crunchie

Going to hang it up here to make it easier to diagnose. Log file of ahlzper Logfile of HijackThis v1.97.7 Scan saved at 09:44:11, on 2004-04-26 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\CTSvcCDA.exe C:\WINNT\System32\svchost.exe C:\Program\Panda Software\Panda …

Please post within the one thread or you can have ppl answering both your threads & it gets confusing. Thanx. You will need to switch off system restore, do the scan & then create a new restore point. ALL previous restore points will be lost. Probably not a bad idea …

You may need a plugin for the pdf files.

Save your HJT log to text file, copy the entire log to clipboard then paste it into the body of your post here.

Ok. Please do the following & we will see if we can get it sorted for you. Download CWShredder from [url=http://www.computercops.biz/downloads-file-349.html][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch in it's database. Close ALL windows, including IE, before running CWShredder. To …

You are going to love this. You have the latest variant of the coolwebsearch infection. As of now the only fix available is very long winded & involves going into the registry. I will give you the link to the fix & you can then decide whether to go ahead …

You really need to just copy & paste your log into the body of your post, I started doing your log but it is too difficult the way you have done it. Sorry. Have a look at the way everyone else here have posted their logs & do it the …

Maybe it has something to do with remote administrator running all the time?? O4 - HKLM\..\Run: [SystemTray] SysTray.Exe added as a result of ALADINZ.P virus

First up, you've got worms. Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to autoclean for you. When done get some info on this file "C:\Program Files\Barak013\fts.exe< this one & whatever else is in the same folder with it please. Post new log with the info & also what …

Hi :D . Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder & not on the desktop).[/color] Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box= R1 - HKCU\Software\Microsoft\Internet …

There is no easy way to rid your computer of this. I will include instructions that were written by Mosaic1, a security expert on another forum. Get the latest CWShredder from this page. Do not run it yet: [url=http://www.computercops.biz/downloads-cat-14.html]CWShredder[/url] Download TheKillbox from this link: [url=http://download.broadbandmedic.com/VbStuff/KillBox.zip][u]here.[/u][/url] ------------------ Sign off the internet. …

Ok. Please do the following & we will see if we can get it sorted for you. Download CWShredder from [url=http://www.computercops.biz/downloads-file-349.html][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL windows, including IE, before running CWShredder. Reboot after doing this …

Bridge.dll is added by a nasty that has gotten into your computer. Please do the following; Download & instal Adaware from [url=http://majorgeeks.com/download.php?det=506]here[/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for …

I have the same program & delete everything it finds in unnecessary files, no problems. I don't go near the duplicate files though as I'm not sure about those.

You've got a lot more than that!! Ok. Please do the following & we will see if we can get it sorted for you. Download CWShredder from [url=http://www.computercops.biz/downloads-file-349.html]here[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & …

Hi. :) Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box= O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/125a3a50112e6a...ip/RdxIE601.cab[/url]

Ok. Please do the following & we will see if we can get it sorted for you. Download CWShredder from [url=http://www.computercops.biz/downloads-file-349.html]here[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & windows, including IE, before running CWShredder. Download …

Hi. :) Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://prosearching.com/searchbar.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://prosearching.com/searchbar.html[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://prosearching.com/searchbar.html[/url] O2 - BHO: …

Download & install Adaware, update it & in settings make sure to tick; scan within archives, deep scan registry & then in 'Tweak' tick automatically try to unregister objects prior to deletion. Run the scan & place a check next to everything it finds & remove them. Download Spybot S …

Hi. :) Ok. Please do the following & we will see if we can get it sorted for you. Download CWShredder from [url=http://www.computercops.biz/downloads-file-349.html]here[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & windows, including IE, before running …

Hi :D . Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder & not on the desktop). Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box= O16 - DPF: …

Hi :D . Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder & not on the desktop).[/color] Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box= (You MUST be …

Might be an idea to have an online scan, so go to [url]http://housecall.trendmicro.com/[/url] for an on-line scan & set it to autoclean for you.

You will need the latest version of HJT which is 1.97.7

Do you get any error messages when this happens? It could very well be spyware if you do not have error messages so try running the following programs after updating them. Download & instal Adaware from [url]http://majorgeeks.com/download.php?det=506[/url] & update it B4 scanning. In settings under 'scanning,' have it set to …

Try going to internet options/privacy/edit & add the site there accepting all cookies.

Download CWShredder from [url]http://209.133.47.200/~merijn/files/CWShredder.exe[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & windows, including IE, before running CWShredder. Reboot after doing this & post another log please. There will be more to do!!

