4,383 Posted Topics
 | [b]Unzip HJT into it's own permanent folder[/b] before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive).[/color] [b]Close all (browser) windows & rescan with hijackthis.[/b] When …  |
| | |
 | [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} … |
| | Can you please post the normal log. Unzip it into it's own, permanent folder, [color=red](Not a temporary folder or the desktop (in a folder on the desktop is fine) & not directly on your hard drive)[/color]. If you have anything disabled in MsConfig, please re-enable it/them. Start HJT & with … |
| | [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] … |
| | [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} … |
| | If you do not have Adaware then download it, but do not run it yet. [b]Download & instal [color=blue]Adaware[/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red]update[/color] it. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan … |
| | Have merged your threads. Please stay with this one until your problem is resolved. |
| | Empty the TIF (Temporary Internet Files) To do so use Control Panel > Internet Options(or right click the IE icon on the desktop and choose Properties) Click Delete Files on the General Tab - place a check in the Delete all offline content box and then press OK Delete all … |
| | [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://mysearchnow.com/passthrough/.../www.google.dk/[/url] O2 - BHO: rtc - {0610C4E6-A0D0-45d8-B6CB-3CCD74296EBB} - C:\WINDOWS\System32\rtc.dll O2 - BHO: Wipemove - … |
| | Possibly something to do with this entry: O4 - Startup: Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE  |
| | That looks like an incomplete log? [b]Download [color=blue]CWShredder[/color] from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will fix everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Iinternet Explorer, before running CWShredder. [color=red]Reboot.[/color] To help prevent this from happening again, install the … |
| | [b]Unzip HJT into it's own permanent folder[/b] before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive).[/color] [b]Close all (browser) windows & rescan with hijackthis.[/b] When … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O4 - HKCU\..\Run: [WCPI] C:\WINDOWS\system32\wintsvit.exe O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - [url]http://217.73.66.1/del/d_a_loader.cab[/url] Reboot into … |
| | [b]Please go [url=http://www.pchell.com/support/wintools.shtml][u]here[/u][/url] for Wintools removal instructions.[/b] [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://look-today.com/searchbar.html[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = … |
| | [b]Download & instal [color=blue]Adaware[/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red]update[/color] it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised … |
| | Re: manager e-mail Opera is free but has an advertisement on the toolbar. The built in mail client has a good spam filter too. |
| | Re: Homepage resets R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no … |
| | Re: Tracking cookie Try this site [url]http://www.snapfiles.com/Freeware/security/fwcookiemanager.html[/url] |
| | [b]Download the PeperFix.exe tool from here:[/b] [url]http://downloads.subratam.org/PeperFix.exe[/url] Click on the PeperFix.exe to launch it. Click the Find and Fix button. It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files. Ensure that you are … |
| | [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing) O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program … |
| | I would first try a few thingz, it won't hurt :) . [b]Download & instal [color=blue]Adaware[/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red]update[/color] it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my … |
| | Please do this first & we will get rid of the hijacker second. [b]First of all we have to remove Newdotnet,[/b] either from add/remove programs, or by going [url=http://www.newdotnet.com/#remove][u]here.[/u][/url] & scrolling down to the uninstall tool. [b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to autoclean for you.[/b] [b]Try … |
| | Clear your restore points now like so.. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Reboot. [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place … |
| | [QUOTE=mikeds]Hello, My startpage is hijacked by a website called [url]www.e-catalog.org[/url], can't get ride of it. Help, Mike[/QUOTE] Hi. The real reason you are asked to follow links is not because we do not know, but because we ask that you try remedies that have worked successfully without having to repeat …  |
| | If you have the latest variant of CWS you may have to reformat. In the meantime try the following. Download CWShredder from [url=http://www.computercops.biz/downloads-file-349.html][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch in it's database. Close ALL windows, including IE, before running … |
| | Try going to Control Panel\Folder Options\File Types & highlight the file extension type you want & set it to associate with IE. |
