4,383 Posted Topics
 | Re: hijack this log Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & navigate to & delete the following: C:\DOCUME~1\default\LOCALS~1\Temp< folder contents Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard … |
| | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP …  |
| | Re: slow computer Uninstall webhancer from add/remove programs. Wintools removal [url=http://www.pchell.com/support/wintools.shtml][u]here.[/u][/url] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL … |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & navigate to & delete the following: C:\DOCUME~1\Launch\LOCALS~1\Temp< folder contents C:\WINDOWS\System32\aniep.dll< file Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' … |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & navigate to & delete the following: C:\DOCUME~1\Glen\LOCALS~1\Temp< folder contents C:\WINDOWS\System\blank.htm< file C:\WINDOWS\System32\fhgkaca.dll< file Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click … |
| | |
| | [list=1][*]Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". [*]Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the … |
| | Thanx for your input & you are correct. Each different user must be cleared. |
| | Do you have any form of web filtering as in proxies?? |
| | Before we do anything it is our policy that all members run the following programs before posting a hijackthis log. Download & instal [color=blue][b]Adaware[/b][/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan … |
| | First up, welcome & well done on running Adaware & spybot first :) . Unfortunately, as you have discovered, they are unable to repair this particular hijack so please do the following: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Matt\LOCALS~1\Temp\sp.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <none> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant … |
| | Re: brrlong: HJT log Once you have done what alc6379 has suggested, please reboot & check to see if the hijack has returned. If it has, post another log as there is a manual fix for this particular hijack. |
| | You also should show a log without removing from it so that we can see what was/is there. Reboot, rescan with HJT & post that log plz. |
| | Hi & welcome to the forums. Lets see if we can't help. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html … |
| | Uninstall Bargain Buddy from add/remove programs. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/cus...://my.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = … |
| | |
| | As you also have a coolwebsearch infection there, you should also run CWShredder. Download [color=blue][b]CWShredder[/b][/color] from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot. To … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O2 - BHO: (no name) - {9B7AA30F-8FEF-4896-8DA0-D858AE072976} - c:\windows\system32\adwarepopupstopper.dll O4 - HKLM\..\Run: … |
| | Download dllfix from the following link. [url]http://tools.zerosrealm.com/dllfix.exe[/url] Create a folder on your desktop, doubleclick on the dllfix and install it into the folder you just created. 1.Run start.bat and press option 1. 'output.txt' will be created in the folder. Post the results of the log here. |
| | ComputerCops is flat out ALL the time & they are all volunteers, the same as here. Anyway.... First up, dump spyhunter. [url]http://www.netrn.net/archives2/000550.html[/url] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click … |
| | Download & instal [color=blue][b]Adaware[/b][/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised …  |
| | Download & instal Adaware from [url=http://majorgeeks.com/download.php?det=506][u]here[/u][/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised …  |
| | Re: HJT Log file Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] O1 - Hosts: 69.20.16.183 ieautosearch O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab[/url] O16 … |
| | Re: Pop-up windows Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - … |
| | On top of what caperjack has instructed, please Can you download the following app & run it, making sure to have one internet exploder window open. Save the log & paste the results back here. [url=http://tools.zerosrealm.com/VX2Finder.exe][u]VX2Finder[/u][/url] |
| | Wintools removal [url=http://www.pchell.com/support/wintools.shtml][u]here.[/u][/url] Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: … |
| | Download CWShredder from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot. To help prevent this from happening again, install the patches for the vulnerabilities that … |
| | [QUOTE=Firedad]I too have the same problem but do not know how to get to the programs you guys are talking about. I am new to this stuff. If anyone can assist a newbe, that would be me, I would apprieciate it. I get the Windows/system/ bridge.dll not found error. Capperjack … |
| | Bridge.dll is added as a result of malware. Please do the following: Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & … |
| | Yzk. Will just give you a hand on this one if you don't mind :) . Undiscovered Nu, Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O1 … |
| | Download HijackThis from [url=http://www.computercops.biz/downloads-file-328.html][u]here[/u][/url] & unzip it into it's own, permanent folder, [color=red](Not a temporary folder or the desktop & not directly on your hard drive)[/color]. If you have anything disabled in MsConfig, please re-enable it/them. Start HJT & with all browser windows closed, press the scan button. When the …  |
| | [QUOTE=pmurthy]I have the same problem except that my homepage gets set to some other dll file. I tried deleteing that dll file from the windows system folder, but it made a new one with some freaking name and then I deleted that and it made a new one. This is … |
| | These too. O2 - BHO: (no name) - {8C02662B-0276-4B52-B8CE-DC2BEF2B5912} - C:\WINDOWS\System32\cooabe.dll O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Clear the contents of this folder in safe mode: C:\DOCUME~1\dom\LOCALS~1\Temp<<<< In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to [url=http://www.xtra.co.nz/help/0,,4155-1916458,00.html][u]here.[/u][/url] |
| | Re: My HJT log Hmmm. No comment. Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to autoclean for you. When done do the following: Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix … |
| | Dump spykiller as it dumps spyware on your comp. [url]http://www.netrn.net/archives2/000550.html[/url] Download dllfix from the following link. [url]http://tools.zerosrealm.com/dllfix.exe[/url] Create a folder on your desktop, doubleclick on the dllfix and install it into the folder you just created. 1.Run start.bat and press option 1. 'output.txt' will be created in the folder. Post … |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & navigate to & delete the following: C:\WINDOWS\System32\ocfmmnd.dll< file C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp< folder contents In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to [url=http://www.xtra.co.nz/help/0,,4155-1916458,00.html][u]here.[/u][/url] Close all (browser) windows & rescan with hijackthis. When the scan … |
| | Re: Iexplorer.exe Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. … |
| | Re: hijack this log Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in … |
| | First up, move HJT to it's own, permanent folder. [list=1][*]Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". [*]Press Ctrl+Alt+Delete once => Click Task … |
| | Try these first. Download & instal [color=blue][b]Adaware[/b][/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it … |
| | Uninstall Mywebsearch from add/remove programs. -------------------------------------------------------------------------- [list=1][*]Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". [*]Press Ctrl+Alt+Delete once => Click Task Manager => Click … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL O4 - HKLM\..\Run: … |
| | Re: bxxs.5 error Download & instal [color=blue][b]Adaware[/b][/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised … |
| | Only baddy that I can see is: O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/2484009...ip/RdxIE601.cab[/url] Have HJT remove it after closing all windows. Try a defrag & diskcheck. |
| | Download CWShredder from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot. To help prevent this from happening again, install the patches for the vulnerabilities that … |
| | Download & instal [color=blue][b]Adaware[/b][/color] from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised … |
| | Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in … |
| | Wintools removal [url=http://www.pchell.com/support/wintools.shtml][u]here.[/u][/url] Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to autoclean for you. Download [color=blue][b]CWShredder[/b][/color] from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load O15 … |
The End.