???i've Done Everything U Asked??

Messenger Plus! Live...you might consider removing this program (look at your first Counterspy log) as most of your malware was coming in thru it.

Please download FixWareout by LonnyRJones from one of the two below links and save it to your desktop.

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/file...Fixwareout.exe

* Run Fixwareout.
* Click Next,
* then Install,
* make sure Run fixit is checked
* and click Finish.
* The fix will begin; follow the prompts.
* You will be asked to reboot your computer; please do so.
* Your system may take longer than usual to load; this is normal.

When you run fixwareout, just follow the prompts, you will need to restart when prompted.

After rebooting (restart) back into normal boot mode, make sure you have all web browsers closed.

* Go into Control Panel -->Network Connections.
* Right click on your connection
* and click Properties.
* On the Properties page, highlight Internet Protocol(TCP/IP)
* Click Properties. This will bring up another page.
* Select Obtain DNS Server Automatically.
* Click the ok button. The page will close.
* Press ok on the page in front of you.
* Restart the computer.
* Reconnect to the Internet using Internet Explorer.
* Now come back here and attach the log from fixwareout. It is located at c:\fixwareout\report.txt

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = yyy
O17 - HKLM\Software\..\Telephony: DomainName = yyy
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = yyy
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = yyy
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = yyy

After clicking Fix, exit HJT.

Please attach new logs for:
GetRun
ShowNew
HJT

And tell us how things are running.

 

Have you run CCleaner as asked in the Read and Run First instructions?

I need you to attach the three logs that were asked for:
ShowNew
GetRun
HJT

 

Please download and run this: HSRemoval

Follow the directions with the program or:
1. In internet options/advanced, uncheck "Enable third-party browser extensions"
2. Boot in safe mode.
3. Run an updated Add-aware. Use Custom scanning, and check "Scan within archives".All memory and registry options should be checked.
4. Delete all entries in quaratine list.
5. Run hsremove.exe
6. Reboot in normal mode.
7. Run hsremove.exe again.
8. Go to internet options in CP, or right-click ie shortcut. (Don't start ie).
In General, reset homepage to desired URL Like http:\\www.majorgeeks.com.

attach a new
ShowNew
HJT

 

Frankly I think you need to uninstall IE7, but that is up to you. Is this happening with any other browser? Your HJT log shows that you have set your home page to MajorGeeks. You could post in the software section if you are still having problems with IE7.


Do you know what these are and if not delete them?
C:\program files\ebgcInfra
C:\program files\ebgcRes
C:\program files\ebgcSDK

Please run HJT and have it fix these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm G
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843


Now uninstall:
J2SE Runtime Environment 5.0 Update 10
and install:
Java Runtime 6.

Are you having any other malware issue?
If not, we will have you uninstall any downloads used for the ananlysis and then toggle the system restore (IE: turn off system restore, restart the computer, turn system restore back on.)