[Insaneman1731]

.

[evilfantasy]

There is one that is proving to be very stubborn.

Do you know what this file is?
[FONT=Arial]C:\Documents and Settings\All Users\Application Data\Wait Find Browse New\REAL STUPID.exe

We had combofix remove it but it is back.

Put up a fresh HijackThis log please.
[/FONT]

[Insaneman1731]

No idea what that is.

[evilfantasy]

Press ctrl-alt-delete (all at once) to open Task Manager and select the processes tab.

Look for and end the processes for (if found)
REAL STUPID.exe
Mode wait.exe

==========
Open HijackThis and select "Do a system scan only"
Place a checkmark next to these entries
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Browse new fork rule] C:\Documents and Settings\All Users\Application Data\Wait Find Browse New\REAL STUPID.exe
O4 - HKCU\..\Run: [rule hide] C:\DOCUME~1\JOHNEY~1\APPLIC~1\GLUEPL~1\Mode wait.exe
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab

Close all windows except for HijackThis and select "Fix checked"

=========

Now open My Computer from the desktop and navigate to and delete these folders/files (if found)
C:\Documents and Settings\All Users\Application Data\Wait Find Browse New\REAL STUPID.exe
C:\DOCUME~1\JOHNEY~1\APPLIC~1\GLUEPL~1\Mode wait.exe

==========

Reboot the computer and post a fresh HijackThis log

Tell me how things are now.

[Insaneman1731]

None of those are in the task manager. Ran HiJackThis and deleted those. I tried to delete the Wait Find Browse New folder and it says I can't because its being used by another program.

[evilfantasy]

No worries, we have gotten rid of a ton of crap so far and it is no longer showing up in the HijackThis log. We are into the final steps now.

But it still needs to go!

Download Killbox http://killbox.net/downloads/KillBox.exe

It will install directly to wherever you set it to download, I suggest right on the desktop.

Double click to open Killbox, see that "Standard File Kill" is selected, then click the little folder icon next to "Full Path of File To Delete" and find the offending C:\Documents and Settings\All Users\Application Data\Wait Find Browse New\REAL STUPID.exe
Double click it to select it, then click the red X in Killbox to begin the deletion.

If it tells you it can not delete it then select "Delete on Reboot" and follow the prompts.

If a reboot is needed then check to see that it is actually gone and let me know.

If it is still there we will move to another method.

==========

Go to Start > Run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

==========

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update.

Updating Java:

*Download the latest version of Java Runtime Environment (JRE) 6

*Click the "Free Java Download" button to install.

*Close any programs you may have running - especially your web browser.
*Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
*Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
*The only version to keep is Java (TM) 6 Update 3
*Click the Remove or Change/Remove button.
*Repeat as many times as necessary to remove each of the Java versions.
*Reboot your computer once all Java components are removed.
*Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

==========

Toggle System Restore to clear infected restore points

System Restore
1: Right click on the My Computer icon on your desktop and select properties.
2: Click on the system restore tab.
3: Check the box that says "Turn off system restore on all drives". Click OK.
4: Click Yes when you are prompted to restart the computer
5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.
* No restart will be needed after re-enabling System Restore.

==========

I think you were wanting Winzix for file compression/decompression?

Try ZipGenius It is free and has everything that is needed for in a zip utility. And wont infect your computer!

Or for something more basic see 7-Zip also free and uses the same technology.

Any other free tools you need just come here and ask, we should be able to help you out.

I won't give a speech on torrents, I think you have figured out how dangerous they are.

Keeping Yourself Safe On The Web All the programs in this thread are free to use and are spyware/virus free as well. Also there advice on how to adjust your computers settings to be safer when surfing and downloading.

Let me know how Killbox went, that file absolutely needs to go!

[Insaneman1731]

Thanks man. I will have to see if that fixes it.

[evilfantasy]

Originally Posted by Insaneman1731 Thanks man. I will have to see if that fixes it.

No problem, let me know how the Killbox went.

[Insaneman1731]

Ya I think it worked. Have not had anymore pop ups :).

[evilfantasy]

Did you look and check if C:\Documents and Settings\All Users\Application Data\Wait Find Browse New\REAL STUPID.exe is gone?