Temperror32.dat and Ebates keys help

So I runned Ad-Aware a couple of days ago and found out that I had Ebates reg-key. I tried to delete it but it kept coming back, later I found out with Norton scanner that I had tempError32.dat.

Couldnt delete it. I was running Hijackthis but I there are many stuff I dont know which one to delete, so I ask for your help thx in advanced.

Edit by bjgarrick: Unrequested, Inline HJT log removed!

I already did the sticky thread guide I didnt work for this one specifically.
Umm any info you might need just ask me.

 

There are no signs of the online scans listed in the READ ME. So lets start by running the below online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan
Panda Online Scan

After you have completed the online scans above, reboot and post a fresh HJT log as an attachment to your post.

 

OK Well I jjust woke up after scaning for 8 hours, it was 11 am when I started. here is my log


Edit by chaslang: Inline log removed

 

oops It was supposed to be an attachment..

 

-Please download Ewido Security Suite

- Install and get any updates!
- Run a full scan on Local Disk C:\
- Remove ALL found infections

After you complete the above, post a fresh HJT log along with the log from the scan above.

 

OK here they are but I just checked the C:\Windows\system32 folder and its still there --;


NOTE: Im sorry for taking so long I had my connection cut off.

 

First, disable Spybot's TeaTimer so it will not block anything we try and fix.

Also, be sure you close ALL browsers while running HJT and any other fixes!


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 170.222.120.200:8000
(Keep this one if you need it)

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyzx32.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

You must get the updates for Ewido, it will remove all of the elite files. It doesnt appear you have the updates. After you get the updates do another scan and attach the log.

 

So I did everything you told me.

Disabled Tea-Timer, all browsers, all fixers like Ewido, Norton, and spywareBlaster. After that I runned HJT and deleted what you told me even the proxy. So after that I runned CCleaner, then I runned HJT again and saved the loglife, but it appears the Eliteyzx is still there and I dont know what else to do.

NOTE: I have the latest updates for Ewido and it only detects the Eliteyzx no more than that. The only problem I have is that when I close messenger in the Task manager it keeps coming back after a minute or so, maybe Im doing something wrong but that piece of spyware keeps coming back no matter what I use =/

 

Download Pocket KillBox
(Don't run it yet)

Now look in Add/Remove Programs and uninstall Ewido. Also, disable any antivirus and antispyware programs you have running so it will not block any of this fix.


Now scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyzx32.exe

Make sure All Browser Windows are Closed when you Click FIX.


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\windows\system32\eliteyzx32.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

Allow Killbox to reboot your system. After you have rebooted and windows has loaded attach a fresh HJT log.

 

hehehe I just got an update from Ewido and I tried to scan again and got like 5 elite bugs -_-;; so now I think I'm clean I'll post the Log in a couple of minutes.

 

Ok. I just read your post BjGarrick, should I still download Pocket kill box?

Look at the Log from Ewido:

NOTE: I just looked at HJT and it doesnt show me the Eliteyzx anymore


Thanks Garrick for your help!

 

I'm new 2 major geeks but I had the same problem. I'm no computer whiz but I just ran 'search' in safe mode and deleted temperror32. It hasnt come back since. Also ran Spybot and Ad aware to make sure.

 

Yes, procede with my latest fix even if it doesnt show in blue.

After you complete that reboot and attach a fresh HJT log.