Browser sends me to wierd website

i have done all the scans and steps....somethings are gone that were on here but browser still send me to patchyoursystem dot com.....i have attched a log hopefully some one can help me out..

thx in advanced

 

Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report along with a fresh HJT log.

 

for the life of me i couldnt remeber how to do the safe mode so this is all done in normal mode but i was disconected from internet...and both files are attached


thanks

 

yep and i did what i did last time to and i hit every stupid f button and it never went to safe mode i got the bios the drive boot thing and couldnt find the safe boot section again....and i tried for 30 min i hit every f button

ya i know im a moron..and thats why i always ask here..




plus when i followed his directions i scanned it first

After it completes the update, click the Scanner button

before i went and tried to find safe mode again..and it found 114 things then after i couldnt find safe mode i scanned again then saved the log and it found 4... kinda wierd

 

ok booted in safe mode ( f8 ) and have attched the file

 

Attach a current HJT log from normal mode as well.

 

ok you got it

thanks

 

First, please uninstall Ewido as it could block parts of this fix.

Now scan with HijackThis and Check the Boxes for the following:

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\PSGuard <-- Delete the whole folder!

Download Pocket KillBox


Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\msvol.tlb
C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\hp***.tmp


After you have entered the last entry have killbox reboot your system. After you have rebooted and windows has loaded let me know how things are running and if any problems remain.

 

ok i just tried to update the spy bot and i get errors..

i attched a pic of what the errors were

..when i did updates before i had same errors but it at lease let me run the scan and it wont let me run it now...

 

i tried a diffrent mirror and it worked so im scanning now sorry about that

 

ok evrything is done...i can open IE and it sends me to my homepage now..thats all that i knew it was doing besides the popups here and there....

what do you recommend for an anti virus i am using windows xp firewall and just got the windows spyware thing anything else?

thanks

 

Windows firewall is not good enough so check out the thread on How to Protect yourself from malware! for a list of free programs.

 

ok thanks alot bud

 

Your Welcome!

Surf Safely!