Spyware Troubles

I'm at my girlfriends house and was cleaning up their computer because they were doin norton scans and a few things were coming up but when they tried to remove them the wouldn't. So natrually I followed your "how to remove spyware" post and did everything except download hijackthis. I removed all files then when i restarted they were still there. So i did a safe mode restart and had to manually remove NewDotNet files, some file called nd_unistal83 or somehting, osmim.dll and a reg key called netsetter. When I restarted into normal mode and did an spybot search and destroy scan the netsetter came up again. I forget the exact regedit key i think it was in users:software and now I can't get onto the internet or remove that file. So I can't download any programs or anything to figure out what this problem is. If someone could help me that would be great. Luckily I had brought my laptop so I can post this. Thanks in advance and sorry for the lengthy post.
Soupdogg

 

• Download HijackThis 1.99.1 and put it on the computer with the problem!

• Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

• Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

• Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

• Run HijackThis and save your log file.

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

• Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

As a side note ccap.exe fails on start up and also computer wont shut down a blinking line in top right of screen is all that appears but I have the hijack this log attached thanks

 

The file ccap.exe is a process belonging to the Symantec AntiVirus Internet Security suite.

For the above entry you will need to Boot into Safe Mode. Run Spybot S&D, but before you run Spybot, go into Advanced Mode and uncheck ALL of the ignored items. Then run a full scan! This will remove this and you should then be able to access the internet.

Next:

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you see it, try to END it:

RK.EXE

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yah oo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yah oo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yah oo.com

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [OSS] c:\windows\system\rk.exe -boot
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\NewDotNet ←–– Delete this whole folder if it exist!

C:\WINDOWS\SYSTEM\RK.EXE

NEXT:
Run CCleaner


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Everything seems to be working ok heres my log.
thanks a lot
i'll let you know if any more problems come up

 

Log is clean my friend

Are you having any further problems?

 

get yourself Spyware Blaster ! =]

 

soupdogg,

If your not having any further problems then I would recommend your checking out the article below!

You should see this article on How to Protect yourself from malware!

 

no more problems thus far, thanks guys

 

Your Welcome!

Probably would be a good idea to go on and take a peek at the article below.

How to Protect yourself from malware!

Browse Safely!