Twikibar search page has taken over my web browser
-
Twikibar search page has taken over my web browser
When I am on IE twikibar will always hijack whatever page I am looking at.
Logfile of HijackThis v1.99.1
Scan saved at 3:31:40 PM, on 12/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.HEATHER\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus7.hpwis.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: twikibar - {7345F548-C9AC-46F7-A350-524964350D25} - C:\PROGRA~1\REGIST~1\popupgo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe " -boot
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe
O4 - Startup: Billminder.lnk = C:\Quickenw\billmind.exe
O4 - Startup: Yahoo! Monitor.lnk = C:\Program Files\Encompass\EncMontr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: QuickLink III.lnk = C:\PROGRAM FILES\QUICKLINK III\QL.exe
O4 - Global Startup: SWStubset.exe
O4 - Global Startup: VoiceCenter.lnk = C:\Program Files\ViaVoice\BIN\speechbar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149690177318
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Thanks for the help.
-
Welcome,
Look in add/remove program and remove twikibar if present, reboot afterwards.
INSTRUCTIONS FOR USING AVG ANTI-SPYWARE in "NORMAL MODE"
Download and scan with AVG Anti-Spyware
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
* Press "OK".
* Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
* When you find the guard service, double-click on it.
* In the Properties Window > General Tab that opens, click the "Stop" button.
* From the drop-down menu next to "Startup Type", click on "Manual".
* Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message". If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from HERE .
Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.
* Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
* Under "How to Scan?" check all (default).
* Under "Possibly unwanted software" check all (default).
* Under "What to Scan?" make sure "Scan every file" is selected (default).
* Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the "Apply all actions button". If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done and submit the log report in your next response.
Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
Please post a new hijackthis log also. Thanks.
Also...
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
-
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:25:08 PM 12/31/2006
+ Scan result:
C:\Program Files\PestPatrol\Quarantine\20040523160438279.zip/WINDOWS/downloaded program files/ncaselib.dll -> Adware.180Solutions : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20040523160438279.zip/Program Files/clearsearch/CSBIINST.DLL -> Adware.ClearSearch : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20040523160438279.zip/Program Files/common files/cmeii/GIoclClient.dll -> Adware.Gator : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20040523163148904.zip/Program Files/hotbar/bin/4.4.2.0/HbHostOE.dll -> Adware.HotBar : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20040523163148904.zip/Program Files/hotbar/bin/4.4.2.0/HbInstIE.dll -> Adware.HotBar : Cleaned.
C:\WINDOWS\Downloaded Program Files\pinstall.dll -> Adware.LookMe : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20040523160438279.zip/Program Files/clocksync/Uninst.exe -> Adware.SaveNow : Cleaned.
C:\Program Files\SoftwareDoctor -> Adware.SoftwareDoctor : Cleaned.
C:\Program Files\SoftwareDoctor\ErrorDoctor -> Adware.SoftwareDoctor : Cleaned.
C:\Program Files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe -> Adware.SoftwareDoctor : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20050226102231.zip/Program Files/whinstall/whagent.inf -> Adware.WebHancer : Cleaned.
C:\WINDOWS\system32\msCMTsrvc.exe -> Downloader.Presario : Cleaned.
C:\WINDOWS\system32\bGs.dll -> Dropper.Small.gv : Cleaned.
C:\Program Files\Encompass\EncDial.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Local Settings\Temp\Temporary Directory 2 for _better version_ terra patrick 33.zip\install.exe -> Hijacker.Agent.hi : Cleaned.
