Junior Member
Quick update. I ran a program called RegCure. After this fixed 300+ errors the rogue .exe and process were gone. I then searched for and deleted .tmp files (84 found). In Safe Mode, also searched for .tmp files. None found.
hey philliephan, i'm located in Phillies country (1 hour northeast of philly). what a season. hope they learned something and build on it.
anyway, i will try uploading this .exe to that site. i'm assuming they will allow a .exe to be uploaded?
High-Voltage Messiah
I'm in Ohio - right near OSU. Have been a long-suffering Phillies fan for 30+ years. I think they will indeed build on this season's success. If there is a silver lining to the season, it is that the Rockies proved that a team in that kind of stadium/atmosphere or whatever you want to call it can reach the series. The Phils are in the same sort of boat with the new ballpark being such an offensive mecca....Originally Posted by hipp2112
--- Anyhoo, regarding your "malware" - I am not sure you have a real baddie. I wonder if it is not something a bit on the "grey" side that you or somebody else installed recently?
For example, I see that you have stopped QuickSweeper from running via msconfig. It is mild adware:
http://www.spywareresources.com/thre...threatid=44396
So, I wonder if there is anything else along those lines? Perhaps you could get us a Startup List or and Uninstall List? (Judy - SPD's scanner should do the trick here).
It looks through WhoIs that your compy is trying to connect to a legit ad site in California (most we tend to run into head straight for the Ukraine, lol) and that would indicate to me an adware bundler such as that QuickSweeper......
I think the problem is hiding in plain sight as a "legitimate" app. Just my $.02
Best Luck
PP
Administrator
I agree totally with PP that QuickSweeper is the only thing I see in the combofix log.
Run HJT again but this time first get a Start Up listing;
In order to do this go into the Config option when you start HijackThis and then click on the Misc Tools button at the top.
You will then click on the button labeled "Generate StartupList Log"
Once you click that button, the program will automatically open up a notepad filled with the Startup items from your computer. Copy and paste these entries into a message and submit it.
Next we will want an Uninstall List.
To access the Uninstall Manager you would do the following:
click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that here also.
- Start HijackThis
- Click on the Config button
- Click on the Misc Tools button
- Click on the Open Uninstall Manager button.
Judy
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
