crunchie

Download & instal Adaware from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised …

I get 2 email notices for one reply. Happened again this morning. Happened quite a lot in the last couple of weeks.

Can you please do the following. =============== Please visit at least two of the following sites for an online virus scan: BitDefender Free Online Virus Scan [url]http://www.bitdefender.com/scan/licence.php[/url] Make sure you tick [b]AutoClean[/b] under [b]Scan Options.[/b] Panda ActiveScan [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] Make sure you tick [b]Disinfect automatically[/b] under [b]Scan Options.[/b] Housecall at TrendMicro …

Hi and welcome to Daniweb forums :). Can you please do the following. =============== I'd [b]recommend[/b] that you install all the [color=#ff0000][b][i]critical windows updates[/i][/b][/color] available from [b]Microsoft[/b], up to [i]service pack 1[/i]. This will help to make your system more secure and prevent many '[i]problems[/i]' from reoccurring in the future. …

Spybot is waiting for a reboot, so if you haven't already restarted, please do so before going ahead with the following. [b]Please go [url=http://www.pchell.com/support/wintools.shtml][u]here[/u][/url] for Wintools removal instructions.[/b] [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left …

You have the Xabot virus. Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place …

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\SYSTEM\PDF01D5.DLL O4 - HKLM\..\Run: [wininetd] C:\WINDOWS\SYSTEM\wininetd.exe Reboot into safe mode following …

You have a hijacker that is very complicated to remove. Want to try it?

[b]Download [color=blue]HijackThis[/color] [b][color=red]self-extracting[/color][/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you …

[b]First of all we have to remove Newdotnet,[/b] either from add/remove programs, or by going [url=http://www.newdotnet.com/removal.html][u]here[/u][/url] and scrolling down to the uninstall tool. == Move hijackthis into a permanent folder before your next post please. In a temp folder you will lose the program and it's backups when the temp …

Hi and welcome to Daniweb forums :). Please visit at least two of the following sites for an online virus scan: BitDefender Free Online Virus Scan [url]http://www.bitdefender.com/scan/licence.php[/url] Make sure you tick [b]AutoClean[/b] under [b]Scan Options.[/b] Panda ActiveScan [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] Make sure you tick [b]Disinfect automatically[/b] under [b]Scan Options.[/b] Housecall at TrendMicro …

Please download [url=http://www.atribune.org/ccount/click.php?id=4][b][color=red]VundoFix.exe[/color][/b][/url] to your desktop.[list] [*]Double-click [b]VundoFix.exe[/b] to run it. [*]Click the [b]Scan for Vundo[/b] button. [*]Once it's done scanning, click the [b]Remove Vundo[/b] button. [*]You will receive a prompt asking if you want to remove the files, click [b]YES[/b] [*]Once you click yes, your desktop will go blank …

Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that …

Can you please do the following. =============== Go to [b]Add/Remove programs[/b] and remove(uninstall) the following, if present: [b][color=#ff0000]MyWebSearch[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Scan with [b]HiJackThis,[/b] then check(tick) the following, if present: [color=#9933cc][b] R1 - HKCU\Software\Microsoft\Internet …

Hi and welcome to Daniweb forums :). Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if …

Can you please do the following. =============== Scan with [b]HiJackThis,[/b] then check(tick) the following, if present: [color=#9933cc][b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dell4me.com/myway[/url] [/b][/color] [color=#9933cc][b] F2 - REG:system.ini: Shell= [/b][/color] [color=#9933cc][b] F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe [/b][/color] [color=#9933cc][b] O8 - Extra context menu item: &Search - [url]http://ka.bar.need2find.com/KA/menusearch.html?p=KA[/url] [/b][/color] [color=#9933cc][b] O9 - …

Can you please do the following. =============== Scan with [b]HiJackThis,[/b] then check(tick) the following, if present: [color=#9933cc][b] O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file) [/b][/color] Now, close [b]all[/b] instances of Internet Explorer and any other …

You still have the CWS infection. Which version of the shredder do you have? It should be 1.59.1 & [b]ALL[/b] windows, browser & folder, [b]must[/b] be [b]closed[/b] when [b]fixing[/b] with hijackthis or it will [b]not[/b] work. [b]Close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place …

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please download [url=http://www.ewido.net/en/download/][b][color=blue]Ewido Anti-Malware[/color][/b][/url] it is a free version of the program.[list=1] [*]Install Ewido Anti-Malware …

Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that …

Hi and welcome to Daniweb forums :). == Please download <a href="http://www.atribune.org/ccount/click.php?id=7" rel="nofollow">Look2Me-Destroyer.exe</a> to your desktop. Close all windows before continuing. Double-click Look2Me-Destroyer.exe to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately …

Messenger Plus comes bundled with LOP :). You can reinstall Messenger Plus without the sponsor during the install process.

