Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer "got Me Real Good, Partner"


  • Please log in to reply
3 replies to this topic

#1 geobum

geobum

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 15 December 2005 - 12:44 AM

hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 12:32:00 AM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1125067487\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125067487\ee\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\DOCUME~1\ALISAO~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.msu.edu:8080
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125067487\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


what do i need to "check" ?

thanks!

paul

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2005 - 07:50 PM

Hi geobum and Welcome to the Bleeping Computer!


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.


#3 geobum

geobum
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 19 December 2005 - 05:04 PM

Thanks for helping cretemonster, here is the spy sweeper session log:

********
4:18 PM: | Start of Session, Monday, December 19, 2005 |
4:18 PM: Spy Sweeper started
4:18 PM: Sweep initiated using definitions version 587
4:18 PM: Starting Memory Sweep
4:24 PM: Memory Sweep Complete, Elapsed Time: 00:05:20
4:24 PM: Starting Registry Sweep
4:24 PM: Found Adware: hotconnect dialer
4:24 PM: HKU\S-1-5-21-539805746-163313775-353421278-1006\software\montorgueil\ (18 subtraces) (ID = 879699)
4:24 PM: Registry Sweep Complete, Elapsed Time:00:00:20
4:24 PM: Starting Cookie Sweep
4:24 PM: Found Spy Cookie: 2o7.net cookie
4:24 PM: alisa orrin@2o7[1].txt (ID = 1957)
4:24 PM: Found Spy Cookie: yieldmanager cookie
4:24 PM: alisa orrin@ad.yieldmanager[1].txt (ID = 3751)
4:24 PM: Found Spy Cookie: adknowledge cookie
4:24 PM: alisa orrin@adknowledge[2].txt (ID = 2072)
4:24 PM: Found Spy Cookie: specificclick.com cookie
4:24 PM: alisa orrin@adopt.specificclick[2].txt (ID = 3400)
4:24 PM: Found Spy Cookie: adrevolver cookie
4:24 PM: alisa orrin@adrevolver[2].txt (ID = 2088)
4:24 PM: alisa orrin@adrevolver[3].txt (ID = 2088)
4:24 PM: Found Spy Cookie: pointroll cookie
4:24 PM: alisa orrin@ads.pointroll[1].txt (ID = 3148)
4:24 PM: Found Spy Cookie: adserver cookie
4:24 PM: alisa orrin@adserver[1].txt (ID = 2141)
4:24 PM: Found Spy Cookie: advertising cookie
4:24 PM: alisa orrin@advertising[1].txt (ID = 2175)
4:24 PM: Found Spy Cookie: atwola cookie
4:24 PM: alisa orrin@ar.atwola[1].txt (ID = 2256)
4:24 PM: Found Spy Cookie: ask cookie
4:24 PM: alisa orrin@ask[1].txt (ID = 2245)
4:24 PM: Found Spy Cookie: atlas dmt cookie
4:24 PM: alisa orrin@atdmt[2].txt (ID = 2253)
4:24 PM: Found Spy Cookie: belnk cookie
4:24 PM: alisa orrin@ath.belnk[2].txt (ID = 2293)
4:24 PM: alisa orrin@atwola[1].txt (ID = 2255)
4:24 PM: Found Spy Cookie: azjmp cookie
4:24 PM: alisa orrin@azjmp[1].txt (ID = 2270)
4:24 PM: Found Spy Cookie: banner cookie
4:24 PM: alisa orrin@banner[1].txt (ID = 2276)
4:24 PM: alisa orrin@belnk[1].txt (ID = 2292)
4:24 PM: Found Spy Cookie: burstnet cookie
4:24 PM: alisa orrin@burstnet[2].txt (ID = 2336)
4:24 PM: Found Spy Cookie: casalemedia cookie
4:24 PM: alisa orrin@casalemedia[1].txt (ID = 2354)
4:24 PM: Found Spy Cookie: centrport net cookie
4:24 PM: alisa orrin@centrport[1].txt (ID = 2374)
4:24 PM: alisa orrin@dist.belnk[2].txt (ID = 2293)
4:24 PM: Found Spy Cookie: ru4 cookie
4:24 PM: alisa orrin@edge.ru4[1].txt (ID = 3269)
4:24 PM: Found Spy Cookie: fastclick cookie
4:24 PM: alisa orrin@fastclick[2].txt (ID = 2651)
4:24 PM: Found Spy Cookie: nextag cookie
