download cwshredder here. extract and run the program. close all browser windows and hit fix. reboot.
make a folder for hijack this. the program will make backups and you don't want it scattered all over your desktop.
rescan with hijack this and check these items (if still present):
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Instal...sinstaller.cab
this one is optional, since i don't see webshots in your running processes. if you no longer use it fix this as well:
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
reboot into safe mode (hit f8 during start) and delete the following:
C:\WINDOWS\System32\services\ <-- folder
C:\Program Files\RSNet\ <-- folder
C:\Documents and Settings\Owner\Application Data\ttuh.exe <-- file
reboot into normal mode and post a fresh hijack this log.
Bookmarks