Hi Scrubbs, can you do the following please
==Download and UNZIP to desktop
BFU.zipSo you now have BFU.exe extracted to desktop
Please Download and UNZIP to desktop
[attachment=400:attachment]
Make sure you unzip this so you now have
p2pnetwork.bfu extracted to desktop
Check for updates with Ewido, close it out later
Can you do the following please
Please Print this out or save these instructions to a Notepad file and save it to your Desktop
Disconnect from the Internet
I need you too disable your Spyware's realtime protections so they won't interfere with any fixes we are trying
First
SPYBOT=Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident
Uncheck only Resident Tea Timer
Allow the change
Open Microsoft AntiSpyware.
Click on Options>>Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
Please keep the above 2 disabled until you are clean
If you didn't intentionally install
Viewpoint toolbar Access your Add/Remove programs and remove it
If you didn't intentionally install
Weatherbug remove it also
Addtionally, it's never a good idea to run more than on Anti-virus software on your computer
This can cause conflicts and decrease system performance
I see Kaspersky's and AVG running
You should choose which one your happiest with and uninstall the other
Afterwards
RESTART your Computer in
SAFE MODEYou can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation
Stay disconnected from the Internet
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu on your desktop
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit
Find and delete this file if found
c:\
counter.cab <-this file
==Open Ewido Security Suite
Click on the
Scanner button on the left menu
Select
Complete System Scan*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cabAfter you have ticked the above entries, close
All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart back to Normal mode
Back in Windows
Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page
Post a fresh hijackthis log and the new report from Ewido's
EDIT>>I forgot to complete my instructions to disable TeaTimer, I've fixed that now
