Problems with VX2 cleaner.

Download the VX2 finder, run it and select "click to find abetterinternet". Then select "make log" and copy/paste the log back here as an attachment.

 

It was a double check for VX2 problems. You are clean.

For the 10 VX2 malware objects Ad-aware found, can you give more info (like the filenames and full path information).

Try the below with Ad-aware:

General Button
Safety:
Check (Green) all three.

Advanced Button
Logfile Detail Level:
All options under this should be checked (Green).

Tweak Button
Check (Green) the following:
Log Files
Include basic Ad-Aware settings in logfile:
Include additional Ad-Aware settings in logfile:
Please do not check (Green): Include Module list in logfile:

Click on "Proceed"

3) Click on "Scan Now"

4) Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

5) Run the scanner using the Full Scan (Perform full system scan) mode.
A full scan is the in-depth scan mode that scans your whole computer for Spyware infections. When performing a full scan the following scan settings are used:

- Full Memory Scan is performed
- Registry Scan is performed
- Deep Registry scan is performed
- Cookie-Scan is performed
- Favorites are scanned
- Hosts file is scanned
- Conditional scans are performed
- Archive files are scaned
- All fixed drives are scanned

 

Well first of all, you are already out of date with your Ad-aware version. Please get the current version here: http://www.majorgeeks.com/download506.html and check for any reference file updates.

I need to see a HijackThis log. I see some items in you Ad-aware scan that indicate some manual cleanup may be needed. So get the current HijackThis here: http://majorgeeks.com/download3155.html
and post its log as an attachment (shut down all unnecessary applications especially Internet Explorer before running HijackThis).

 

That's why we constantly tell users "check for updates first". Too many people ignore this and wind up running with older versions. Updates can be hours apart sometimes. It never hurts to check first.

I'm looking at you HJT log now.

 

Any idea who this file belongs too:
C:\WINDOWS\System32\bgbwlckd.exe

It is a running process. Can you right click on it and get Properties and Version/Company info?

 

If you do not know what the C:\WINDOWS\System32\bgbwlckd.exe process is, bring up Task Manager (click CTRL-ALT-DEL) and select processes. Locate the bgbwlckd.exe process and End it.

Run HijackThis and put checks on the following items (but DO NOT click fix yet):
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O4 - HKLM\..\Run: [tdwscdd] C:\WINDOWS\System32\bgbwlckd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab

Also if you did not know what C:\WINDOWS\System32\bgbwlckd.exe was for,
check the following line for HJT to fix too:
O4 - HKLM\..\Run: [tdwscdd] C:\WINDOWS\System32\bgbwlckd.exe


After putting checks on each of the above, shut down all applications
especially browsers (like Internet Explorer) then click FIX on HJT.

Reboot in safe mode:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Enable viewing of hidden files and folders and system files:
http://forums.majorgeeks.com/showthread.php?t=37650


Now use Windows Explorer to locate and delete:

C:\Documents and Settings\Administratör\Lokala inställningar\Temp\THI6C4.tmp\preInsTT.exe
C:\Documents and Settings\Administratör\Lokala inställningar\Temp\THI6C4.tmp\twaintec.cab
C:\Documents and Settings\Administratör\Lokala inställningar\Temp\twaintec.ini
C:\Documents and Settings\Administratör\Lokala inställningar\Temp\twtini.cab
C:\WINDOWS\preInsTT.exe
C:\WINDOWS\twaintec.dll
C:\WINDOWS\twaintec.ini

Also find this file
C:\WINDOWS\System32\bgbwlckd.exe
and rename it to:
C:\WINDOWS\System32\bgbwlckd.bad

(Since we do not know what it is yet, let's not delete it yet. Renaming it just makes it impossible to run it.)

Now reboot in normal mode and run your scans.

 

I forgot something. Before running HijackThis we should have done this:

Type, or copy and paste, the following text:
regsvr32 /u C:\WINDOWS\twaintec.dll
then click OK. If a dialog box confirming this action appears, click OK

 

Sorry! I left out a line. Here is the all the info:

Click Start, Run, and in the Open dialog box,
type, or copy and paste, the following text:
regsvr32 /u C:\WINDOWS\twaintec.dll
then click OK. If a dialog box confirming this action appears, click OK


Where did you go since the last log to get alchem.exe?
Yes, have HijackThis fix that line too and then boot to safe mode and delete the file.
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

Are you sure there were no new O2 BHO lines that came with alchem.exe?

When finished, post a new HJT attachment.

 

Looks good now and your welcome!