Having trouble ridding myself of infections.

If you have not disconnected yet. Hang in there and I will be posting something for you soon.

 

Did you install Kazaa All-In-One?
Nothing from Kazaa should be trusted. I suggest you uninstall this via Add/Remove programs.

You have a Wareout infection!

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [dmwwg.exe] D:\WINDOWS\system32\dmwwg.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D4E75C9-2C27-4156-A2A5-6C5B6B0DBCE8}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E0A3B16-5D39-4F99-B897-A45F83A9DB8B}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DBD7E1-08FB-4E11-939F-122CB005056E}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DBEEFD1-02D3-4298-995D-73A2DB8BE580}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7474A70-C9DF-47A4-BC6D-143C0216E3DA}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D4E75C9-2C27-4156-A2A5-6C5B6B0DBCE8}: NameServer = 85.255.116.130,85.255.112.215

After clicking Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
D:\WINDOWS\system32\dmwwg.exe
D:\Program Files\PartyPoker.net <--- delete the whole folder if found

C:\Program Files\UnSpyPC <--- delete the whole folder if found

Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

There could be additional cleanup to do from Wareout and it the log will let us know.

Also attach a new HijackThis log.

 

Why is msconfig being used:
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Follow the directions ib the link referenced in step 7 of the READ ME and use Normal Startup. Then reboot into safe mode and delete:

D:\WINDOWS\SYSTEM32\DMHIW.EXE
D:\WINDOWS\system32\dmtiv.exe

Fix this line using HJT while in safe mode:
O4 - HKLM\..\Run: [dmtiv.exe] D:\WINDOWS\system32\dmtiv.exe

Then reboot in normal mode and attach a new HJT. You may need to run fixwareout again as some items may still be hanging on.

I guess you do not want to uninstall Kazaa and enjoy malware infections.

 

Please post a HJT log from normal boot mode.

 

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf safely.