 | Re: browser hijack [b]Reboot into safe mode[/b] following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & open Task Manager & end process on this file if there: [b]monitor.exe[/b] [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix … |
| | Re: Very Slow Log-in Click [url=http://www.resplendence.com/reglite][u]here[/u][/url] to download and install Registrar Lite. Install, run, copy and paste this line to reglite's address bar: [b]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs[/b] and hit the "go" tab. Find: "Appinit_Dlls" value on the right side panel, DoubleClick, copy and post here the information in the 'Value' field. Click [url=http://freeatlast100.100free.com/][u]here[/u][/url] or [url=http://downloads.subratam.org/FINDnFIX.exe][u]here[/u][/url] to … |
| | Re: Hijackthis log [b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to autoclean for you.[/b] [b]Try [URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][u]this[/u][/URL] scan as well.[/b] That is only half a log so I can offer no more advice until the complete log is posted. |
| | Hi & welcome :) . Let's have a look at your log. First up, [b]Unzip HJT into it's own permanent folder[/b] before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not … |
| | Open Task Manager & end process on the following: taskmgn.exe Then delete the file C:\WINDOWS\System32\[b]taskmgn.exe[/b] [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R3 - Default URLSearchHook is … |
| | [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [RunDLL] … |
| | [list=1][*]Make sure your settings allow you to view "Hidden files" & "hide protected operating system files" is unchecked. Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". [*]Press Ctrl+Alt+Delete once => Click Task Manager … |
| | [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus.../search/ie.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus.../search/ie.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] … |
| | Re: Hijack Help [list=1][*]Make sure your settings allow you to view "Hidden files" & "hide protected operating system files" is unchecked. Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". [*]Press Ctrl+Alt+Delete once => Click Task Manager … |
| | [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL [b]Reboot … |
| | First of all you never included the top half of the log. This is required so that we can view running processes, see where you have located hijackthis etc. The following is what I would fix, but not without seeing your entire log. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - … |
| | |
| | You may want to go here to read about xoftspy, it's a bit of a scam. [url]http://www.spywarewarrior.com/rogue_anti-spyware.htm[/url] You might try this: Download the Hoster from here: [url]http://members.aol.com/toadbee/hoster.zip[/url] Press 'Restore Original Hosts' and press 'OK' Exit Program. |
 | Long, but not that bad. At the top of this forum is the following thread, [url]http://www.daniweb.com/techtalkforums/thread7370.html[/url] please read. [b]Unzip HJT into it's own permanent folder[/b] before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard … |
| | Also fix this with hijackthis: O4 - HKCU\..\Run: [window.exe] C:\WINDOWX\System32\window.exe [b]Reboot into safe mode[/b] following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & navigate to & delete the following if found: C:\WINDOWX\System32\[b]window.exe[/b] [b]Reboot normally.[/b] Post another log after following the instructions given at the link that catweazle gave. |
| | [b]Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to autoclean for you.[/b] Try [url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][u]this[/u][/url] scan as well. [b]Download [color=blue]CWShredder[/color] from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Iinternet … |
| | Re: about:blank Where are you running hijackthis from? You need to have it somewhere that it can create backups, but not in a temporary folder. Reboot then rescan with hijackthis & post that log plz. |
| | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) … |
 | Cannot reply as I have logged off! |
| | Please read before you post! [url]http://www.daniweb.com/techtalkforums/announcement.php?f=29&announcementid=1[/url] Tells where to post hijackthis logs. |
| | Re: Bridge.dll Hi. Just to let you know, there is a thread at the top of this forum dealing with bridge.dll :) but as you have other problems as well, we will give you a fix :) . [b]Unzip HJT into it's own permanent folder[/b] before doing anything in order for it … |
| | B4 I burned it to CD though, I would copy the OS installation CD to my hard drive, copy the service packs into a folder, then slipstream them together so that when I reinstalled my OS I would have ALL my service packs etc installed. :) |
| | You will need to disable spywareguard before scanning with hijackthis as it prevents the hijacker from loading. So, disable spywareguard, reboot, create a new folder on your desktop & call it hijackthis or similar & move the hijackthis.exe file into it before scanning. |
The End.