Tech Support Forum - View Single Post

tinag · 04-21-2005, 11:24 AM

Hello again.

Before proceeding, please print this page or copy it to Notepad to help you carry out the instructions. If you have questions about any instruction, please ask before performing it.

Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

To get rid of any lingering installation files, you should empty your Temp folders. (You should do this periodically anyway, as even benign software tends to leave a lot of junk there.) Download and install CleanUp! (alternate link), then run it and click the CleanUp! button. When it asks whether you want to log off, click Yes.

Reboot your system into Safe Mode by repeatedly tapping the F8 key until the menu appears, then selecting Safe Mode.

Click Start > (Settings >) Control Panel > Add/Remove Programs. If the following programs exist -- and they might not -- uninstall them:
MyWaySA (or MyWay or MyWay Search Assistant)

Open Hijack This and click Scan. If they still exist -- and some might not -- check all of the following entries (make sure you do not miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Visit us at WwW.BootersCuba.Ya.St & Www.EvolutionBoot.Com
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)

Please close all other windows, including browsers, then click Fix checked.

If it still exists, delete the following folder indicated in BLUE.

C:\Program Files\MyWaySA

Run CleanUp! and click the CleanUp! button. When it asks whether you want to log off, click Yes.

Reboot your system in normal mode.

If you have a fast internet connection (broadband), run an online scan at Trend Micro or RAV Antivirus. Please select the “autoclean” option when using Trend Micro.

Please post a fresh HijackThis log so that we can check whether your system is clean.

04-21-2005, 11:24 AM	#3 (permalink)
tinag Join Date: Mar 2005 Location: VT (via NL and TO) Posts: 341 OS: WinXP SP2 Pro and Home	Hello again. Before proceeding, please print this page or copy it to Notepad to help you carry out the instructions. If you have questions about any instruction, please ask before performing it. Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. To get rid of any lingering installation files, you should empty your Temp folders. (You should do this periodically anyway, as even benign software tends to leave a lot of junk there.) Download and install CleanUp! (alternate link), then run it and click the CleanUp! button. When it asks whether you want to log off, click Yes. Reboot your system into Safe Mode by repeatedly tapping the F8 key until the menu appears, then selecting Safe Mode. Click Start > (Settings >) Control Panel > Add/Remove Programs. If the following programs exist -- and they might not -- uninstall them: MyWaySA (or MyWay or MyWay Search Assistant) Open Hijack This and click Scan. If they still exist -- and some might not -- check all of the following entries (make sure you do not miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Visit us at WwW.BootersCuba.Ya.St & Www.EvolutionBoot.Com R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file) *Please close all other windows, including browsers, then click Fix checked.* If it still exists, delete the following folder indicated in BLUE. C:\Program Files\MyWaySA Run CleanUp! and click the CleanUp! button. When it asks whether you want to log off, click Yes. Reboot your system in normal mode. If you have a fast internet connection (broadband), run an online scan at Trend Micro or RAV Antivirus. Please select the “autoclean” option when using Trend Micro. Please post a fresh HijackThis log so that we can check whether your system is clean.