More fabulous help, please...

HI Bronco Bill

Do please attach the other logs you have as well, in the Getrunkeys and ShowNew as they also help diagnose the malware on your PC.

 

You are using old copies of ShowNew and GetRunKey. Please download and use the current versions of the programs. We only need the logs requested. The other files (like rkeysxxx.txt) are temp files that go away after the program completes.

You must always refer to the online version of the READ ME. Running from stored local copy like you must have done will only cause problems in that you will not be following our current procedure and you will probably not have the correct versions of programs.

 

I repeat! You are using old versions of the programs! You MUST download the current versions from the links in the READ ME. Download both GetRunKey.zip and ShowNew.zip and attach new logs from both of them. 9/8 is ten days ago.

 

You do not really have to many problems!
Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure viewing of hidden files is enabled (per the tutorial).
Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab

After clicking Fix, exit HJT.
Additional steps to delete files in the Downloaded Program Files folder :
- Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s SAIX.dll
del SAIX.dll
attrib -r -h -s UDC6_0001_D18M1108NetInstaller.exe
del UDC6_0001_D18M1108NetInstaller.exe
exit

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and attach new logs from HJT and GetRunKey.

Make sure you tell me how things are working now.

 

That's good, but those two registry keys are still present. Did you add the fixWLK.reg registry patch as requested. Did you get a success message? Both of those are still present in your log from GetRunKey.

 

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware