4,383 Posted Topics
 | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load Reboot …  |
| | Marking this as solved. Others with similar problems, please start your own thread. Thank you.  |
| | Please do not post duplicate threads. Have already given suggestion at your other thread here [url]http://www.daniweb.com/techtalkforums/thread6586.html[/url] |
| | Just a thought. Are you running some sort of AD filter? I use proxomitron & found that I could not send mail from Hotmail until I bypassed the filter in proxo. Works now. |
| | Hi & welcome to the forums. Lets see if we can sort it for you. Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all … |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. … |
| | Did you run Adaware & Spybot as Caperjack suggested? |
| | Go to [url]www.grc.com[/url] & download shoot the messenger. This will disable it. Or you can go into *services* & disable it yourself. |
| | Re: HijackThis log If you cannot get rid of wintools try this. Wintools removal [url=http://www.pchell.com/support/wintools.shtml][u]here.[/u][/url] |
| | Try the PurityScan [url=http://www.purityscan.com/ps_uninstaller.exe][u]uninstaller.[/u][/url] |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O4 - HKLM\..\Run: [eginir] C:\WINDOWS\System32\eginir.exe O4 - HKLM\..\Run: [gvthilnflxw] C:\WINDOWS\System32\eflkjfd.exe O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe Reboot into safe mode … |
| | First of all you need to flush your system restore to get rid of the virus. Switch off system restore (Note that a new one will be created from here on & you will lose all previous restore points) & Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to … |
| | Hi. I just found your other log posted at ComputerCops.They get very bogged down with logs there & can take a little while to get to you, but it is well worth the wait. You have a couple of things there that need fixing, but can you also let us … |
| | There is even more so you will need to post another log after. If Kazaa is still on your comp, please uninstall it from add/remove programs as it will continue to create problems. Then run Kazaabegone from [url=http://www.computercops.biz/downloads-file-331.html][u]here.[/u][/url] to clear out the remnants. Uninstall P2P networking. Uninstall MyWebSearch from Add/Remove. … |
| | lsass.exe is a legitimate Windows file. The file dropped by sasser is lsasss.exe From answers that work: LSASS is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server (in technical jargon : it generates the process that is responsible for authenticating users for the … |
| | Nothing bad in your log. You could try clearing your Temp Internet Files, offline too. It could also be a problem with your ISP. Maybe you can try a different browser & see if there is a difference? |
| | Hi, whilst caperjack is offline I'm sure he won't mind me saying that running the two programs weekly is a good thing, but after first checking for updates of their reference files. Also check out the link in our Sig's regarding how you got infected. Those steps will go a … |
| | Sorry caperjack, you weren't here :) Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan … |
| | Hope you guys don't mind if I jump in here :) Open Task Manager & end process on the following: pcsvc.exe IElB.exe dpi.exe IEHost34.exe sysupd.exe dp-k13w13.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the … |
| | Download CWShredder from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot. To help prevent this from happening again, install the patches for the vulnerabilities that … |
| | Try the advice given here & see if it helps. [url]http://www.daniweb.com/techtalkforums/thread6665.html[/url] |
| | Re: HJT log file Spybot is waiting for a reboot. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] … |
| | Hi & welcome to the forums. Please do the following. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://srch-us6.hpwis.com/[/url] R1 - HKLM\Software\Microsoft\Internet … |
| | Hi & welcome to the forums. Please do the following & we will have you clean in no time :) . Open Task manager by right clicking on the task bar & end process on the following: sta11.exe Close all (browser) windows & rescan with hijackthis. When the scan is … |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://look-today.com/searchbar.html[/url] R1 - HKCU\Software\Microsoft\Internet … |
 | Hi & welcome to the forums. Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan … |
| | [QUOTE=lexdon]When I am already on internet explorer, I keep getting a message that say internet explorer must shut down. I am asked if I want to report the error and I do. Does anyone know why this happens? I can go to a site, but if I try to open … |
| | Hi & welcome to the forums. Lets see what we can do to help. Open Task Manager & end process on this one: sysint16.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries … |
| | You definitely have a coolwebsearch infection. Make sure you have the latest version of CWShredder (1.58 I believe) & make sure that ALL windows are closed (browser & folders) So>>>>update CWShredder from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch … |
| | [QUOTE=caperjack]So did they also teach you over there not to butt in when someone is helping someone ,because it just gets confusing ..........!! And I recomend both Spyware removal tools !![/QUOTE] If you want to continue to use IE with all of it's security shortcomings, I suggest you download spywareblaster … |
 | Marking this as solved. Anyone else with similar problems, please start your own thread. Thank you. |
| | First of all we have to remove Newdotnet, either from add/remove programs, or by going [url=http://www.newdotnet.com/#remove][u]here.[/u][/url] & scrolling down to the uninstall tool. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & … |
| | This issue was resolved here. [url]http://www.daniweb.com/techtalkforums/showthread.php?p=31150#post31150[/url] |
| | Re: bridge.dll error Hi & welcome. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://srch-us10.hpwis.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://srch-us10.hpwis.com/[/url] R1 - HKLM\Software\Microsoft\Internet … |
 | Download dllfix from the following link. [url]http://tools.zerosrealm.com/dllfix.exe[/url] Create a folder on your desktop, doubleclick on the dllfix and install it into the folder you just created. 1.Run start.bat and press option 1. 'output.txt' will be created in the folder Post that log back here. |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) O1 - Hosts: ch.com O1 - Hosts: 207.36.196.189 auto.search.msn.com … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {185FDDA7-A61F-89AA-1B04-DD423042EA06} - C:\PROGRA~1\MEETBA~1\debug new.dll O2 - BHO: … |
| | Download dllfix.exe from [url]http://downloads.subratam.org/dllfix.exe[/url] . Create a folder on your desktop & click on the exe you downloaded. Direct the install into the new folder. You will see there are two more folders inside and two BAT files. Run start.bat & select option 1 for the report. Once the search … |
| | Try the PurityScan [url=http://www.purityscan.com/ps_uninstaller.exe][u]uninstaller.[/u][/url] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.myexexex.com/search.php?said=spage[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://www.myexexex.com/search.php?said=spage[/url] R0 - HKLM\Software\Microsoft\Internet … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKCU\..\Run: [ODHLTX] C:\WINDOWS\XTPOK.exe Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] … |
| | I see nothing bad in your log. Am uncertain as to what your problem could be, but will try to get some information that may be useful.  |
| | Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box …  |
| | Ok. Please do the following & we will see if we can get it sorted for you. Download CWShredder from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before … |
| | This is a clone of the following log, but with a different username, which I have already answered. Please do not post duplicates as it will only create more work for ppl trying to help. [url]http://www.daniweb.com/techtalkforums/thread6564.html[/url] |
| | Please stay with your other thread for the time being until that problem is resolved, then if you are still experiencing problems we can try something else. You are currently infected with Coolwebsearch so that will need to go first. |
| | [url]http://www.daniweb.com/techtalkforums/thread6422.html[/url] There have been several other responses to your post at the above link. I am not sure if you have read them as yet?? If you follow the instructions there & answer in that thread, we will endeavour to see you right :) . |
| | Open Task Manager & end process on the following: WToolsA.exe gFqayZ.exe ybpdabiv.exe WToolsS.exe WSup.exe Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) … |
| | Adaware is waiting for a reboot, so do that first. Open Task Manager & end process on the following: WToolsS.exe WToolsA.exe wpdeofp.exe WSup.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & … |
| | Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in … |
| | Download & instal Adaware from [url=http://www.computercops.biz/downloads-file-292.html][u]here[/u][/url] & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised … |
The End.