Hi and welcome to Daniweb forums :). Please download [url=http://www.atribune.org/ccount/click.php?id=7]Look2Me-Destroyer.exe[/url] to your desktop. Close all windows before continuing. Double-click [color=blue]Look2Me-Destroyer.exe[/color] to run it. Put a check next to [color=blue]Run this program as a task.[/color] You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click …

ciderman22, Hi and welcome to the Daniweb forums :). =============== Please visit at least two of the following sites for an online virus scan: BitDefender Free Online Virus Scan [url]http://www.bitdefender.com/scan/licence.php[/url] Make sure you tick [b]AutoClean[/b] under [b]Scan Options.[/b] Panda ActiveScan [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] Make sure you tick [b]Disinfect automatically[/b] under [b]Scan Options.[/b] …

Hi. Please do [b]not[/b] split the log as it makes it harder (for me at least :)) to read. Also, do not edit out any entries, they are [b]all[/b] important. = Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder …

Can you please do the following. =============== Scan with [b]HiJackThis,[/b] then check(tick) the following, if present: [color=#9933cc][b] O4 - Startup: csrss.lnk = ? [/b][/color] [color=#9933cc][b] O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) [/b][/color] [color=#9933cc][b] O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe …

Please go [url=http://windowsupdate.microsoft.com/][u]here[/u][/url] & install ALL critical updates required for your system, including service pack 1a for both XP and IE6. Most malware is designed to attack unpatched XP systems - exploiting the available 'holes' - and can bypass third-party protection on an unpatched system. The most that can be …

Please go to [url=http://virusscan.jotti.org/][u]Jotti's[/u][/url] and have these files scanned. Post the results back here. C:\WINDOWS\system32\[b]osk.exe[/b] C:\WINDOWS\system32\[b]MSSWCHX.EXE[/b]

Maybe you could do it in 'safe' mode?

Hi. Welcome to Daniweb forums :). You are running hijackthis from a temporary folder. You need to create a new folder in a permanent directory of your choice, (a folder on the desktop is fine) name the new folder [b]hijackthis[/b] and move or unzip hijackthis.exe into that folder. Once you …

Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that …

Please download [url=http://www.atribune.org/ccount/click.php?id=4][b][color=red]VundoFix.exe[/color][/b][/url] to your desktop.[list] [*]Double-click [b]VundoFix.exe[/b] to run it. [*]Click the [b]Scan for Vundo[/b] button. [*]Once it's done scanning, click the [b]Remove Vundo[/b] button. [*]You will receive a prompt asking if you want to remove the files, click [b]YES[/b] [*]Once you click yes, your desktop will go blank …

Hi. Welcome to Daniweb forums :). You are running hijackthis from a temporary folder. You need to create a new folder in a permanent directory of your choice, (a folder on the desktop is fine) name the new folder [b]hijackthis[/b] and move or unzip hijackthis.exe into that folder. == Please …

Please download the trial version of Ewido anti-malware here: [url]http://www.ewido.net/en/download/[/url] Install it, and update the definitions to the newest files. Do [b]NOT[/b] run a scan yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during …

Hi and welcome to Daniweb forums :). == [b]Download [color=blue]HijackThis[/color] [b][color=red]self-extracting[/color][/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start HJT & press the "Do a system scan and save a log file" button. When the scan is …

Please download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][b][color=red]SmitfraudFix[/color][/b][/url] (by [b]S!Ri[/b]) Extract the content (a folder named [b]SmitfraudFix[/b]) to your Desktop. Open the [b]SmitfraudFix[/b] folder and double-click [b]smitfraudfix.cmd[/b] Select option #1 - [b]Search[/b] by typing [b]1[/b] and press "[b]Enter[/b]"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that …

