cws.homesearch help

Unknown

Can anyone help me remove cws.homesearch?


I try removing it in Add/Remove Programs but i can't it leads me to a page where it tells me i can unistall it and i install another software where i have more spyware. I tried following some guides of removing it but it doesn't work.Can anyone tell me step by step how to remove it?

SpywareShooter

Please download HijackThis and post a log.

killabee

Logfile of HijackThis v1.99.1
Scan saved at 1:37:02 PM, on 2/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\iphf32.exe
C:\WINDOWS\atlam.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yuwcv.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yuwcv.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yuwcv.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yuwcv.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yuwcv.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yuwcv.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {10F30855-5A3B-ECD9-55C6-123738D2286A} - (no file)
O2 - BHO: Class - {17399FDF-699F-E10C-F790-3872A961BD8F} - C:\WINDOWS\system32\d3ix.dll
O2 - BHO: (no name) - {1C58A84B-45A2-EFC7-E9A0-8DEC2B4EB4A3} - (no file)
O2 - BHO: (no name) - {2DD522B0-2791-A66D-5C35-B286BFFCBB40} - (no file)
O2 - BHO: (no name) - {31BD3B6A-B937-791E-3F3E-683DD5414CF4} - (no file)
O2 - BHO: (no name) - {33A49432-E399-EC6E-1569-941A0DB59717} - (no file)
O2 - BHO: (no name) - {3A0CFF30-8DF7-B57D-9CDD-C367C5FEE986} - (no file)
O2 - BHO: (no name) - {6FCAF567-3DE8-8E0A-AE66-85CFEC2FA8D2} - (no file)
O2 - BHO: (no name) - {A5E94D18-1707-A22D-55F3-D99A5E707DA7} - (no file)
O2 - BHO: (no name) - {BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C6506175-0AD1-05AA-F4AA-70AADEF964CA} - (no file)
O2 - BHO: (no name) - {CEAE64FE-CFBA-AADD-FE3A-E3BE214507C2} - (no file)
O2 - BHO: (no name) - {E660146D-84B5-3C44-BC7E-AA0905BCCD81} - (no file)
O2 - BHO: (no name) - {F8B9848E-DD4B-7336-C734-7E561B0875DB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [msfg32.exe] C:\WINDOWS\msfg32.exe
O4 - HKLM\..\Run: [sysxf32.exe] C:\WINDOWS\sysxf32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msvc.exe] C:\WINDOWS\system32\msvc.exe
O4 - HKLM\..\Run: [mskz32.exe] C:\WINDOWS\system32\mskz32.exe
O4 - HKLM\..\Run: [mseb.exe] C:\WINDOWS\system32\mseb.exe
O4 - HKLM\..\Run: [mfckf32.exe] C:\WINDOWS\mfckf32.exe
O4 - HKLM\..\Run: [mfcjx32.exe] C:\WINDOWS\mfcjx32.exe
O4 - HKLM\..\Run: [ipke.exe] C:\WINDOWS\ipke.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ieye.exe] C:\WINDOWS\system32\ieye.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [d3ph.exe] C:\WINDOWS\d3ph.exe
O4 - HKLM\..\Run: [d3gw32.exe] C:\WINDOWS\d3gw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [appnh.exe] C:\WINDOWS\appnh.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [addge.exe] C:\WINDOWS\system32\addge.exe
O4 - HKLM\..\Run: [mfcoq32.exe] C:\WINDOWS\mfcoq32.exe
O4 - HKLM\..\Run: [ntuf32.exe] C:\WINDOWS\system32\ntuf32.exe
O4 - HKLM\..\Run: [sdkog.exe] C:\WINDOWS\sdkog.exe
O4 - HKLM\..\Run: [apieg32.exe] C:\WINDOWS\system32\apieg32.exe
O4 - HKLM\..\Run: [iphf32.exe] C:\WINDOWS\iphf32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

killabee

I ran About Buster,Spybot search and destroy,and ad-aware SE personal but i still have the problem.


