[evilfantasy]

The log looks clean.

How is the computer acting now.

[evilfantasy]

I missed something.

Open HijackThis and select "Do a system scan only"
Place a check mark next to these entries
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local>
Close all windows except HijackThis and then click "Fix checked"

===============

Reset Web Settings & Default Security Settings

Note for IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.thecomputerforums.co.uk. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.thecomputerforums.co.uk. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

===============

Now tell me how things are working.

[gizmo]

it looked great until it got to about 95% doing a bitdefender scan and then it found it again, c:/windows/dbhelp.dll infected with Generic.PWS.WoW.972F1F54. it says disinfection failed and that it has been moved, thats what it used to say and still is the same, any ideas? the computer doesent act differently but does seam alot slower than before bitdefender started finding it

[evilfantasy]

Go to www.virustotal.com

Click browse
Locate c:/windows/dbhelp.dll
Click send file and wait for the results.

This will run it through 32 different virus scanners and then give results. Let me know what it comes up with.

[gizmo]

i cant find c:/windows/dbhelp.dll, im sure im doing it right, go into c: then windows but i cant find dbhelp,i can find help and go into that but dbhelp isnt in there, is there an easier way to find it or not?

[evilfantasy]

You may need to do this first.

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Then see if you can locate it. If not let me know and we will go to something else.

[gizmo]

i just found dbghelp.dll in one of the bitdefender files and it didnt pick anything up for that

[gizmo]

kk, ignore the post above of mine,il look for the file now,by the way thanks alot for helping me out

[gizmo]

sorry but i still cant find it, any ideas, i'll carry on looking

[evilfantasy]

Here is what we are dealing with.

Quote:

PWS-WoW is a Password Stealer which attempts to steal login credentials for the World of Warcraft game and sends it to the trojan author.
As it is trivial for the malware author to modify the Password Stealer to transmit data to a different website or web address.

You have to be careful of the sites you visit and the links/banners you click.

I am concerned it may be a false positive.
Go to This Link

This is a 15 day trial but it has full removal functions during the trial. Have it remove anything it finds.

Tell me how it went.

Then post a fresh HijackThis log.