4,383 Posted Topics
 | KIP, Hello! and welcome to the Daniweb forums. =============== Before we begin, let's move [b]HiJackThis[/b] to it's own folder; like [b]c:\HJT[/b]. When we're done '[i]cleaning[/i]' off your system, we're going to '[i]flush[/i]' the temporary folders which, with [b]HiJackThis[/b] [color=#ff0000][i]in it's current location, we'll lose both the program and the backups … |
| | You are hosting a mailing service on your pc. Let's get rid of it :). Please download FileFind from Atribune: [url]http://www.atribune.org/downloads/FileFind.zip[/url] Unzip the file and save it to your desktop. To run FileFind, please do the following: * Click on FileFind.exe * In the box labeled "Enter the directory to …  |
| | Can you please do the following. =============== Scan with [b]HijackThis[/b] and then place a check next to all the following, if present: [color=#9933cc][b] O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe (file missing) [/b][/color] [color=#9933cc][b] O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe (file missing) … |
| | You can keep both Panda and Ewido (AVG anti-spyware now) as Ewido is NOT an AV. Probably meant F-Prot. Just stop one from starting with windows and use it as an on-demand scanner. |
| | Hi and welcome to Daniweb forums :). Can you please do the following. =============== Scan with [b]HijackThis[/b] and then place a check next to all the following, if present: [color=#9933cc][b] O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [endr] C:\WINDOWS\System32\endr.exe [/b][/color] [color=#9933cc][b] O4 … |
| | Hi and welcome to Daniweb forums :). Can you please do the following. =============== Run [b]HiJackThis[/b] then: 1. Click "[b][i]Open the Misc Tools Section[/i][/b]" 2. Click "[b][i]Open Process manager[/i][/b]" - Next, while holding down the [b]CTRL[/b] key, locate ([i]if present[/i]) and click on ([i]highlight[/i]) each of the following: [b][color=#000000]C:\WINDOWS\[/color][color=#ff0000]lsass.exe[/color][/b] Now …  |
| | Hi and welcome to Daniweb forums :). Can you please do the following. =============== Before we begin, let's move [b]HiJackThis[/b] to it's own folder; like [b]c:\HJT[/b]. When we're done '[i]cleaning[/i]' off your system, we're going to '[i]flush[/i]' the temporary folders which, with [b]HiJackThis[/b] [color=#ff0000][i]in it's current location, we'll lose both … |
| | Run this one too; Please download [url=http://www.atribune.org/ccount/click.php?id=4][color=blue]VundoFix.exe[/color][/url] to your desktop.[list] [*] Double-click [b]VundoFix.exe[/b] to run it. [*]Click the [b]Scan for Vundo[/b] button. [*] Once it's done scanning, click the [b]Remove Vundo[/b] button. [*] You will receive a prompt asking if you want to remove the files, click [b]YES[/b] [*] Once … |
| | Having a few problems in the hijackthis forum with the way logs are being formatted. [url]http://www.daniweb.com/techtalkforums/thread66064.html[/url] The only way to read them is to "Reply with Quote" and the log is then rendered correctly in the reply box. Any chance of getting this sorted please? :). |
| | Re: Immortal vermin? Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that … |
| | Please download FixWareout from one of these sites: [url]http://downloads.subratam.org/Fixwareout.exe[/url] [url]http://swandog46.geekstogo.com/Fixwareout.exe[/url] Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your … |
| | [b]Download [color=blue]HijackThis[/color] [b][color=red]self-extracting[/color][/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you … |
| | Hi and welcome to Daniweb forums :). Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if … |
| | Re: spyware I see nothing in your log to suggest anything untoward. What problems are you having? You can try the following; Please download and install [url=http://www.ewido.net/en/product/][b][color=blue]AVG antispyware tool[/color][/b][color=blue][/color][/url][list][*][color=red]Close all other Applications[/color] Select language click [b]Ok[/b][*]Click [b]I Agree [/b][*]Click[b] next[/b][*]Click [b]Install[/b][*]Click[b] Finish[/b][*]Wait and AVG antispyware will open to the main screen automatically.[*]Wait … |