Logfile of HijackThis v1.99.1
Scan saved at 9:13:30 PM, on 2/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\msza.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\d3od.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {10F30855-5A3B-ECD9-55C6-123738D2286A} - (no file)
O2 - BHO: (no name) - {17399FDF-699F-E10C-F790-3872A961BD8F} - (no file)
O2 - BHO: (no name) - {1C58A84B-45A2-EFC7-E9A0-8DEC2B4EB4A3} - (no file)
O2 - BHO: (no name) - {2DD522B0-2791-A66D-5C35-B286BFFCBB40} - (no file)
O2 - BHO: (no name) - {31BD3B6A-B937-791E-3F3E-683DD5414CF4} - (no file)
O2 - BHO: (no name) - {33A49432-E399-EC6E-1569-941A0DB59717} - (no file)
O2 - BHO: (no name) - {3A0CFF30-8DF7-B57D-9CDD-C367C5FEE986} - (no file)
O2 - BHO: (no name) - {6FCAF567-3DE8-8E0A-AE66-85CFEC2FA8D2} - (no file)
O2 - BHO: (no name) - {A5E94D18-1707-A22D-55F3-D99A5E707DA7} - (no file)
O2 - BHO: (no name) - {BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C6506175-0AD1-05AA-F4AA-70AADEF964CA} - (no file)
O2 - BHO: Class - {CAB77176-02BF-A261-FD7D-A41EC47A7458} - C:\WINDOWS\system32\netxi.dll
O2 - BHO: (no name) - {CEAE64FE-CFBA-AADD-FE3A-E3BE214507C2} - (no file)
O2 - BHO: (no name) - {E660146D-84B5-3C44-BC7E-AA0905BCCD81} - (no file)
O2 - BHO: (no name) - {F8B9848E-DD4B-7336-C734-7E561B0875DB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [msfg32.exe] C:\WINDOWS\msfg32.exe
O4 - HKLM\..\Run: [sysxf32.exe] C:\WINDOWS\sysxf32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msvc.exe] C:\WINDOWS\system32\msvc.exe
O4 - HKLM\..\Run: [mskz32.exe] C:\WINDOWS\system32\mskz32.exe
O4 - HKLM\..\Run: [mseb.exe] C:\WINDOWS\system32\mseb.exe
O4 - HKLM\..\Run: [mfckf32.exe] C:\WINDOWS\mfckf32.exe
O4 - HKLM\..\Run: [mfcjx32.exe] C:\WINDOWS\mfcjx32.exe
O4 - HKLM\..\Run: [ipke.exe] C:\WINDOWS\ipke.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ieye.exe] C:\WINDOWS\system32\ieye.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [d3ph.exe] C:\WINDOWS\d3ph.exe
O4 - HKLM\..\Run: [d3gw32.exe] C:\WINDOWS\d3gw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [appnh.exe] C:\WINDOWS\appnh.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [addge.exe] C:\WINDOWS\system32\addge.exe
O4 - HKLM\..\Run: [mfcoq32.exe] C:\WINDOWS\mfcoq32.exe
O4 - HKLM\..\Run: [ntuf32.exe] C:\WINDOWS\system32\ntuf32.exe
O4 - HKLM\..\Run: [sdkog.exe] C:\WINDOWS\sdkog.exe
O4 - HKLM\..\Run: [apieg32.exe] C:\WINDOWS\system32\apieg32.exe
O4 - HKLM\..\Run: [iphp32.exe] C:\WINDOWS\system32\iphp32.exe
O4 - HKLM\..\Run: [msza.exe] C:\WINDOWS\msza.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3od.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Trogan

Please print out a copy of the instructions and follow them exactly.


First of all I need you to download some programs for use later.

Download this file and unzip it to your desktop

Download About:Buster from here. Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet

Download CWShredder from here, install it, check for updates but again, don't use it yet.

Download and install Ewido Security Suite Trial from here. Run and update the program but do not scan with it yet.

Ensure hidden files and folders are set to show;

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK.

Next, go to Start -> Run and type "Services.msc" (without quotes) then hit OK

Scroll down and find the service called Remote Procedure Call (RPC) Helper. When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then OK and close any open windows.

Please disconnect from the Internet and unplug your modem for the duration of this fix You may want to print the rest of these instructions.

Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

While in safe mode, double click on the HSfix.reg file you downloaded at the beginning. Grant it permission to add the registry items.

Then Open CWShredder that you downloaded in the first step. Close all browser windows and click on the Fix button.

Bring up task manager by holding Ctrl-Alt-Del and end these processes if they are present

msza.exe
d3od.exe
msfg32.exe
sysxf32.exe
msvc.exe
mskz32.exe
mseb.exe
mfckf32.exe
ipke.exe
ieye.exe
d3ph.exe
d3gw32.exe
appnh.exe
apihc.exe
addge.exe
mfcoq32.exe
ntuf32.exe
sdkog.exe
apieg32.exe
iphp32.exe
msza.exe

Now find and delete these files, if you can't find one then don't worry.. just move on to the next one.

