Thread: I Think I've got Spyware!!(RESOLVED)
View Single Post
  #5 (permalink)  
Old 26-02-2006, 08:19 PM
Neal's Avatar
Neal Neal is offline
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: I Think I've got Spyware!!
Hi,


Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5


Download Clean.bat to your desktop(Save page as or Save as): for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat



Run hijackthis and click on scan button and put checks next to these:


O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
O2 - BHO: (no name) - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - (no file)
02 - BHO: (no name) - {78104A01-8E71-4F30-9A36-3793799615B4} - (no file)

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} -
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -

O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll


Nothing open but hijackthis and click fix checked


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Hunt for and delete if present:

C:\WINDOWS\SYSTEM32\wineij32.dll < file
C:\WINDOWS\TEMP\win5E.tmp.exe < file



Now run that clean batch file you created earlier, type in 'Y' a couple of times and press enter at the prompts.

Then:


Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter

Reboot

Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start


Post a new HJT log for further review
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Last edited by Neal; 26-02-2006 at 08:31 PM.
Reply With Quote