| | Can you please do the following. =============== Go to [b]Add/Remove programs[/b] and uninstall the following, if present: [b][color=#ff0000]SideFind[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Scan with [b]HijackThis[/b] and then place a check next to all the following, … |
| | Also, [b]Download LSPfix from [url=http://www.computercops.biz/downloads-file-334.html][u]here[/u][/url][/b] On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "osmim.dll" [b](and nothing else),[/b] and move them to the "Remove" pane. Then click Finish. |
| | Can you please do the following. =============== You will have to disable [b]Spybot's Teatimer[/b] before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the [b]Mode[/b] button and select [b]Advanced.[/b] Go to [b]Tools > Resident[/b] and uncheck the box next … |
| | Re: infections You should also do the following; Please download FixWareout from one of these sites: [url]http://downloads.subratam.org/Fixwareout.exe[/url] [url]http://swandog46.geekstogo.com/Fixwareout.exe[/url] Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot … |
| | Re: IE Hijacker I would suggest that you restore everything you 'fixed' with hijackthis. reboot, rescan with hijackthis and post the log back here. Hopefully you haven't deleted something that is critical :D. |
| | [b]Unzip HJT into it's own permanent folder[/b] before doing anything in order that the backups it creates cannot be deleted by accident. [color=red](Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive).[/color] [b][color=red]Close all (browser) windows … |
| | Can you please do the following. =============== Go to [b]Add/Remove programs[/b] and uninstall the following, if present: [b][color=#ff0000]Toolbar888[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Next, Open a [b]command prompt[/b] by: 1. Clicking "[b]Start[/b]", then "[b]Run...[/b]". 2. Enter … |
| | Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that … |
| | The tool I use to diagnose HJT logs spits out all the bad entries it finds, so you can pick through what malware you wish to leave on your pc :). Please run the PurityScan [url=http://www.purityscan.com/uninstall.html][u]uninstaller.[/u][/url] == Can you please do the following. =============== When we're done cleaning off your … |
| | Can you please do the following. =============== Go to [b]Add/Remove programs[/b] and uninstall the following, if present: [b][color=#ff0000]MyWebSearch[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Scan with [b]HijackThis[/b] and then place a check next to all the following, … |
 | Hi Dani. I have got four digests in the last two days myself :). Came home from work and there were two identical digests in my inbox. |
| | Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that … |
| | At a guess I would say that you have those options disabled/protected by Spybot S&D.  |
| | Open IE and go to Tools\Internet Options. Hit the security Tab and select the default button. Hit apply and then ok. Try to update again. You can also put the site into your trusted zone. If that does not work, perhaps it is Microsoft's AntiSpyWare that is preventing the install? … |
| | |
 | Connection Type: ADSL Connection Speed: 1.5Mb/256Mb Cost Per Month: $AU60 10Gig limit Country: Australia Name Of ISP:Westnet  |
| | 99.9% Opera user. 3.7 Mb download with all the bells and whistles :). Have firefox but use it seldom. Too many add-ons needed to bring it even remotely close to Opera. Use IE only for microsoft updates.  |
 | Re: My Birthday Thank you all for your well wishes, but things are going way off topic now, so I will close this thread :). |
 | Not seeing anything bad in your log. You may want to try uninstalling FF and download the latest version. Version 2.0 being it. |