Could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run the [color=blue]Lop Remover[/color] from: [url]http://66.220.17.157/help.html[/url] == …

Download the [url=http://www.funkytoad.com/download/hoster.zip][color=blue]Hoster.[/color][/url] Run it and press "Restore Original Hosts" and press "OK". Exit Program. Note that if you have a custom host file, this will remove it. You can edit the host file with this program too. == Try running [url=http://windowsxp.mvps.org/IEFIX.htm][color=blue]IEFIX.htm[/color][/url] which will repair IE and run a System …

Download [url=http://users.telenet.be/marcvn/tools/haxfix.exe][color=blue][b]haxfix.exe[/b][/color][/url] and save it to your desktop. [list] [*]Double click on [b]haxfix.exe[/b] to install haxfix. (standard installation path is c:\program Files\haxfix) [*]Checkmark "Create a desktop icon" [*]Click "Next" [*]When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed [*]Click "Finish"[/list] A red "dos window" (dos …

Hi dustdogz. =============== Let's look for, and delete, any program segments([i]prefetches[/i]) that might be present, and are associated with the '[i]problems[/i]' we're trying to remove from this system. To do this, let's: 1) Click "[b][i]Start | Search[/i][/b]", then search for each of these program's [i]base name(s)[/i], in all files and …

You need to update hijackthis to version 1.99.1. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go [url=http://www.malwareremoval.com/downloads.html][u]here[/u][/url] and download the [b]selfextracting[/b] zip version. Remove the old version by opening the program, going to config\misc tools, then uninstall & exit. You then have …

Have you tried here [url]http://www.macromedia.com/shockwave/welcome/[/url] ?

[QUOTE=candy01]what ami proving?[/QUOTE] I assume it would be either that you [i]are[/i] hot in bed, or that sex is great :D. ;)

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run the [color=blue]Lop Remover[/color] …

Hi Katie and welcome to Daniweb forums :). Presuming you are using W2K or Xp, please do the following; [b]Download [color=blue]HijackThis[/color] [b][color=red]self-extracting[/color][/b] zip version from [url=http://www.malwareremoval.com/downloads.html][u]here.[/u][/url][/b] Once downloaded, double click on the file & it will install into it's own, permanent folder. Start HJT & press the "Do a system …

Hi and welcome to Daniweb forums :). Can you please do the following. Run the PurityScan [url=http://www.purityscan.com/uninstall.html][u]uninstaller.[/u][/url] =============== Please visit at least two of the following sites for an online virus scan: BitDefender Free Online Virus Scan [url]http://www.bitdefender.com/scan/licence.php[/url] Make sure you tick [b]AutoClean[/b] under [b]Scan Options.[/b] Panda ActiveScan [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] Make …

Download [color=blue][b]CWShredder 2.19[/b][/color] from [url=http://www.intermute.com/products/cwshredder.html][u]here.[/u][/url] Download[url=http://www.derbilk.de/SpSeHjfix112.zip]'SpSeHjfix'[/url] to the desktop and then right click a blank part of the desktop and select new folder, call it spfix unzip the file into that folder. [color=red]Disconnect from the net and Close ALL OPEN PROGRAMS.[/color] Run 'SpSeHjfix'. and click on "Start Disinfection". When it's …

Hi and welcome to Daniweb forums :). Please download [b][url=http://www.merijn.org/files/bfu.zip][color=red]Brute Force Uninstaller[/color][/url][/b] to your desktop. (rightclick on this link and choose save as, if using IE save target as)[list] [*]Right click the BFU folder on your desktop, and choose [b]Extract All[/b] [*]Click "Next" [*]In the box to choose where to …

Rescan and save the log from hijackthis. Go into the notepad text file where the hijackthis log is saved and go to the 'Format' button at the top. Place a check (tick) next to word wrap and that should fix it.

zoeysmiles, Hi and welcome to the Daniweb forums :). =============== Scan with [b]HiJackThis,[/b] then check(tick) the following, if present: [color=#9933cc][b] O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE [/b][/color] [color=#9933cc][b] O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe [/b][/color] Now, close …