Hi....
Please download
Combofix:
http://download.bleepingcomputer.com/sUBs/combofix.exe
and save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Do not proceed with the rest of the fix if you fail to run combofix
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
Go to Start > Run and type
cmd
and OK. Type the below commands and hit "Enter" after each line
sc stop cmdService
sc delete cmdService
Type Exit to close.
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=
http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
FindTheWebsiteYouNeed
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Locksgramactivespam] C:\Documents and Settings\All Users\Application Data\dent stupid locks gram\glue iso.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e20.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e19.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e19.exe
O4 - HKCU\..\Run: [New Wipe] C:\DOCUME~1\Dan\APPLIC~1\INTRAP~1\NameChic.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) -
http://static.zangocash.com/cab/Zang...ridge-c356.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\ir4ml5h11.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFu\command.exe (file missing)
Open Windows Explorer and delete the following highlighted file/s
Also delete the following red folder/s
C:\WINDOWS\system32\
ir4ml5h11.dll
C:\Program Files\
RXToolBar
C:\Program Files\
outlook
Reboot.....................
Post back a new HJT log and the Combo fix.