C:\hp\region\EN_US-ie.reg -> Hijacker.StartPage : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@highbeam.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@sprintnlc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@highbeam.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@sprintnlc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@rotator.adjug gler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@news.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@news.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@CAYU6WRH.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@CAYU6WRH.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@e-2dj6wjkyqic5kdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@e-2dj6wgkysicjgaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@e-2dj6wjkyqic5kdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@e-2dj6wjkyqic5kdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@adopt.eurocli ck[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@ehg-attconsumer.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@ehg-attconsumer.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@image.masters tats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@www.res99[1].txt -> TrackingCookie.Res99 : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@www.res99[1].txt -> TrackingCookie.Res99 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@www.res99[1].txt -> TrackingCookie.Res99 : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@adopt.specifi cclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@adopt.specifi cclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Owner.HEATHER\Cookies\owner@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\o wner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Hijack this
Ad-Aware SE Personal
Adobe Acrobat 5.0
advertismen
AVG Anti-Spyware 7.5
Charter High-Speed™ Self-Installation
Detto IntelliMover Demo
DivX 4.12 Codec
easy Internet sign-up
EPSON Printer Software
EPSON Scan
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Inactive HP Printer Drivers (Remove only)
Indeo® Software
Intel(R) 82845G Graphics Driver Software
InterVideo WinDVD 4
KBD
Macromedia Flash Player 8
Microsoft .NET Framework (English) v1.0.3705
Microsoft Office XP Professional with FrontPage
Microsoft Works 7.0
Nimo Codecs Pack v4.33 (Remove Only)
NVIDIA Windows 2000/XP Display Drivers
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
RealOne Player
RecordNow
RecordNow Update Manager
Registry Doc 2006
S3Display
S3Gamma2
S3Info2
S3Overlay
Simple Installer - Multilanguage Version
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
Windows Media Format Runtime
Windows XP Hotfix - KB835409
Windows XP Hotfix (SP2) [See q330638 for more information]
Windows XP Hotfix (SP2) [See Q331060 for more information]
Yahoo! Companion
Yahoo! Essentials
Yahoo! Internet Mail
Yahoo! Login
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Thanks for all of your help Neal. Let me know anything else I need to do. Happy New Year!!!!!
-
Your quite welcome and Happy New Year for you and yours!
Looks like you have Advertismen in add/remove and is a real booger to get rid of but we will try hard.
Go here for the removal tool for Advertismen, it is on the left hand side, follow instructions there please.
http://www.atribune.org/
After the above...
Please download ATF Cleaner by Atribune to desktop.
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Double-click ATF-Cleaner.exe to run the program.
If you would like to keep your cookies don't check that item
* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Are you still being hijacked?
Thanks.
-
Unfortunately I am still being hijacked Neal. I have done everything you have asked me to but when I go to certain websites it always pops up. It will say at the bottom that it is redirecting URL and then the twikibar search page will pop up.
-
Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it:
To deactivate Spyware Doctor's OnGuard Tools- From within Spyware Doctor, click the "OnGuard" button on the left side.
- Uncheck "Activate OnGuard".
You can reenable it once your system is clean.
Go here to learn how to show hidden files/folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5
Re-hide after we are done
Run hijackthis and click on scan button and put check next to this:
O3 - Toolbar: twikibar - {7345F548-C9AC-46F7-A350-524964350D25} - C:\PROGRA~1\REGIST~1\popupgo.dll
Nothing open but hijackthis and click on fix checked.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FOLDERS
C:\PROGRAM FILES\REGIST~1- Folder begins with REGIST and has this file in it popupgo.dll, if not deleted with hijackthis already
Also do a search for this and delete if found:
C:\Program Files\TwikiBar
Reboot normal mode and tell me how things are now.
-
It appears that it is gone after doing those steps Neal. After running hijack this after I made all of the hidden folders unhidden I found the twikibar and clicked fix this. Then I couldn't find either of those other file names in safe mode. Is that normal?
Neal for president in 2008!!!!!!!!!!!
-
Everything is ok now. Thanks for stopping bye.
Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.
Explained Here:
Windows XP: http://vil.nai.com/vil/SystemHelpDoc...ysRestore.aspx
Explained Here
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
RegProtect
This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.
You have the option of allowing(good) items or blocking(bad)items.
http://www.diamondcs.com.au/index.php?page=regprot
To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender
http://www.microsoft.com/athome/secu...e/default.mspx
4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm
Zone Labs Personal Firewall:
Zone Labs
5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/
6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:
http://www.javacoolsoftware.com/spywareblaster.html
If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm
Block access to Untrustworthy Sites
You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.
*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
