENE~1\Vc Hope Mode.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [wkunclvaefol] C:\WINDOWS\System32\psssyd.exe
O4 - HKLM\..\Run: [HARES] C:\WINDOWS\System32\HARES.exe
O4 - HKLM\..\Run: [BDUSK] C:\WINDOWS\System32\BDUSK.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://216.82.66.200/build/preload.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...1/Installer.exe
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/...soft/wtinst.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Insta...rsinstaller.cab
Next, please double click on the
My Computer icon on the desktop. Go to
Tools | Folder Options, click on the
View tab and make sure that
Show hidden files and folders is checked. Also uncheck
Hide protected operating system files. Now click
Apply to all folders, then click
Apply then
OK.
Then boot into safe mode, (see
here for info if needed) and delete the entire contents of the C:\Windows\
Temp (or C:\WINNT\
Temp) folder, but
not the folder itself. Next please find and delete the following
bolded files...
C:\Windows\System32\
wsaupdater.exe
C:\WINDOWS\
twaintec.dll
C:\WINDOWS\
2_0_1browserhelper2.dll
C:\WINDOWS\
alchem.exe
C:\WINDOWS\System32\
psssyd.exe
C:\WINDOWS\System32\
HARES.exe
C:\WINDOWS\System32\
BDUSK.exe
..and these folders...
C:\PROGRA~1\
INCRED~1 (May also show as C:\Program Files\
Incredifind)
C:\PROGRA~1\
SIZEAC~1
C:\PROGRA~1\
HOLENE~1
C:\Program Files\
WindowsSA
C:\Program Files\
RSNet
Then please boot back into normal mode and download AdAware 6 181 from
here.
Before you scan with AdAware, check for updates of the reference file by clicking
Check for updates now, and following the prompts.
Now to set it up for optimum performance...
Make sure the following settings are configured. Remember that
ON=GREEN.
From main window click
Start | Activate in-depth scan.
Then click
Use custom scanning options | Customize and have these options switched
ON...
Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files
Then click the
Settings button.. (the gear icon on the top row) then
Tweak | Scanning engine and check..
Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.
and uncheck..
Automatically try to unregister objects prior to deletion.
Then click
Proceed, to save your settings.
Now click the
Scan button.
When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them.
Next, reboot again and download Spybot - Search & Destroy, from
here: if you haven't already got the program.
Click on
Settings, and
Settings again. Go to the
Webupdate section, and check
Display also available beta versions.
Now press
Online, and search for, and put a check mark next to all updates, and install following the prompts.
Next, close all Internet Explorer windows, and click
Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in
RED.
Next reboot and go
here, and run the online virus scan; choosing the
Autoclean option just before clicking the
Scan button. Then please post a new log for a final once over.
We may need to do a second clean up, just because of the amount of scumware that you've accumulated, but we'll see how you go. :) I'm also going to get some advice on the
018 entry, as I haven't seen that variant before, and there is nothing [helpful] via Google.
I'd also suggest getting rid of Messenger +2, as it includes Lop.. See
here for info. (I just checked and the Spywareinfo site is still down due to a DDos attack, so feel free to leave it a while to read, before deciding.
Cheers
Liam