grabbing a razor and running a warm bath

I have followed all the instructions, to a T, and still have that lovely OuterInfo problem, and have also discovered that despite 8 or so different scans from different products, I also have Trojan.Agent.DD that I can't remove and can't find any other advice on!

Please help.
~Lisa.

Attached are the last two scan results that are supposed to be uploaded.
Thanks.

 

I also need a current HJT log from normal mode.

 

Here's the logfile from hiJack this from normal mode.

Thanks for the speedy reply.
~Lisa

 

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:

• Click START > My Computer > Local Disc C: > Program Files
• Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:

• Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
• (C:\Program Files\HJT) and click Next.

After you have completed the above steps to relocate HJT, run it from the new location. Please save your HJT log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

Whoops- so sorry it wasn't a txt file the first time. By the way, with that exception, I've completed all the steps from the site you referenced properly, to no avail!

Thanks a lot.
~Lisa

 

Please look in Add/Remove Programs for the following and uninstall them if found:

WeatherBug

Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:


wtta.exe

nslookup.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: (no name) - {62239304-04EF-6548-EAEE-5130F0AAD099} - blank (file missing)
R3 - URLSearchHook: (no name) - {EC7D75C6-B67E-87D1-2894-B39EFA380494} - blank (file missing)
R3 - URLSearchHook: (no name) - {B82E7BC5-E22D-80D1-2C94-B39EFA3854C4} - C:\WINDOWS\system32\dfudlgqe.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {B82E7BC5-E22D-80D1-2C94-B39EFA3854C4} - C:\WINDOWS\system32\dfudlgqe.dll
O2 - BHO: (no name) - {EC7D75C6-B67E-87D1-2894-B39EFA380494} - blank (file missing)

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Bwopdbe] C:\WINDOWS\system32\??sks\nslookup.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\apsi ← Delete this whole folder if it exist!

C:\Program Files\AWS ← Delete this whole folder if it exist!

C:\WINDOWS\system32\??sks ← Manually locate this folder and delete when found. The ?? represents an unprintable character so it will be different than the others!

C:\Program Files\Norton AntiVirus\Quarantine ← Delete everything in this folder!

C:\WINDOWS\system32\dfudlgqe.dll

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

by golly, I think OuterInfo is gone! Thank you!

Only one problem now- something is wrong with my norton Antivirus- it says the repair feature isn't supported and to uninstall then reinstall. Should I? This happens only at startup. Oh, and I also am getting this weird error message with nothing in it- just a red "X", with no other info. But also, this only happens at startup. Bizarre. At least those annoying popups are gone!

Thanks again! please let me know what to do now!
~Lisa

 

Your log looks good, for the other issues I would post those in the sofware forum because I think that requires a reinstall of Norton.

 

Thanks so much!

 

Your Welcome!