Winfixer,Adware.PurityScan,Adware NetOptimizer [CLOSED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

Winfixer,Adware.PurityScan,Adware NetOptimizer [CLOSED], and AdwareSurfkick on my computer

Options

Tiffany Nicole View Member Profile	Sep 2 2006, 07:25 PM Post #1
New Member Posts: 8 OS: XP	My HiJackThis Log File: Logfile of HijackThis v1.99.1 Scan saved at 9:22:26 PM, on 9/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe C:\windows\system32\tutcdchk2.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LGONUI~1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe C:\Documents and Settings\MysticFire\Local Settings\Temporary Internet Files\Content.IE5\GHI12LM5\HijackThis[1].exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {75BE111C-FF1E-47E6-AFA2-E0E3E5244081} - C:\WINDOWS\system32\yayvvihc.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll O2 - BHO: (no name) - {D40C02A8-BD90-4F12-8F2B-B34DD81D0443} - C:\WINDOWS\system32\yayvvihc.dll O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [navapp] O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\3QCNGRM1\WinFixer2005ScannerInstall[1].exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe O4 - HKLM\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe" O4 - HKLM\..\RunServices: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Zjezqt] C:\WINDOWS\system32\LGONUI~1.EXE O4 - HKCU\..\Run: [findge] C:\WINDOWS\system32\findge.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\MYSTIC~1\APPLIC~1\APPATC~1\spool32.exe" -vt mt O4 - HKCU\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414ADUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .stumbleupon.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136879905843 O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFXScan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: msupdate - C:\WINDOWS\ O20 - Winlogon Notify: vtuts - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\TEMP\D99.tmp (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Service\Software Jukebox v2.0 File.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe My Vundo File* VundoFix V6.1.2 Checking Java version... Java version is 1.4.2.3 Scan started at 8:47:18 PM 9/2/2006 Listing files found while scanning.... C:\WINDOWS\system32\atngbrqx.exe C:\WINDOWS\system32\atqpdrxv.exe C:\WINDOWS\system32\dgnqxqac.exe C:\WINDOWS\system32\dupfgadf.exe C:\WINDOWS\system32\ekcbvnad.exe C:\WINDOWS\system32\gcidxuol.exe C:\WINDOWS\system32\gfnidpin.exe C:\WINDOWS\system32\lenjksix.exe C:\WINDOWS\system32\ouywugtk.exe C:\WINDOWS\system32\oxgqjhvx.exe C:\WINDOWS\system32\paroubth.exe C:\WINDOWS\system32\plxlfchx.exe C:\WINDOWS\system32\rgqqnsxw.exe C:\WINDOWS\system32\rlhbatbj.exe C:\WINDOWS\system32\sleurndx.exe C:\WINDOWS\system32\tgwynpdq.exe C:\WINDOWS\system32\wehbkrdq.exe C:\WINDOWS\system32\xessrbpi.exe C:\WINDOWS\system32\yhmakxrj.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\atngbrqx.exe C:\WINDOWS\system32\atngbrqx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\atqpdrxv.exe C:\WINDOWS\system32\atqpdrxv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\dgnqxqac.exe C:\WINDOWS\system32\dgnqxqac.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\dupfgadf.exe C:\WINDOWS\system32\dupfgadf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ekcbvnad.exe C:\WINDOWS\system32\ekcbvnad.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\gcidxuol.exe C:\WINDOWS\system32\gcidxuol.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\gfnidpin.exe C:\WINDOWS\system32\gfnidpin.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\lenjksix.exe C:\WINDOWS\system32\lenjksix.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ouywugtk.exe C:\WINDOWS\system32\ouywugtk.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\oxgqjhvx.exe C:\WINDOWS\system32\oxgqjhvx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\paroubth.exe C:\WINDOWS\system32\paroubth.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\plxlfchx.exe C:\WINDOWS\system32\plxlfchx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rgqqnsxw.exe C:\WINDOWS\system32\rgqqnsxw.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rlhbatbj.exe C:\WINDOWS\system32\rlhbatbj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\sleurndx.exe C:\WINDOWS\system32\sleurndx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\tgwynpdq.exe C:\WINDOWS\system32\tgwynpdq.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\wehbkrdq.exe C:\WINDOWS\system32\wehbkrdq.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\xessrbpi.exe C:\WINDOWS\system32\xessrbpi.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\yhmakxrj.exe C:\WINDOWS\system32\yhmakxrj.exe Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.2 Checking Java version... Java version is 1.4.2.3 Scan started at 8:58:12 PM 9/2/2006 Listing files found while scanning.... No infected files were found. This post has been edited by Tiffany Nicole: Sep 3 2006, 12:28 PM

Tiffany Nicole View Member Profile	Sep 21 2006, 09:16 AM Post #2
New Member Posts: 8 OS: XP	I know Im not suppose to reply to this but I see other people who have made topics after me and getting replies so.. can anyone help a sista out?

