crunchie

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box …

[url]http://www.daniweb.com/techtalkforums/thread18386.html[/url] Closing this thread as it is a double post. Please refrain from posting twice. All it does is waste our time. I was half way through doing this one when I recognised the log entries. I have replied in your other thread. :). Sorry caperjack :).

Start hijackthis and hit the "Scan and save log" button. Save the log that appears to your desktop. Open the log and copy all the contents and paste the results here.

Download it here [url]http://www.dll-files.com/dllindex/dll-files.shtml?shdoclc[/url]

Can you try the Symantec removal tool first. I need to see if it's any good :D. That's if you do not mind me experimenting with you? [url]http://securityresponse.symantec.com/avcenter/venc/data/pf/spyware.look2me.html[/url] Follow the instructions from Symantec. Once done, please do the following; Reboot. Download and run [color=blue]VX2Finder(.exe).[/color] [url]http://www.downloads.subratam.org/VX2Finder.exe[/url] Open the program and click …

Same for me. I now have over 50.

Seems like it may be XP x64? Or maybe 2003 (beta)?

You need to reboot then rescan with hijackthis and post that log back here. Go [url=http://www.silentrunners.org/]here[/url] and download and run [color=blue]Silent Runners.vbs.[/color] It generates a log, please post the information back in this thread.

Those entries are LOP related caperjack.

Split your post to your own thread. Please do not tag on to the end of other members posts, even though it may appear that they no longer require assistance. You may be missed completely and not get the help you need :). [b]Download LSPfix from [url=http://www.computercops.biz/downloads-file-334.html][u]here[/u][/url][/b] On the opening …

Hi and welcome to DaniWeb :). This may take a couple of attempts, but we will get you clean. Run [color=blue]Hijackthis[/color] and go to the [color=green]process viewer[/color] by going to Config, Misc Tools, Process Viewer, to unload all instances of the following running processes;[b] winlgn.exe [/b] Then go to C:\Documents …

Hi. You are running hijackthis from a temporary folder, can you please download the self-extracting version from [url=http://www.merijn.org/files/hijackthis_sfx.exe]here.[/url] Uninstall the other version first, then manually delete the file. [color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then [b][color=red]close all browser and explorer windows,[/color][/b] and hit …

Hi. You are running hijackthis from a temporary folder, can you please download the self-extracting version from [url=http://www.merijn.org/files/hijackthis_sfx.exe]here.[/url] Uninstall the other version first, then manually delete the file. You may have the latest version of VX2. Download L2mfix from one of these two locations: [url]http://www.atribune.org/downloads/l2mfix.exe[/url] [url]http://www.downloads.subratam.org/l2mfix.exe[/url] Save the file to …

1. [b]Download and install [URL=http://www.lavasoftusa.com/software/adaware/][color=blue] Ad-Aware SE,[/color][/URL][/b] keeping the default options. [b]However, some of the settings will need to be changed before your first scan[/b] 2.[b]Close ALL windows[/b] except Ad-Aware SE 3. Click on the[b]‘world’ [/b] icon at the top right of the Ad-Aware SE window and let AdAware SE …

My eyes go funny looking at all those entries :eek:. Goodonya dlh6213 for taking this one :D.

[color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then [b]close all browser and explorer windows,[/b] and hit the "Fix checked" button.[/color] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://quickmetasearch.com/?said=acc0001_ho[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://quickmetasearch.com/?said=acc0001_ho[/url] O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll …

Check out this thread [url]http://www.daniweb.com/techtalkforums/thread17285.html[/url] foxkueh

Hi and welcome to DaniWeb :D. You're sister [b]needs[/b] to update Internet Explorer to version 6 and install service pack 1 in order to stay more secure. [url]http://windowsupdate.microsoft.com/[/url] [color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then [b]close all browser and explorer windows,[/b] and hit …

You need to follow deonnanicole's advice and place hijackthis into it's own folder before going ahead with any repairs. If any mistakes occur, it is possible that the necessary backups will be missing :). Download this self-extracting version from [url=http://www.merijn.org/files/hijackthis_sfx.exe]here.[/url]

[b]First of all we have to remove Newdotnet,[/b] either from add/remove programs, or by going [url=http://www.newdotnet.com/#remove][u]here[/u][/url] and scrolling down to the uninstall tool. [color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.[/color] R1 …

Maxthon is/was MYIE2 with a new name :).

