I think we're clean (winfixer) - would you check?

If you were having Winfixer (really a Virtumundo B problem) you are probably still infected.

If you have run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal then continue with the below steps. Otherwise complete ALL the sticky thread steps first.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

You are still infected. I will work up a fix for you. But answer a question. The below O10 line indicates a problem with your Pure Networks Home Network Software. Do you use this sotware and are you seeing any problems with it.

O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing

See if the following file exists: c:\windows\system32\connwsp.dll.

 

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.

Please print these instructions out for use in Safe Mode with no networking and DO NOT RUN any browsers while doing these steps.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at. Iit should look like this

• At this point press enter one time.
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\System32\pmkhh.dll​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\System32\hhkmp.* ​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\pmkhh.dll
O4 - HKLM\..\Run: [NI.UWFX5RS_0001_0808] "C:\WINDOWS\Downloaded Program Files\UWFX5RS_0001_0808NetInstaller.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll

• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
• Now please attach a new HJT log from normal mode.

 

Okay! The below will be necessary too.

Download LSP - Fix

Run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the connwsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move connwsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
If it is already in the Remove section, just click Finish.

However if this does not give you internet access, you may need to reinstall the software you are using for your home network.

 

Just run LSP-fix and let's see what happens.

What's for dinner?

 

Cheeseburgers are okay! But tatertots! Not!!!

Did you try LSP-fix?

 

But is that we have been working on running okay! Your HJT log is clean!

French Fries are much better. IMO!

 

I'm not sure what your issue with AOL is. I don't use it! If you use AOL you are stuck with all the stupid stuff they do!

When you say you search the internet, what do you mean? Whose browser are you running? Are you connected to AOL at this time? What are you typing in the the address bar? Or are you clicking on some search icon?

All system restore points are gone. They could not be trusted to be clean. That is what step 1 of the READ ME FIRST has you disable system restore. Otherwise bad stuff could get revived out of system restore. When you re-enable system restore, new restore points will start being created again.

 

I never sleep!

Enable system restore but there is no need to change the hidden files and folders settings. That would only make it easier for baddies to hide from you again.

Your still not being specific. What browser do you use when you connect thru Comcast? Do they have their own browser? What searchbar? Do you mean the Address Bar in Internet Explorer?

French Fries (handcut is great) with Ketchup and salt!