crunchie

Check out this thread [url]http://www.daniweb.com/techtalkforums/thread7370.html[/url] if you still have problems, post back :).

Go to add\remove programs & uninstall the following: [b]Mywebsearch Web_Rebates[/b] Go to [url]http://www.accs-net.com/smallfish/comet.htm[/url] for removal instructions for Comet. [b]Please go [url=http://www.pchell.com/support/wintools.shtml][u]here[/u][/url] for Wintools removal instructions.[/b] 1. [b]Download and Install[/b] [URL=http://computercops.biz/downloads-file-292.html] Ad-Aware SE[/URL], keeping the default options. [b]However, some of the settings will need to be changed before your first scan[/b] …

Are you getting it whilst reading hijackthis logs? I get a few warnings from my AV on some logs that I read.

[b]Download & instal [color=blue]Adaware SE[/color] from [url=http://computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red][b]update[/b][/color] it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload …

Download Registrar Lite from here: [url]http://www.resplendence.com/download/reglite.exe[/url] Put it in its own folder. You may want to keep this program. It is an excellent free, registry editor. Install, run, copy and paste this line to reglite's address bar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs and hit the "go" tab. Find: "Appinit_Dlls" value on the right …

[b]Download sysclean (free) from Trend Micro, allow it to clean up any bad files it finds. It may take a while, so have a cuppa whilst it's running :).[/b] [url]http://www.trendmicro.com/download/dcs.asp[/url] Be sure to download and install the latest pattern file. There's a link to it at the lower left-hand colum …

[b]Clear out your Temporary internet files and other temp files. Go to Start > Settings > Control Panel >Internet Options.[/b] Under the General tab click the Delete temporary internet files, delete all Offline content as well. Clear out Cookies. Also, go to [b]Start > Find/search > Files or folders[/b] > …

Uninstall Elite(Tool)Bar from add\remove programs. [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url] R1 - …

[b]Download [color=blue]CWShredder[/color] from [url=http://computercops.biz/downloads-file-349.html][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will fix everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Internet Explorer, before running CWShredder. [color=red]Reboot.[/color] To help prevent this from happening again, install the patches for the vulnerabilities that this …

[b]Download [color=blue]CWShredder[/color] from [url=http://computercops.biz/downloads-file-349.html][u]here[/u][/url] & run it.[/b] Select the [color=red]fix[/color] button & it will fix everything related to CoolWebSearch that is stored in it's database. Close [b]ALL[/b] windows, including Internet Explorer, before running CWShredder. [color=red]Reboot.[/color] To help prevent this from happening again, install the patches for the vulnerabilities that this …

[b]Download sysclean (free) from Trend Micro, allow it to clean up any bad files it finds. It may take a while, so have a cuppa whilst it's running :).[/b] [url]http://www.trendmicro.com/download/dcs.asp[/url] Be sure to download and install the latest pattern file. There's a link to it at the lower left-hand colum …

Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Can you please download this file from here: [url=http://www.bleepingcomputer.com/files/spyware/getservice.zip]Getservice.zip[/url] Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad into this post.

Can you please download this file from here: [url=http://www.bleepingcomputer.com/files/spyware/getservice.zip]Getservice.zip[/url] Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad into this post. Also post another hijackthis log.

Open Task Manager & end process on the following:[b] sana.exe[/b] Then go to [b]C:\Documents and Settings\Administrator\Application Data[/b] & delete the file manually. [b]In order to view that file you will have to select 'show hidden files/folders.' Instructions on how to [URL=http://www.xtra.co.nz/help/0,,4155-1916458,00.html][u]here.[/u][/URL][/b] [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When …

A good site for checking your startup program list is [url]http://www.answersthatwork.com/Tasklist_pages/tasklist.htm[/url] If you have an hijackthis log you can check entries there against the one listed. Arguably the most important way to protect your system (Windows) is to keep your critical updates up-to-date. Please go [url=http://windowsupdate.microsoft.com/][u]here[/u][/url] to install them.

[b]Reboot into safe mode[/b] following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & [b]close all (browser) windows & rescan with hijackthis.[/b] When the scan is finished place a check in the box to the left of the following entries & click [color=red]'fix checked':[/color] O4 - HKLM\..\Run: [810db3798cd1] C:\WINDOWS\System32\atl34062.exe O4 - HKCU\..\Run: [IBu5RWj7T] rpcml3a.exe O16 …

<blockquote>So? Can any of these alleged "pros" help me out?</blockquote> Not this one :).

Uninstall Mywebsearch from add\remove programs. [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe, O1 - Hosts: 64.159.94.251 auto.search.msn.com …

Maybe you have locked it using one of Spybot S&D's features. It has the ability to lock the home page.