Ok. Please do the following & we will see if we can get it sorted for you. Download CWShredder from [url]http://www.computercops.biz/downloads-file-349.html[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & windows, including IE, before running CWShredder. Download …

These three need to go too. The 1st is from seekseek, the second is unidentified trojan & the third is spyware. Close all (browser) windows & have HJT fix these entries= O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab[/url] Reboot into safe …

You have a coolwebsearch infection. Download CWShredder from [url]http://209.133.47.200/~merijn/files/CWShredder.exe[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & windows, including IE, before running CWShredder. Reboot after doing this & post another log please. Your next step is …

Close all (browser) windows & have HJT fix these entries= F0 - syst>m.ini: Shell= F0 - R >ystem.ini: Shel>= F0 - R >ystem.ini: UserInit= O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 …

Download HijackThis from [url]http://209.133.47.200/~merijn/files/HijackThis.exe[/url] & unzip it into it's own, permanent folder, not a temporary one. Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file & paste it into the body of your …

If you don't have Limeshop get rid of this too O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

Download CWShredder from [url]http://209.133.47.200/~merijn/files/CWShredder.exe[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs including IE before running CWShredder. Reboot after doing this & post another log please.

Wupdater is malware. Your best bet would be to download a program called HijackThis & post the log in the Internet Explorer forum. Download HijackThis from [url]http://209.133.47.200/~merijn/files/HijackThis.exe[/url] & unzip it into it's own, permanent folder, not a temporary one. Start HJT & press the scan button. When the scan is …

Try this. 1. Open an empty Notepad file. 2. Copy the following and paste it into the new Notepad file. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoBandCustomize"=- "NoToolbarCustomize"=- "Btn_Search"=- "SpecifyDefaultButtons"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoBandCustomize"=- "NoToolbarCustomize"=- "Btn_Search"=- "SpecifyDefaultButtons"=- 3. Save the file as 'isearchfix.reg' 4. Double click on this file and merge it into your registry. Your …

I don't know much of anything regarding the subject, but I have read on a few forums that it is very important to do a clean install of XP & not to install over the top of ME.

Download HijackThis from [url]http://209.133.47.200/~merijn/files/HijackThis.exe[/url] & unzip it into it's own, permanent folder, not a temporary one. Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file & paste it into the body of your …

Download CWShredder from [url]http://209.133.47.200/~merijn/files/CWShredder.exe[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs including IE before running CWShredder. Reboot after doing this & post another log please.

Fix this one too. O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/06f8983...ip/RdxIE601.cab[/url]

Nothing showing in your log except messenger plus. Uninstall it as it comes with Lop, nasty little critter. Download & instal Adaware from [url]http://majorgeeks.com/download.php?det=506[/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE …

Download HijackThis from [url]http://209.133.47.200/~merijn/files/HijackThis.exe[/url] & unzip it into it's own, permanent folder, not a temporary one. Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file & paste it into the body of your …

keithy. Start your own thread to avoid confusion after Downloading HijackThis from [url]http://209.133.47.200/~merijn/files/HijackThis.exe[/url] & unzip it into it's own, permanent folder, not a temporary one. Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text …

Cannot see anything in your log but try this & get back to us. BTW, did you delete anything from the log? Download CWShredder from [url]http://209.133.47.200/~merijn/files/CWShredder.exe[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs including IE before …

You have a heap of crap there, but 1st off you MUST get rid of Newdotnet. Newdotnet removal instructions here [url]http://www.newdotnet.com/#remove[/url] Then We will get you to do the following which will clean up a lot more stuff B4 we remove what is left manually using HijackThis. Download & instal …

Download CWShredder from [url]http://209.133.47.200/~merijn/files/CWShredder.exe[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs including IE before running CWShredder. Reboot after doing this & post another log please.

That doesn't look anywhere near a full log. Try this anyway. Download CWShredder from [url]http://209.133.47.200/~merijn/files/CWShredder.exe[/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs including IE before running CWShredder. Reboot after doing this & post another log FULL …

First off open Adaware & restore the back-up from your last fix that caused the problem. Do another scan after updating Adaware then carefully check what Adaware has found & select what you want it to fix. Another good program is Spybot S&D which you can get from [url]http://www.safer-networking.org/index.php?page=download[/url] Update …

This one too O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k Did you pay for spysweeper?

DO NOT DISABLE THIS ONE O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe IT IS YOUR SYSTEM RESTORE. THIS ONE IS GENUINE TOO O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe