malware-virus about blank

There are alot of things we need to do, but lets start with this:


Download Pocket KillBox Save it to your desktop or a place easy to find.
Do not run it yet.


Re-Run Counterspy and have it remove/quarantine all items.


spywaresheriffremoval


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

Once you have completed this fix attach:
HJT log
ShowNew
GetRun

Let me know how things are running.

 

Copy the bold text below to notepad. Save it as fix.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Use Pocket KillBox to delete the following:

Is this your Internet home page = http://earthswellness.unfranchise.com/?

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now attach new logs for:

* GetRunKey - please download the current version first!
* ShowNew
* HJT

Be sure to tell us how things are running.

 

Your logs are looking clean.

I would suggest that you uninstall IE7 (it will revert back to IE6) and see if that helps. If you wish to keep IE7, you may want to peruse the software section or post a thread there for IE7 fixes.

You may uninstall any software that we had you download for the analysis.

Then run CCleaner.

A google search for mfplat.dll will get you the download for that .dll. You could first try renaming it to mfplatold.dll and restart the computer. It should reinstall the correct one.

Be sure to read this thread: How to Protect yourself from Malware.

 

Tell it to remove/quarantine whatever it finds .....this may be coming in thru the Wildtangent or the WeatherBug programs...post the log please.

 

I'm not seeing any problems in your logs.

(If you are running IE7 ...you may wish to uninstall and revert to IE6..just my opinion!)

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
and Cookies.

You may uninstall any programs that we asked you to install for the analysis.

Re-run CCleaner to finish up.

Turn of system restore, restart and re-enable it.

Tell me how things are running.

 

I think I forgot to ask you to delete this file:
C:\WINDOWS\system32\lnwin.exe

Then do the above.

If you have any problems, let me know.