Kim

The adaware and such programs will probably identify the Yahoo files as a problem. You may have them quarantined which is why your Yahoo games won't work. Get a copy of Spybot and try it (it was the last one I tried and I wish I had used it first since i
t gives valuble info on the files identified by it).

Sorry I wasn't able to get back on here before now. It took me longer to "clean" my brother's computer than I expected. I still am not positive as to the exact "culprit" but I think it may have been a dialer program EGHTML. I would quarantine bad files
and then they would multiply so I think a dialer must have been downloading as I was cleaning.

Anyway, the initial solution by Roger -- uncheck enable 3rd party extensions -- works to let the infected computer's IE work and connect to the net. But it doesn't get rid of the offending items. His IE Homepage was still hijacked to : res://mshp.dll/ind
ex#37049

As a side note, you should disable the "System Restore" before using the antivirus scanners. Not sure about before using Adaware and Spybot. I did it on his computer just to be sure.

Steps I took in disinfecting his computer: (Yeah it was overkill but I wanted to see what these programs did and how they compared):

1. Ran CWShredder program
2. Ran Adaware Program (update before running to latest ref file )
The Smartscan identified 9 processes, 418 Registry Keys, 32 Reg Values, 305 files and 35 folders as possibly "bad".

Everything identified as "Malware" I removed. I also removed some of the dataminers and "objects" I could determine wasn't needed.

3. I rebooted in safe mode and reran Adaware. Had 0 Processes, 65 Reg Keys, 5 Reg Values, 22 files and 4 folders now identified. Many were ok. One I didn't know about was "Promulgate". After he came home, it was deleted also.

4. I restarted in Normal Mode and ran the Free online Virus checker from pandasoftware

5. It identified Trj/Virtumonde.A as being a virus on his machine. Symantec (Norton's antivirus does not identify it as a virus but rather as Adware). I know because I ran his NAV and it didn't identify it so I checked definitions and it lists the file
as adware and your normal NAV doesn't deal with it.

6. I reran Adware (I had not yet removed Virtumonde) and this time I used custom mode and had it scan everything. It now found 66 Reg Keys, 5 Reg Values, 661 files and 16 folders. The most prevalent object was LOP.com malware.

7. I installed and ran Spybot. It identified the Egroup dialer as still being present even though I had sought to remove it using Adaware. Spybot is useful because it has a function to identify exactly what the program is that it suspects is a problem s
o you can decide if it is or isn't.

I removed all files I knew from the defs were not needed.

8. I manually removed the Virtumonde infection

9. Rescanned and his computer was clean.

10. Enabled 3rd party extensions and the computer still had no problems.

Tim