cws_hputi

Welcome to MG's CommonLawWife!

You should attempt to follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

If still having a problem after the above, you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log file as an attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Make sure you have HJT version 1.98.2 and follow the guidelines on where to install it and how to post a log as an attachment.

 

You're too slow Turkey Boy!

 

Are you sure you ran CWShredder too?
Please start by using Add/Remove programs to uninstall WeatherBug.

Also do not have any browsers running when using HJT. You had two IE sessions running.

 

Assuming WeatherBug uninstalled continue with the below.
Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\O0ZBB1~1.DLL
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O20 - AppInit_DLLs: lkzf1v5295i6.dll

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\O0ZBB1~1.DLL
C:\WINDOWS\System32\lkzf1v5295i6.dll


Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Okay but it does put adware/spyware onto PCs. The paid version may not do that.

Did you see my other message below?

You may want to skip the below line if you are keepin WeatherBug:
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/min...Transporter.cab?

 

By the way, you did not run all the steps in the READ ME FIRST. There are no signs of the onlines scans being run.

 

Did you exit all browsers before trying to delete those files? Also O0ZBB1~1.DLL is a shortened file name. Look for something similar but longer.

Please run About:Buster, it may take care of the AppInit_DLL.. Note, it will change your home page to www.google.com when finished though.

 

Our directions need to be followed in the order given. A log should not have been posted until the whole READ ME had been run.

 

It's not being snippy! We just expect that when someone tells us they followed the procedure that they actually did.

What do you mean the "only application running was the system32 folder"? I think you mean you had Windows Explorer running with the system32 folder open?


1) go here and download Registrar lite and install it: http://www.majorgeeks.com/download469.html
2) Run it, copy and paste this line to reglite's address bar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
3) Click the "go" tab
4) Find: "AppInit_Dlls" value on the right side panel.
5) Rename the Folder Windows to NotWindows highlighted as a light blue (some people call it light purple) folder in the left hand pane of reglite.
6) Double Click "AppInit_DLLs" again and clear the data value:
C:\WINDOWS\System32\lkzf1v5295i6.dll < delete this line , 'Apply' and 'ok' to set.
7) Rename the NotWindows folder back to its original name Windows
This should make the file visible.
8) Now use Windows Explorer to delete C:\WINDOWS\System32\lkzf1v5295i6.dll
If you cannot delete it, try the above again from safe mode.

Please post a new HJT log after this.

 

If the steps in my previous message do not help you delete that file, try this:

Download KillBox from: http://download.broadbandmedic.com/
Run the program and in the box type in C:\WINDOWS\System32\lkzf1v5295i6.dll
Hit delete. If that doesnt work... Tick the box delete on reboot.
Then let it run on reboot.

 

You're welcome but perhaps you should post one last log so we can double check.