ebay paypal redirect/hijack

Ok.

do this once more and post a log, please:

net user helpassistant > log.txt && log.txt

Alrighty... here it is...


User name HelpAssistant
Full Name Remote Desktop Help Assistant Account
Comment Account for Providing Remote Assistance
User's comment
Country code 000 (System Default)
Account active No
Account expires Never

Password last set 5/5/2010 1:32 AM
Password expires Never
Password changeable 5/5/2010 1:32 AM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 5/1/2010 11:32 PM

Logon hours allowed All

Local Group Memberships
Global Group memberships *None
The command completed successfully.

Good. Now, please reboot your computer twice, and run the Profiles program once more.

I think it is gone now.

Sorry... we've run so much stuff... which one is the Profiles program?

Here. You can probably re-download it.

Download Profiles

• Save it to your desktop.
• Double-click profiles.exe and post its log when you reply

Great, thank you .... here it is


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1844237615-1409082233-725345543-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\yo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1844237615-1409082233-725345543-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

Guess what?

It is gone.

Ready to clean up your computer now of all those tools?

Hmmmm.... lets see.... First post was Sun April 4.... so we've been at this for over 5 weeks now... with 128 Posts... I think I shall pour a glass of wine and toast you for all the help, patience and diligence in getting rid of this thing.

You may not be able to tell, but I am normally the person others come to for tech support.... From hardware to software I've done all kinds of tech support, but this thing had kicked my butt. I had exhausted my resources, and then found this site.

So yes, I'm ready to clean off all the tools, but I just wanted to take a moment to thank you. I truly appreciate you working with me to fix this, and not giving up. Yes, my hat is off to you.

I was able to tell that you were much experienced.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Hi DragonMaster Jay,

I apologize for the delay in posting, I was out of town for a few days...

All final scans have been done. Here is the log from checkup.

Thanks again!

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Adobe After Effects CS3 Presets
Kaspersky Internet Security 2010
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 20
Adobe Flash Player 10.0.12.36
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 9.3.2
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Kaspersky Lab Kaspersky Internet Security 2010 avp.exe
Kaspersky Lab Kaspersky Internet Security 2010 klwtblfs.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Looks good.

YIPPEE!!