C:\WINDOWS\msza.exe
C:\WINDOWS\d3od.exe
C:\WINDOWS\msfg32.exe
C:\WINDOWS\sysxf32.exe
C:\WINDOWS\mfckf32.exe
C:\WINDOWS\ipke.exe
C:\WINDOWS\d3ph.exe
C:\WINDOWS\d3gw32.exe
C:\WINDOWS\appnh.exe
C:\WINDOWS\mfcoq32.exe
C:\WINDOWS\sdkog.exe
C:\WINDOWS\msza.exe
C:\WINDOWS\yuwcv.dll

C:\WINDOWS\system32\netxi.dll
C:\WINDOWS\system32\msvc.exe
C:\WINDOWS\system32\mskz32.exe
C:\WINDOWS\system32\mseb.exe
C:\WINDOWS\system32\ieye.exe
C:\WINDOWS\system32\apihc.exe
C:\WINDOWS\system32\addge.exe
C:\WINDOWS\system32\ntuf32.exe
C:\WINDOWS\system32\apieg32.exe
C:\WINDOWS\system32\iphp32.exe

Now run hijackthis and click the scan button, when it has finished scanning put a check against the following and click 'Fix Checked'

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {10F30855-5A3B-ECD9-55C6-123738D2286A} - (no file)
O2 - BHO: (no name) - {17399FDF-699F-E10C-F790-3872A961BD8F} - (no file)
O2 - BHO: (no name) - {1C58A84B-45A2-EFC7-E9A0-8DEC2B4EB4A3} - (no file)
O2 - BHO: (no name) - {2DD522B0-2791-A66D-5C35-B286BFFCBB40} - (no file)
O2 - BHO: (no name) - {31BD3B6A-B937-791E-3F3E-683DD5414CF4} - (no file)
O2 - BHO: (no name) - {33A49432-E399-EC6E-1569-941A0DB59717} - (no file)
O2 - BHO: (no name) - {3A0CFF30-8DF7-B57D-9CDD-C367C5FEE986} - (no file)
O2 - BHO: (no name) - {6FCAF567-3DE8-8E0A-AE66-85CFEC2FA8D2} - (no file)
O2 - BHO: (no name) - {A5E94D18-1707-A22D-55F3-D99A5E707DA7} - (no file)
O2 - BHO: (no name) - {BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} - (no file)
O2 - BHO: (no name) - {C6506175-0AD1-05AA-F4AA-70AADEF964CA} - (no file)
O2 - BHO: Class - {CAB77176-02BF-A261-FD7D-A41EC47A7458} - C:\WINDOWS\system32\netxi.dll
O2 - BHO: (no name) - {CEAE64FE-CFBA-AADD-FE3A-E3BE214507C2} - (no file)
O2 - BHO: (no name) - {E660146D-84B5-3C44-BC7E-AA0905BCCD81} - (no file)
O2 - BHO: (no name) - {F8B9848E-DD4B-7336-C734-7E561B0875DB} - (no file)

O4 - HKLM\..\Run: [msfg32.exe] C:\WINDOWS\msfg32.exe
O4 - HKLM\..\Run: [sysxf32.exe] C:\WINDOWS\sysxf32.exe
O4 - HKLM\..\Run: [msvc.exe] C:\WINDOWS\system32\msvc.exe
O4 - HKLM\..\Run: [mskz32.exe] C:\WINDOWS\system32\mskz32.exe
O4 - HKLM\..\Run: [mseb.exe] C:\WINDOWS\system32\mseb.exe
O4 - HKLM\..\Run: [mfckf32.exe] C:\WINDOWS\mfckf32.exe
O4 - HKLM\..\Run: [mfcjx32.exe] C:\WINDOWS\mfcjx32.exe
O4 - HKLM\..\Run: [ipke.exe] C:\WINDOWS\ipke.exe
O4 - HKLM\..\Run: [ieye.exe] C:\WINDOWS\system32\ieye.exe
O4 - HKLM\..\Run: [d3ph.exe] C:\WINDOWS\d3ph.exe
O4 - HKLM\..\Run: [d3gw32.exe] C:\WINDOWS\d3gw32.exe
O4 - HKLM\..\Run: [appnh.exe] C:\WINDOWS\appnh.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [addge.exe] C:\WINDOWS\system32\addge.exe
O4 - HKLM\..\Run: [mfcoq32.exe] C:\WINDOWS\mfcoq32.exe
O4 - HKLM\..\Run: [ntuf32.exe] C:\WINDOWS\system32\ntuf32.exe
O4 - HKLM\..\Run: [sdkog.exe] C:\WINDOWS\sdkog.exe
O4 - HKLM\..\Run: [apieg32.exe] C:\WINDOWS\system32\apieg32.exe
O4 - HKLM\..\Run: [iphp32.exe] C:\WINDOWS\system32\iphp32.exe
O4 - HKLM\..\Run: [msza.exe] C:\WINDOWS\msza.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3od.exe


The following step is important as you may have several malware files in your temp directories.

