Help Requested

First you need to empty your .housecall\Quarantine folder as indicated in step 0 of the READ ME.

Then you need to empty all the below stuff from your Deleted Items Mailbox:
Mailbox - Wayne Vaughan\Deleted Items\Undeliverable:Hello\Hello\file.zip[file.htm
Mailbox - Wayne Vaughan\Deleted Items\Undeliverable:lwqyunsoryqaz\lwqyunsoryqaz\message.zip[message.exe]
Mailbox - Wayne Vaughan\Deleted Items\Undeliverable:Server Report\Server Report\body.zip[body.doc .pif]

You have a Wareout infection!

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://xmpie.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://support.persits.com/xupload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B6FE7D-9714-48D1-AFB5-1E97F1C53E7C}: NameServer = 85.255.116.123,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{E628F36D-B3F1-4F0E-8F7A-76CB711016A0}: NameServer = 85.255.116.123,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{43B6FE7D-9714-48D1-AFB5-1E97F1C53E7C}: NameServer = 85.255.116.123,85.255.112.89

After clicking Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
C:\WINDOWS\SYSTEM32\dating.bmp
C:\Program Files\UnSpyPC <--- delete the whole folder if found

Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

There could be additional cleanup to do from Wareout and it the log will let us know.

Also attach a new HijackThis log.

 

Those lines should not be in your log! They are from the malware that causes the WareOut infection.

Look who those IP addresses belong too:

First download HOSTER we will use it later!

Is Inhoster your ISP and are you in the Ukraine? I don't think so!

They need to be removed! And you now need to run the Wareout fix again. You also need to delete the below file that the tool found last time:

C:\WINDOWS\System32\CSDLB.EXE

After fixing the lines and deleting the file, Reboot and get a HijackThis log even if you cannot connect to the internet and save it.

Then click Start, Run, and enter ipconfig /flushdns and click OK! There is a space between the ipconfig and the /

Now run Hoster and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

Let me know if you still have problems connecting to the internet. Tell me exactly what happens.

 

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!