4:24 PM: alisa orrin@nextag[2].txt (ID = 5014)
4:24 PM: Found Spy Cookie: questionmarket cookie
4:24 PM: alisa orrin@questionmarket[1].txt (ID = 3217)
4:24 PM: Found Spy Cookie: realmedia cookie
4:24 PM: alisa orrin@realmedia[1].txt (ID = 3235)
4:24 PM: Found Spy Cookie: server.iad.liveperson cookie
4:24 PM: alisa orrin@server.iad.liveperson[1].txt (ID = 3341)
4:24 PM: Found Spy Cookie: statcounter cookie
4:24 PM: alisa orrin@statcounter[1].txt (ID = 3447)
4:24 PM: Found Spy Cookie: reliablestats cookie
4:24 PM: alisa orrin@stats1.reliablestats[1].txt (ID = 3254)
4:24 PM: Found Spy Cookie: tradedoubler cookie
4:24 PM: alisa orrin@tradedoubler[2].txt (ID = 3575)
4:24 PM: Found Spy Cookie: trafficmp cookie
4:24 PM: alisa orrin@trafficmp[1].txt (ID = 3581)
4:24 PM: Found Spy Cookie: tribalfusion cookie
4:24 PM: alisa orrin@tribalfusion[1].txt (ID = 3589)
4:24 PM: Found Spy Cookie: coremetrics cookie
4:24 PM: alisa orrin@twci.coremetrics[1].txt (ID = 2472)
4:24 PM: Found Spy Cookie: burstbeacon cookie
4:24 PM: alisa orrin@www.burstbeacon[1].txt (ID = 2335)
4:24 PM: alisa orrin@z1.adserver[1].txt (ID = 2142)
4:24 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:24 PM: Starting File Sweep
4:24 PM: c:\program files\montorgueil (4 subtraces) (ID = -2147480502)
4:27 PM: Found Trojan Horse: trojan-downloader-conhook
4:27 PM: yabaw.dll (ID = 164156)
4:44 PM: oversexe_grosseins.ico (ID = 71911)
4:48 PM: File Sweep Complete, Elapsed Time: 00:23:35
4:48 PM: Full Sweep has completed. Elapsed time 00:29:23
4:48 PM: Traces Found: 61
5:00 PM: Removal process initiated
5:01 PM: Quarantining All Traces: trojan-downloader-conhook
5:01 PM: Quarantining All Traces: hotconnect dialer
5:01 PM: Quarantining All Traces: 2o7.net cookie
5:01 PM: Quarantining All Traces: adknowledge cookie
5:01 PM: Quarantining All Traces: adrevolver cookie
5:01 PM: Quarantining All Traces: adserver cookie
5:01 PM: Quarantining All Traces: advertising cookie
5:01 PM: Quarantining All Traces: ask cookie
5:01 PM: Quarantining All Traces: atlas dmt cookie
5:01 PM: Quarantining All Traces: atwola cookie
5:01 PM: Quarantining All Traces: azjmp cookie
5:01 PM: Quarantining All Traces: banner cookie
5:01 PM: Quarantining All Traces: belnk cookie
5:01 PM: Quarantining All Traces: burstbeacon cookie
5:01 PM: Quarantining All Traces: burstnet cookie
5:01 PM: Quarantining All Traces: casalemedia cookie
5:01 PM: Quarantining All Traces: centrport net cookie
5:01 PM: Quarantining All Traces: coremetrics cookie
5:01 PM: Quarantining All Traces: fastclick cookie
5:01 PM: Quarantining All Traces: nextag cookie
5:01 PM: Quarantining All Traces: pointroll cookie
5:01 PM: Quarantining All Traces: questionmarket cookie
5:01 PM: Quarantining All Traces: realmedia cookie
5:01 PM: Quarantining All Traces: reliablestats cookie
5:01 PM: Quarantining All Traces: ru4 cookie
5:01 PM: Quarantining All Traces: server.iad.liveperson cookie
5:01 PM: Quarantining All Traces: specificclick.com cookie
5:01 PM: Quarantining All Traces: statcounter cookie
5:01 PM: Quarantining All Traces: tradedoubler cookie
5:01 PM: Quarantining All Traces: trafficmp cookie
5:01 PM: Quarantining All Traces: tribalfusion cookie
5:01 PM: Quarantining All Traces: yieldmanager cookie
5:01 PM: Removal process completed. Elapsed time 00:00:09
********
4:16 PM: | Start of Session, Monday, December 19, 2005 |
4:16 PM: Spy Sweeper started
4:17 PM: Your spyware definitions have been updated.
4:18 PM: | End of Session, Monday, December 19, 2005 |

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2005 - 03:37 AM

Allright,Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users