Unzipped is a permanent folder & ok to run from :). Uninstall spykiller from add remove programs. It is a bogus program. Uninstall Web_Rebates too. [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following …

Open Task Manager & end process on the following:[b] nls.exe bargains.exe[/b] Then delete; C:\Program Files\[b]NaviSearch[/b]-folder C:\Program Files\[b]BullsEye Network[/b]-folder Click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do …

[b]Download & instal [color=blue]Adaware[/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red]update[/color] it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised …

[b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank N1 - Netscape 4: user_pref("browser.startup.homepage", "R5493.ecpm.com"); (C:\Program …

1. [b]Download and Install[/b] [color=blue][URL=http://computercops.biz/downloads-file-292.html] Ad-Aware SE,[/URL][/color] keeping the default options. [b]However, some of the settings will need to be changed before your first scan[/b] 2.[b]Close ALL windows[/b] except Ad-Aware SE 3. Click on the[b]‘world’ [/b] icon at the top right of the Ad-Aware SE window and let AdAware SE …

Also for those who have the about:blank, please try this. 1. Tools | Internet Options - General tab - Home page section 2. Change Address to «about:blank» 3. Click Apply then OK 4. Restart IE 5. Reset your homepage & click apply, then ok. There has been some success with …

Open Task Manager & end process on the following:[b] wind32.exe removeme.exe cfachub.exe winssv.exe[/b] Then go to [b]C:\WINDOWS\System32[/b] & delete those files manually. [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click …

Sorry, but until you have hijackthis in a permanent folder I will be unable to help you. Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your …

Only fix these if you do [b]not[/b] have Java Sun. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) Hijackthis has a bug that misinterprets some 09 entries.

Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. …

[b]Download & instal [color=blue]Spybot S&D[/color] from [url=http://www.computercops.biz/zx/phoenix22/spybotsd13.zip][u]here.[/u][/url][/b] [color=red]Update[/color] it before scanning. After the scan is complete, have spybot fix everything marked [color=red]RED.[/color] On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a …

If you have tried to fix anything since your 1st post, please reboot, rescan with hijackthis & post that log. There is also a chance the files that need removing will change their name upon reboot.

It's ok to use that uninstaller :).

[b]Unzip HJT into it's own permanent folder[/b] before doing anything in order that the backups it creates cannot be deleted by accident. [color=red](Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive).[/color] [b][color=red]Close all (browser) windows …

Open Task Manager & end process on the following:[b] kernld32.exe[/b] Go to C:\WINDOWS\system32 & manually delete it then have hijackthis delete all reference to it.

[QUOTE=Dreg_02]You absolutely sure that's the wrong explorer? If it's not and i go deleting it, my pc is ******.[/QUOTE] Dreg_02. Please do not use inappropriate language as this is a public forum! P3-450 is correct regarding the deletion of that file.

We ask that all members who use the advice given here to be prudent before deleting any files by backing up their data. There may be occasion when unfortunately, the wrong advice is inadvertantly given.Hijackthis is a very powerful tool & must be used with wisdom. If there is anything …

Please go here for Gator removal instructions. [url]http://www.pchell.com/support/gator.shtml[/url] Uninstall Windows SyncroAd from add\remove programs. [b]Please have all files/folders set to *show.* Instructions on how to [URL=http://www.xtra.co.nz/help/0,,4155-1916458,00.html][u]here.[/u][/URL][/b] Make sure that protected system files are set to show too. [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished …

Don't see Opera there :).

Hey crazyGirl. If possible, can you reboot & post another log lease?

Did you just paste the whole log in there Dave? :). [b]Download the PeperFix.exe tool from here:[/b] [url]http://downloads.subratam.org/PeperFix.exe[/url] Click on the PeperFix.exe to launch it. Click the Find and Fix button. It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot …

AbSat. Please start your [b]own[/b] thread after doing the following: [b]Download & instal [color=blue]Adaware SE[/color] from [url=http://computercops.biz/downloads-file-292.html][u]here[/u][/url][/b] & [color=red][b]update[/b][/color] it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's …

Download: "StartDreck", from here: [url]http://www.niksoft.at/download/startdreck.htm[/url] Unzip to its own folder and start the program, Press 'Config' Press 'Unmark All' Check the following boxes only: Registry -> Run Keys System/drivers> Running processes Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as …

Please go to Start\Run & type in Msconfig. Go to startup tab & enable all to start. Reboot, rescan with hijackthis & post that log here.

Coolsearch is not CWS though :). Download sysclean from [url]http://www.trendmicro.com/download/dcs.asp[/url] making sure to download and install the latest pattern file. There's a link to it at the lower left-hand colum of the page. Note that it will not work without the pattern file which must be unzipped into the same …

[b]Please go [url=http://www.pchell.com/support/wintools.shtml][u]here[/u][/url] for Wintools removal instructions.[/b]

Open Task Manager & end process on the following:[b] msdm.exe aightn.exe MSsrvs32.exe fxpflashfix.exe[/b] Make certain that those processes have, in fact, stopped. Then go to C:\ & delete the [b]msdm.exe[/b] file manually. Go to WINNT\system32 & delete the others manually. [b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the …

[b][color=red]Close all (browser) windows & rescan with hijackthis.[/color][/b] When the scan is finished place a check in the box to the left of the following entries & click [b][color=red]'fix checked':[/color][/b] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://omegasearch.com/searchbar.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://omegasearch.com/searchbar.html[/url] O2 - BHO: (no name) - {0F8D71D4-02FD-C2F6-5003-4618BBB78685} …

Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go [url=http://www.computercops.biz/downloads-file-328.html][u]here.[/u][/url] Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder. Click My Computer, then …