JRAUN

How do I get rid of this stupid thing

 

But there is some more to do.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [version] C:\WINNT\system32\version.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [emsw.exe] C:\WINNT\emsw.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINNT\system32\Keyhost.exe
O4 - HKLM\..\Run: [bowsdumb] C:\PROGRA~1\FOURBL~1\driveremote.exe

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\mbowma\HXIUL.EXE
O4 - HKCU\..\Run: [emsw.exe] C:\WINNT\emsw.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\mbowma\Client\HelpExp.exe

O4 - Startup: PowerReg Scheduler V3.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/271a4d971cd6a903f406/netzip/RdxIE.cab
O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://pvcssql/trackdoc/trkpm660ie.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23cc0bc195d4b81bc819/netzip/RdxIE601.cab

Then reboot and delete:
C:\Program Files\AutoUpdate <= entire folder
C:\WINNT\emsw.exe
C:\Program Files\Alset\HelpExpress <= entire folder

Then follow the instructions in the previous post from here:

Regards,

Pieter

 

Looks like that did the trick.
Thanks Guys !!!!!!!

BTW is there any settings I can change to keep this from happening again?

 

Good job mykes5,

You will find some excellent tips on how to prevent future infections here: http://boards.cexx.org/viewtopic.php?t=957

Regards,

Pieter