First thing I want you to do is clean up the temp files> there is malware in them:
This can be done by running TFC> Temp File Cleaner. TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies.
Download
TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
The
view.atdmt.com site is hosted by Atlas Solutions, a company which provides services to other companies for running online marketing campaigns. You can restrict the Domain:
Control Panel> Internet Options> Security tab> Restricted Zone> Sites> type in
view.atdmt.com> Block.
Please reopen HijackThis to 'do system scan only'.
Check the fol;lowing entries if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYUS
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://64.157.10.150/diallerfiles/013483.exe
O24 - Desktop Component 0: (no name) - http://www.msnbc.com/c/0/87/585/8x6/twip_2002_0613_08.jpg
Close all Windows except HijackThis and click on
"Fix Checked."
Remove 024 Desktop from HijackThis:
[o] Click on Start> Control Panel> Display> Desktop tab
[o] Click on Customize Desktop> Web tab
[o] Uncheck and delete everything you find in there (except for "My current home page")
[o] Uncheck "Lock Desktop Items" box if it is checked
[o] Apply> OK> Close.
Remove all of MyWebSearch:
My WebSearch Toolbar example:
Credit:
www.benedelman.org
[o] Start> Control Panel> Add/Remove Programs> look for Mywebsearch.
[o] Uninstall the program and anything else associated with the suite of Fun Web Products which [o] Entries such as My Way Speedbar or Search Assistant should also be uninstalled. Anything from Smiley Central or other odd entries should be researched and eliminated to keep your computer free of Mywebsearch.
[o]If you do not uninstall all components, the toolbar will still be installed on your computer and running in the background whether you see it or not.
Please check the status of the McAfee AV. There is a file missing that is essential:
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
Are you using just the Webroot Spysweeper spyware/adware program or the one that combines an antivirus with it?
When finished the above:
Download SDFix HERE and save it to your Desktop.
- Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run SDFix
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
- Attach Report.txt back here
Rescan with HijackThis and attach new log.