Browse to the C:\documents and settings\Your User Name\local settings\temp folder and delete all files and folders in it. (repeat for all other user names in documents and settings)

Then browse to the C:\Window\Temp folder and delete all files and folders in it.

Then in Internet Explore click Tools>Internet Options>General. Click on Delete Files make sure you get all offline content as well


Now navigate to the c:\aboutbuster directory and double-click on AboutBuster.exe. Click Begin Removal to allow AboutBuster to scan. When it has finished, AboutBuster will open a 'Scan Completed' window. Click OK. Another information window will open. Click on Exit. AboutBuster will inform you that a log has been created. Click OK. I will need you to post that log later.


Run Ewido.

• Click on scanner
• Click Complete System Scan and the scan will begin.
• NOTE: During some scans with ewido it is finding cases of false positives.
• You will need to step through the process of cleaning files one-by-one.
• If ewido detects a file you KNOW to be legitimate, select none as the action.
• DO NOT select "Perform action on all infections"
• If you are unsure of any entry found select none for now.
• When the scan is finished, click the Save report button at the bottom of the screen.
• Save the report to your desktop

Close Ewido


Now reboot, and run hijackthis again and post a fresh log along with the about buster log and the Ewido log.

killabee

Well....I did everything you said and something went wrong. When i restarted my computer it said i was missing a file and it wont boot up without the file. It told me i needed to insert my CD-ROM of the computer and i don't where it is. What i did is use system recovery and i got some of my files back. Homesearch is gone at least but i am missing some other files for other programs.

Trogan

Thats the problem with HSA, it deletes system files.

Please do the following:

Now we need to see if we need to restore some deleted files:
Please check for the following files using the Windows Search Engine:

To do a search. Click Start > Search > All Files and Folders.
Expand More advanced options and check the following:

Search system folders
Search hidden files and folders
Search Subfolders

Paste the following files into the Search Box at the top:

control.exe
rundll32.exe
wmplayer.exe
msconfig.exe
notepad.exe
shell.dll
SDHelper.dll

If any are missing or not working properly then you can download new copies from Merijn's Files and follow the instructions at that site to install them where they belong for your OS.

Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.

Run an online antivirus scan at:
Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

REBOOT!!


Post the contents of the Panda scan report, along with a new HijackThis Log just to make sure that there is nothing left to fix

killabee

Logfile of HijackThis v1.99.1
Scan saved at 6:00:58 AM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\Nacha\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140969538061
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Incident Status Location

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\1pyl2r6w.derek\cookies.txt[]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gjgi8780.default\cookies.txt[]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\LUIS MARTINEZ\Application Data\Mozilla\Firefox\Profiles\m8sxwx1m.default\cookies.txt[]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\LUIS MARTINEZ\Application Data\Mozilla\Profiles\default\1k94k2lz.slt\cookies.txt[]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nacha\Application Data\Mozilla\Firefox\Profiles\qk3p0e4o.default\cookies.txt[]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000039.MOZ[]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000052.MOZ[]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000127.MOZ[]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000157.MOZ[]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000158.MOZ[]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00000168.MOZ[]
Adware:Adware/MSView Not disinfected C:\RECYCLER\S-1-5-21-681272444-715495397-252347614-1003\Dc122.inf
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_dejmse.log
Adware:adware program Not disinfected C:\WINDOWS\system32\logs1.ini

Trogan

I forgot to ask for these earlier but can you post the About:Buster and Ewido logs here, if you got them.


Your HJT log is clean. We need to cleanup some cookies by doing thw following:

Download ATF (Atribune Temp File) Cleaner© by Atribune
http://www.atribune.org/ccount/click.php?id=1
It is a stand-alone program that does not need to be "installed". Save it to a convenient location and make a shortcut on your desktop.

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu



Reboot and post the requested logs please.

killabee

Sorry i don't have the logs. The logs are gone sorry. Thanks for all your help.

Trogan

How are things?

Can we mark this resolved?



Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. If you don't have a Firewall, then choose ONE below

Zone Alarm
Sygate
Sunbelt Kerio PF

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have one, choose ONE from below.

Nod32
AVG Free Edition
AntiVir
avast! 4 Home Edition

Install and keep updated, Ad-Aware SE, and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.

Install and keep updated, SpywareBlaster and SpywareGuard

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

Read the article So How Did I get Infected In The First Place

Clear your Temp folders.
Download ATF (Atribune Temp File) Cleaner© by Atribune
http://www.atribune.org/ccount/click.php?id=1
It is a stand-alone program that does not need to be "installed". Save it to a convenient location and make a shortcut on your desktop.

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu


For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run | type msconfig | Press Enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.


Please consider joining the Folding@Home Project
Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
MORE INFO: READ THIS