| | [b]Download [color=blue]CWShredder[/color] from [url=http://computercops.biz/downloads-file-349.html][u]here.[/u][/url] [b]Reboot into safe mode[/b] following the instructions [url=http://www.xtra.co.nz/help/0,,6156-1377929,00.html][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will fix everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Internet Explorer, before running CWShredder. [color=red]Reboot normally.[/color] To help prevent this from happening … |
 | Have some members who post with spyware problems zip up some of their nasties & email them to you. |
| | Can you please do the following. =============== Before we begin, let's move [b]HiJackThis[/b] to it's own folder; like [b]c:\HJT[/b]. When we're done '[i]cleaning[/i]' off your system, we're going to '[i]flush[/i]' the temporary folders which, with [b]HiJackThis[/b] [color=#ff0000][i]in it's current location, we'll lose both the program and the backups it creates. … |
| | Can you please do the following. =============== Scan with [b]HiJackThis,[/b] then check(tick) the following, if present: [color=#9933cc][b] O2 - BHO: KGhost - {968BC8A3-7660-4B12-B2BF-3334775835E1} - C:\Program Files\NetMeeting\KG\KGhost.dll [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {D7AAF73A-7ACF-B386-D975-9FB5CDD1F829} - C:\WINDOWS\efmme.dll [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [jyxsd] C:\WINDOWS\jyxsd.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [XtTb.exe] … |
| | Hi and welcome to Daniweb forums :). Can you please do the following. =============== Go to [b]Add/Remove programs[/b] and remove(uninstall) the following, if present: [b][color=#ff0000]MyWebSearch[/color][/b] [b][color=#ff0000]NewDotNet[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Scan with [b]HijackThis[/b] and then … |
| | |
| | O4 - Startup: PowerReg Scheduler.exe I generally fix it with hijackthis as it is not required. [url]http://www.leadertech.com/ereg.html[/url]  |
| | Can you please do the following. =============== Download, then unzip to "[b]C:\HJT[/b]", the newest version of [url=http://www.spywareinfo.com/~merijn/files/hijackthis.zip]HiJackThis[/url]; [i]version 1.99.1[/i]. Then repost your log, either now, or after following the steps in the solution ([i]if provided in this post[/i]). [color=#ff0000][i]This version has features that might be more helpful in 'cleaning' up … |
| | Jam. That's almost as bad as the one selling empty Windows folders :). [url]http://cgi.ebay.co.uk/Goldfish-Coffin-R-I-P_W0QQitemZ170016556236QQihZ007QQcategoryZ3212QQrdZ1QQcmdZViewItem[/url]  |
 | |
| |  |
| | Hi and welcome to Daniweb :). I have split your post out to your own thread. It's as easy to start a new one as it is to reply to one :). == You may want to print out or make a copy of these instructions before starting, because you … |
| | Hi and welcome to Daniweb :). [b]Download [color=blue]HijackThis[/color] [b][color=red]self-extracting[/color][/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a … |
| | Hi and welcome to Daniweb forums :). Can you please do the following. =============== We'll need to disable [b]AdAware's [i]AdWatch[/i][/b], since it might interfere with other program(s) we might be using to 'clean' off your system; you can re-enable it after we're done. To disable this feature, run [b]AdAware SE[/b], … |
| | Can you please do the following. =============== Go to [b]Add/Remove programs[/b] and remove(uninstall) the following, if present: [b][color=#ff0000]NavHelper[/color][/b] [b][color=#ff0000]Red Swoosh[/color][/b] [b][color=#ff0000]WildTangent[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Next, Open a [b]command prompt[/b] by: 1. Clicking "[b]Start[/b]", then … |
| | Please run the PurityScan [url=http://www.purityscan.com/uninstall.html][u]uninstaller.[/u][/url] == Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if present). … |
| | Can you please do the following. =============== Scan with [b]HijackThis[/b] and then place a check next to all the following, if present: [color=#9933cc][b] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm [/b][/color] [color=#9933cc][b] O2 - BHO: SpoofBHO Class - {07A78AEA-4A54-4967-9A60-4B68592D30C7} - C:\WINDOWS\se_spoof.dll (file missing) [/b][/color] [color=#9933cc][b] O2 - BHO: ChangerBHO Class … |
The End.