See if they can be uninstalled from add\remove programs first. [b]Download [color=blue]HijackThis[/color] from [url=http://www.merijn.org/files/hijackthis_sfx.exe][u]here[/u][/url][/b] & it will install into it's own, permanent folder. If you have anything disabled in MsConfig, please re-enable it/them. Start HJT & press the scan button. When the scan is finished the scan button will change …

Just to add. Can you try these; [b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] to TrendMicro for an on-line scan & set it to autoclean for you. Try [URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][u]this[/u][/URL] scan at Panda as well.[/b] You also have a CWS infection. [b]Download [color=blue]CWShredder[/color] from [url=http://computercops.biz/downloads-file-349.html][u]here[/u][/url] and run it.[/b] Select the [color=red]fix[/color] button & it will fix …

Go to add\remove programs and uninstall these if there; Save, WhenUSearch, Search, WhenUSave, [color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then [b]close all browser and explorer windows,[/b] and hit the "Fix checked" button.[/color] O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 …

hulk2003. Does the Windows AdControl exist in add\remove programs? If so, uninstall it. Are you certain that you have [b]all[/b] hidden folders\files showing? Disable Tea Timer from within Spybot S&D. Start Spybot and on the toolbar select Mode. Choose advanced then go to Tools\Resident and uncheck Tea Timer. You may …

You are missing the top most part of your log that tells me which version of hijackthis you are using, as well as the operating system. Please include it in your next post. [color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then close all browser …

Where you off to caperjack? Not leaving are you? :sad:

You are possibly trying to run the actual zip file that hijackthis comes in. You will need a zipping utility such as WinZip to extract it from the zip. Or, you can download this version of hijackthis. [url]http://www.merijn.org/files/hijackthis_sfx.exe[/url] It will extract itself to your program files.

That log is clean :D. Are you experiencing any problems? You said that you found what you couldn't find before. What were they? The two logs are almost identical.

Just out of curiousity, can you please go [url=http://www.kaspersky.com/remoteviruschk.html][u]here[/u][/url] and have this file scanned. C:\WINNT\system32\[b]win32spl.exe[/b]

Try fixing this with hijackthis; R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 if that does not work try disabling zone alarm and try again.

LittleJimmy. I have used and am using now, free AV's with no problems whatsoever. I am using the one in my sig. Definitions update almost daily.

All the contents of the temp folder should be safe to delete. The folder itself can be deleted as it will be recreated on reboot :). There will be a better chance to delete it all if you are in safe mode.

Can you please download this file from here: [url=http://www.bleepingcomputer.com/files/spyware/getservice.zip]Getservice.zip[/url] Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please attach the file to this post. Another hijackthis log too, please.

[url]www.blackviper.com[/url] for what startup's can be disabled or manually started. You need to update hijackthis to version 1.99. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go [url=http://www.merijn.org/files/hijackthis_sfx.exe][u]here.[/u][/url] Remove the old version by opening the program, going to config\misc tools, then uninstall & …

Go to add\remove programs and uninstall Mysearch. [color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.[/color] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = , R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = …

If you still require assistance, please post another log.

Run the following first, then see if you can run hijackthis. If not, download this version; [url]http://www.merijn.org/files/hijackthis1982.zip[/url] 1. [b]Download and install [URL=http://www.lavasoftusa.com/software/adaware/][color=blue] Ad-Aware SE,[/color][/URL][/b] keeping the default options. [b]However, some of the settings will need to be changed before your first scan[/b] 2.[b]Close ALL windows[/b] except Ad-Aware SE 3. Click …

Run [color=blue]Hijackthis[/color] and go to the [color=green]process viewer[/color] by going to Config, Misc Tools, Process Viewer, to unload all instances of the following running processes;[b] ddawua.exe [/b] Go to C:\windows\system32 and delete the file manually. [color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then close …

Looks like you also have the peper trojan, so as well as what DMR has requested, please do the following; [b]Download the [color=blue]PeperFix.exe[/color] tool from here:[/b] [url]http://downloads.subratam.org/PeperFix.exe[/url] Click on the [color=blue]PeperFix.exe[/color] to launch it. Click the Find and Fix button. It will scan the %Systemroot% folder and locate all the …

[color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.[/color] R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.popupsearches.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.popupsearches.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.popupsearches.com/sidesearch.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL …

If anyone wants something added to this thread, please PM your request to one of this forum's Mods. Thank you.

[url]http://www.merijn.org/files/hijackthis1982.zip[/url] download the older version and post a log please.

An addition to DMR's instructions. Can you first run [color=blue]Hijackthis[/color] and go to the [color=green]process viewer[/color] by going to Config, Misc Tools, Process Viewer, to unload [b] wowikk.exe [/b] Then follow DMR's instructions.

jrsuellen. Hi and welcome to Daniweb :D. We ask that members not tag on to the end of other members hijackthis threads, even the finished ones. Your post can be missed (if in a finished one). Also, if in a live thread, it is unfair to the original poster who …

Make sure [b]ALL[/b] instances of Internet Explorer are [b]closed[/b] and have hijackthis fix these; R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://srch-us4.hpwis.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://srch-us4.hpwis.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://srch-us4.hpwis.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://srch-us4.hpwis.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://srch-us4.hpwis.com/[/url] R1 - HKLM\Software\Microsoft\Internet …

Nothing bad there, just a little bit of cleaning needed :). [color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.[/color] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = …

Thanks dlh. I was wondering why I had those callouses on my fingertips :D.

[color=blue]Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.[/color] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links …

Run [color=blue]Hijackthis[/color] and go to the [color=green]process viewer[/color] by going to Config, Misc Tools, Process Viewer, to unload the following running processes;[b] woqwro.exe [/b] Go to C:\WINDOWS\system32 and delete [b]woqwro.exe[/b] Reboot and post another log.