Crustyoldbloke View Member Profile	Sep 21 2006, 02:10 PM Post #3
Malware Surgeon Posts: 15,099 From: Worcestershire, England OS: Windows XP Professional SP2	Hello Tiffany and welcome to Geeks to Go Firstly may I offer my apologies for your extensive wait. It�s a fact that some posts do get missed, but you can post in the Waiting Room after 3 days and that ensures you get a reply shortly afterwards. As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible. Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC�s (family PC�s) present a different problem; please tell me if your PC has more than one individual�s setting, but continue with the fix. Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.) You have quite a mixture of malware and Trojans; in fact I haven�t seen one as bad in a while. Let�s see what we can do. May I ask a question? Does the spelling of the word Sista have a significance? I note that you are running HijackThis from Temporary Internet Folder; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the programme into it. It is very important you do this before anything else since backup files can be deleted if they are not within their own folder! Click My Computer, then C:\ and then Program Files. In the menu bar, go to File>New>Folder. That will create a folder named New Folder, which you can right-click on and rename to HJT or HijackThis. Now you have C:\Program Files\HijackThis. Cut �n� Paste your HijackThis.exe into it. Look in your Control Panel�s Add/Remove Programs for: PuritySCAN By OIN, OuterInfo, OIN or similar Yazzle by Oin Snowballwars by Oin Cowabanga by OIN or anything similar with Oin in it. WinAntiVirus Pro 2006 MyWebSearch VSToolbar , click on it and click remove. Reboot and delete this folder if found: C:\Program Files\PurityScan\ If it is not listed, download and run this uninstaller: outerinfo.com/OiUninstaller.exe Tutorial for the uninstaller if needed Please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop: Killbox by Option^Explicit CCleaner Ewido Anti Spyware combofix.exe Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards Go to Start > Run and type or copy & paste this into the Run box: sc delete FWSvc Hit ENTER Please install, and update Ewido anti-spyware Load Ewido and then click the Update tab at the top. Under Manual Update click Start update. After the update finishes (the status bar at the bottom will display "Update successful") Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Deselect "Only if threats were found" Close Ewido. Do not run it yet. Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: Safe Mode In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient. Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop). Please ensure you post that log in your reply. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing) O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll O2 - BHO: (no name) - {75BE111C-FF1E-47E6-AFA2-E0E3E5244081} - C:\WINDOWS\system32\yayvvihc.dll O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll O2 - BHO: (no name) - {D40C02A8-BD90-4F12-8F2B-B34DD81D0443} - C:\WINDOWS\system32\yayvvihc.dll O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file) O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll O4 - HKLM\..\Run: [navapp] O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\3QCNGRM1\WinFixer2005ScannerInstall[1].exe" O4 - HKLM\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKLM\..\RunServices: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKCU\..\Run: [Zjezqt] C:\WINDOWS\system32\LGONUI~1.EXE O4 - HKCU\..\Run: [findge] C:\WINDOWS\system32\findge.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\MYSTIC~1\APPLIC~1\APPATC~1\spool32.exe" -vt mt O4 - HKCU\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414ADUS O15 - Trusted Zone: .stumbleupon.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFXScan.cab O20 - Winlogon Notify: vtuts - C:\WINDOWS\ O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\TEMP\D99.tmp (file missing) O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe Now close all windows other than HiJackThis, then click Fix Checked.* Please now reboot into normal mode. Please install Killbox by Option^Explicit. Please double-click Killbox.exe to run it. Select Delete on Reboot then Click on the All Files button. Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\windows\system32\tutcdchk2.exe C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll C:\WINDOWS\system32\yayvvihc.dll C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll C:\Program Files\VSToolbar\VSToolBar.dll C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe C:\WINDOWS\mmups.exe C:\windows\ALCXMNTR.EXE C:\Program Files\WinAntiVirus Pro 2006\winav.exe C:\WINDOWS\system32\LGONUI~1.EXE C:\WINDOWS\system32\findge.exe C:\DOCUME~1\MYSTIC~1\APPLIC~1\APPATC~1\spool32.exe Return to Killbox, go to the File menu, and choose Paste from Clipboard. Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). If your computer does not restart automatically, please restart it manually. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again. There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck Ewido Anti-malware log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues � fix selected issues Double click combofix.exe & follow the prompts. When it has finished, it will produce a log. Please post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Post back a fresh HijackThis log (from normal mode) and I will take another look.

Crustyoldbloke View Member Profile	Oct 1 2006, 02:38 AM Post #4
Malware Surgeon Posts: 15,099 From: Worcestershire, England OS: Windows XP Professional SP2	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Malware Removal - HijackThis� Logs Go Here · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Malware Removal - HijackThis� Logs Go Here I Need help, adware and tojan mey-b? [CLOSED]	8 / 436	13th April 2006 - 04:49 PM Master Z started - last by greyknight17
Malware Removal - HijackThis� Logs Go Here Help! All kinds of adware, spyware has invaded [CLOSED]	4 / 247	15th April 2006 - 09:02 PM jasemike77 started - last by greyknight17
Malware Removal - HijackThis� Logs Go Here Please Help With Spyware, Adware or Trojan Problem [CLOSED]	14 / 546	26th April 2006 - 12:47 AM Stutter started - last by Daemon
Malware Removal - HijackThis� Logs Go Here Help please in removing adware, spyware, PS Gaurd [CLOSED]	9 / 312	29th May 2006 - 02:57 PM frankmcd started - last by therock247uk