Please help me!!!

[WritersBlock89]

So all of a sudden for a couple of weeks now, maybe a month or two, my computer has been blocking some websites. I checked the firewalls and everything and nothing seems to work. All of a sudden I can't log into hotmail, my school site, or even attempt to go to some sites. Is this a virus or something? My computers has made no indication of such.

[bones000sw]

do you have an anti-virus installed?

[Broni]

1. Run free online scan at: http://housecall.trendmicro.com/
The Housecall log is saved to C:\Documents and Settings\UserName\.housecall\log\
Post HouseCall log.

2. Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

SUPERAntiSpyware should be run in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
    * Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

[WritersBlock89]

I'm sorry but I couldn't do the first part for some reason.

[saving space - attachment deleted by admin]

[Broni]

WOW! Amazing amount of crapware. It'll take me a while to sort it out.

[Broni]

Update your Java version: http://www.java.com/en/download/index.jsp
Uninstall ALL older Java versions from Add\Remove in Control Panel.

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

2a. Go Start>Control Panel, double click on Add\Remove, and uninstall anything what contains word Bearshare, MyWebSearch, Weatherbug (it may be listed as AWS Weatherbug), and WinFixer (if present).

3. Put a checkmark next to the following HijackThis entries:

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

- R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

- R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll

- O1 - Hosts: 202.67.220.232 *Blocked Russian URL*

- O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

- O2 - BHO: (no name) - {0a0204f5-57bb-44a2-b547-2478f88d45e5} - C:\WINDOWS\system32\uavkbbko.dll (file missing)

- O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

- O2 - BHO: (no name) - {78f54146-bb29-478f-a40a-0f6c2093a403} - C:\WINDOWS\system32\uavkbbko.dll (file missing)

- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

- O2 - BHO: (no name) - {90b29733-c5ce-4d2a-a2d7-4999d7f57d02} - C:\WINDOWS\system32\uavkbbko.dll (file missing)

- O2 - BHO: (no name) - {a2916ebb-c439-45be-832b-08edfbaf2e14} - C:\WINDOWS\system32\loglug.dll (file missing)

- O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

- O2 - BHO: (no name) - {e8c5a180-e323-4727-afce-7c08a4192f95} - C:\WINDOWS\system32\uavkbbko.dll (file missing)

- O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll

- O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

- O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)

- O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll

- O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

- O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Gin Peterson\Local Settings\Temporary Internet Files\Content.IE5\89Y7W5UN\WinFixer2005ScannerInstall[1].exe"

- O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
   
- O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
(concerning the last two entries: right click on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out.)

- O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS

- O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

- O15 - Trusted Zone: *.doginhispen.com

- O15 - Trusted Zone: *.whataboutadog.com

- O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall. cab

- O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c8.cab

- O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSe tup1.0.0.15.cab

- O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

- O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freeware/cab/installprivacyprotector.cab

- ALL O20 entries

4. Click on "Fix checked" button.

5. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.   
   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

6. Restart in Normal Mode.

7. Turn System Restore on.

8. Run HijackThis again, and post back its log back here.

[WritersBlock89]

Alrighty....

I don't even know if it's a virus that's doing this. I think its maybe a firewall/connection problem.

[saving space - attachment deleted by admin]

[Broni]

It looks MUCH better.
Download, and install a-squared: http://www.emsisoft.com/en/software/free/
Close all open windows.
Start a-squared. Click on Update now button.
Click on Scan now button.
When you're done, restart computer.
Post new HJT log.

[evilfantasy]

With Bronis approval you will also need to do some extra steps to restore your files that have been moved by the whataboutdog virus.


Please download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please attach the Find AWF report in your reply.