Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinFixer2005 - Help please!


  • Please log in to reply

#1
StarCMC

StarCMC

    New Member

  • Member
  • Pip
  • 6 posts
Hi! I have followed the first recommended steps for removing malware from my computer. This is my work computer and has Win ME. The only step I could NOT follow was to create a restore point. For some reason, the system would not allow me to do that. It directed me to restart and then try again, which I did, but still would not allow it. I am posting both the HiJack This Log and the Panda Report. Thank you very much in advance for your help.

Panda Report:


Incident Status Location

Adware:adware/look2me Not disinfected c:\windows\system\UpdInstall.exe
Adware:adware/addestroyer Not disinfected c:\windows\system\SWRT01.dll
Adware:adware/virtualbouncer Not disinfected c:\windows\system\INNERVBINSTALL.LOG
Spyware:spyware/betterinet Not disinfected c:\windows\inf\BIINI.INF
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
Adware:adware/ncase Not disinfected c:\program files\nCase
Adware:adware/sidesearch Not disinfected c:\program files\Lycos
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1014.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\flash.inf
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][3].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\SYSTEM\xmltok.dll
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\BIB.INF
Adware:Adware/VirtualBouncer Not disinfected C:\WINDOWS\spywarelabs.exe


---------------------------------------------------------------------------------

HiJack This Log:


Logfile of HijackThis v1.99.1
Scan saved at 5:07:03 PM, on 10/16/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\PROGRAM FILES\DANTZ\RETROSPECT\RETRORUN.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPNRA.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PROLIFIC\ONE BUTTON\ONEBTN.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\MSOFFICE.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvguys.com/
F1 - win.ini: run=HPFsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\SYSTEM\hpnra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Prolific_OneButton] C:\Program Files\Prolific\One Button\OneBtn.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [Retrospect Launcher] C:\PROGRAM FILES\DANTZ\RETROSPECT\RETRORUN.EXE
O4 - Startup: MSOFFICE.EXE
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...gent/wtinst.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.samsphoto...add/XUpload.ocx
O16 - DPF: {A45B1DCB-C0D5-11D6-8ED5-0001023D1A2A} (VirtualTerminalCom1.UserControl1) - https://merchantacco...erminalCom1.cab
O16 - DPF: {E4213CED-C99C-11D6-8ED5-0001023D1A2A} (VirtualTerminalCom2.UserControl1) - https://merchantacco...erminalCom2.cab
O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://63.166.193.10...ects/emagic.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.221.223.12...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = swbell.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.1.8,151.164.1.7

-----------------------------------------------------------------


Again, thank you for you help!

Regards, StarCMC
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
StarCMC

StarCMC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I know you all are busy ~ just didn't want to slip thru the cracks...

I am not at work today, but I called and had them run a HiJack this Log for me and email it to me. As I look at it, it appears that the Adaware and Spybot need to be run again -- I think it was clean of some of the adware when I originally posted the HJ log, but in any case, here's the new log...



Logfile of HijackThis v1.99.1
Scan saved at 10:22:38 AM, on 10/24/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\PROGRAM FILES\DANTZ\RETROSPECT\RETRORUN.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\SYSTEM\HPNRA.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PROLIFIC\ONE BUTTON\ONEBTN.EXE
C:\PROGRAM FILES\ACRONIS\TRUEIMAGE\TRUEIMAGEMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\MSOFFICE.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvguys.com/
F1 - win.ini: run=HPFsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\SYSTEM\hpnra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Prolific_OneButton] C:\Program Files\Prolific\One Button\OneBtn.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [Retrospect Launcher] C:\PROGRAM FILES\DANTZ\RETROSPECT\RETRORUN.EXE
O4 - HKLM\..\RunServices: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
O4 - Startup: MSOFFICE.EXE
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...gent/wtinst.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.samsphoto...add/XUpload.ocx
O16 - DPF: {A45B1DCB-C0D5-11D6-8ED5-0001023D1A2A} (VirtualTerminalCom1.UserControl1) - https://merchantacco...erminalCom1.cab
O16 - DPF: {E4213CED-C99C-11D6-8ED5-0001023D1A2A} (VirtualTerminalCom2.UserControl1) - https://merchantacco...erminalCom2.cab
O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://63.166.193.10...ects/emagic.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.221.223.12...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = swbell.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.1.8,151.164.1.7
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...gent/wtinst.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx




Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

  • 0

#5
StarCMC

StarCMC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I did the first step -- then downloaded SpySweeper, but when I try to install I get this error message:

Posted Image
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I guess the new version won't run on ME.


Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP