crunchie

Open Task Manager & end process on the following:[b] saap.exe nls.exe[/b] [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll …

[b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] to TrendMicro for an on-line scan & set it to autoclean for you. Try [URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][u]this[/u][/URL] scan at Panda as well.[/b]

There are a few things to do there, but I need to see hijackthis in a permanent folder. Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put …

This folder should also be deleted: C:\PROGRA~1\[b]POWERS~1[/b] Full name is Powersearch.

[b]Download [color=blue]CWShredder[/color] from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will fix everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Internet Explorer, before running CWShredder. [color=red]Reboot.[/color] To help prevent this from happening again, install the patches for the vulnerabilities that this …

P2P networking should be uninstalled via add\remove programs. Uninstall Kazaa also from there if found. [b]Unzip HJT into it's own permanent folder[/b] before doing anything in order that the backups it creates cannot be deleted by accident. [color=red](Not a temporary folder or directly on the desktop (in a folder on …

Download About:buster from [url]http://malwarebytes.biz/AboutBuster.zip[/url] and unzip it to your desktop. [b]Download & instal [color=blue]Adaware[/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red]update[/color] it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' …

Not sure if that is a complete log. Doesn't look like one. I would strongly advise that you upgrade to Internet Exlorer 6 & get the service packs for it.

Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go [url=http://www.computercops.biz/downloads-file-328.html][u]here.[/u][/url] Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder. Click My Computer, then …

-Run reglite : type-- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs into the address bar, or expand the same key. -Rename the Folder Windows to NotWindows highlighted as a purple folder in the left hand pane of reglite. -Click "AppInit_DLLs" again and clear the data value: C:\WINDOWS\System32\wdm.dll (random named dll) <- delete this line , …

Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go [url=http://www.computercops.biz/downloads-file-328.html][u]here.[/u][/url] Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder. Move it to a …

[b]Download [color=blue]CWShredder[/color] from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will fix everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Internet Explorer, before running CWShredder. [color=red]Reboot.[/color] To help prevent this from happening again, install the patches for the vulnerabilities that this …

Temporarily disable Tea-Timer. [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.begin2search.com/googlesidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.begin2search.com/googlesidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search …

Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go [url=http://www.computercops.biz/downloads-file-328.html][u]here.[/u][/url] Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder. [b][color=red]Close all (browser) windows …

Nice & clean :).

You got bugs :). You may want to create a new folder for hijackthis as it will dump it's backups throughout spybot's folder. [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & …

That is an incomplete log. When you open the saved log's text file press [b]Ctrl+A to highlight everything, then Ctrl+C to copy it. Then Ctrl+V to paste it here.[/b] Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which you can …

[b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.begin2search.com/googlesidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.begin2search.com/googlesidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.begin2search.com/googlesidesearch.html[/url] …

Umm, yours [b]is[/b] the first post in this thread :).

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller: [url]http://members.rogers.com/rjmac/new_uninstall.exe[/url] …

Check out this thread. [url]http://www.daniweb.com/techtalkforums/thread9810.html[/url]

[b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://srch-us7.hpwis.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://srch-us7.hpwis.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://srch-us7.hpwis.com/[/url] R1 …

Also, [b]Download [color=blue]CWShredder[/color] from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will fix everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Internet Explorer, before running CWShredder. [color=red]Reboot.[/color] To help prevent this from happening again, install the patches for the vulnerabilities that …

[QUOTE=kriskarrera]Tried to do a Windows update but was told my serial number is invalid so I can only assume this installation is pirated :([/QUOTE] If this installation is, in fact pirated, we will be unable to help you further.

You have either the MENACE.A (or W95.SOFUNNY.WORM@M) virus. [b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] to TrendMicro for an on-line scan & set it to autoclean for you. Try [URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][u]this[/u][/URL] scan at Panda as well.[/b] Once done, reboot & do the following: [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished …

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no …

[b]Unzip HJT into it's own permanent folder[/b] before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive).[/color] [b]Close all (browser) windows & rescan with hijackthis.[/b] When …

Open Task Manager & end process on the following: [b]ALCXMNTR.EXE[/b] Then go to [b]C:\WINDOWS[/b] & delete [b]ALCXMNTR.EXE[/b] [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] O4 - HKLM\..\Run: …

[b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\system32\MTC.dll O2 - BHO: …

Yes, please insert hijackthis into a permanent folder first. Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it. …

[b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {4EFF3A5A-954C-23BC-8753-60550DA97519} - C:\WINDOWS\SYSTEM\SFEUB.DLL O4 - HKCU\..\Run: [Tthu] C:\WINDOWS\Profiles\Tasha\Application …

You should put hijackthis.exe into it's own folder for when it creates back-ups. [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] …

Open Task Manager & end process on the following: [b]ujzwyga.exe[/b] [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.windowws.cc/hp.htm?id=543[/url] O2 - BHO: …

Download About:buster from [url]http://malwarebytes.biz/AboutBuster.zip[/url] and unzip it to your desktop. [b]Download & instal [color=blue]Adaware[/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red]update[/color] it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' …

[b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing) O3 - Toolbar: My &Search Bar - …

[b]Download [color=blue]CWShredder[/color] from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will fix everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Internet Explorer, before running CWShredder. [color=red]Reboot.[/color] To help prevent this from happening again, install the patches for the vulnerabilities that this …

Looks like a clean log to me. Can you do a system restore back to a time you could surf? Then run Adaware & spybot.

[b]Reboot into safe mode[/b] following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & try it then.

[b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://super-spider.com/sp.htm?id=543[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://super-spider.com/sp.htm?id=543[/url] O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - …

Do you have ie-spyad installed? It enters over 4000 sites to your registry so that IE cannot go there.

WinAudit is a System info tool that performs an audit of the hardware and software configuration of your computer. It lists installed software, license information, peripherals, memory usage, processor model, network settings and more. Run a system search for the suspect files.

[b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] to TrendMicro for an on-line scan & set it to autoclean for you. Try [URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][u]this[/u][/URL] scan at Panda as well.[/b]

If you cannot update it internally, go [url=http://www.computercops.biz/downloads-file-328.html][u]here.[/u][/url] Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder. You have a few viruses running there, so, [b]go [url=http://housecall.trendmicro.com/][u]here[/u][/url] to TrendMicro for an on-line scan & set it to autoclean for you. Try [URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][u]this[/u][/URL] …

The only thing I see there is that you are in need of your Windows Microsoft updates. Please go [url=http://windowsupdate.microsoft.com/][u]here[/u][/url] & install ALL critical updates required for your system.

[URL=http://www.zonelabs.com/store/content/support/za/znalmMain.jsp]How to manually uninstall zonealarm[/URL] [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - …

[b]Reboot into safe mode[/b] following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & try it.

Download About:buster from [url]http://malwarebytes.biz/AboutBuster.zip[/url] and unzip it to your desktop. [b]Download & instal [color=blue]Adaware[/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red]update[/color] it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' …

deonnanicole is correct. As long as you are fully up-to-date with your Windows Microsoft updates, there is nothing to worry about. Set spybot to ignore that item. [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of …

Bridge.dll fix Go to Start/Programs/Accessories & select notepad. Copy then paste the following into notepad [b]REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RunDLL"=-[/b] Choose 'save as' under 'file' in notepad. a window will pop up Now name the file bridge.reg and choose 'save as type' = 'all files' (second drop down menu on pop up …

Warez P2P must go if you want to get cleaned up & stay clean :). Use LSPFIX the same way to remove calsp.dll. Both this one & lspak.dll must be deleted manually after. Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New …