4,383 Posted Topics
 | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = …  |
| | Re: Bridge.dll again Once done, post a fresh log after first moving hijackthis into a permanent folder. |
| | Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O4 - HKLM\..\Run: [AutoSave] C:\Program Files\V Communications\AutoSave\Autosave.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/3185cfb7336cbf...ip/RdxIE601.cab[/url] Not sure about the … |
| | Have merged your two threads. Please stay with this one until your issue is resolved. |
| | Does this computer actually run? :) . Do the following: Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to autoclean for you. Download CWShredder from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. … |
 | Open Task Manager & end process on this one: WToolsS.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] R1 - …  |
| | You have the sasser worm. Download the removal tool from here [url]http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html[/url] . Once done remove Newdotnet, either from add/remove programs, or by going [url=http://www.newdotnet.com/#remove][u]here.[/u][/url] & scrolling down to the uninstall tool. Download LSPfix from [url=http://www.computercops.biz/downloads-file-334.html][u]here[/u][/url] On the opening screen, click the "I know what I'm doing" checkbox. Check all … |
 | Thank you, I am very glad to be here. My first eva position of Moderator :) |
| | Do you have the 128 bit security encryption pack for IE? I would follow through with your spyware hunt though. You could also try putting those particular sites into your trusted zone. |
| | Re: hijacked Also delete this file whilst deleting those that Caperjack suggested & after using LSPfix. c:\windows\system\inetadpt.dll<<<< |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or directly on the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. … |
| | Re: My hijakit Log Hi. Please follow Caperjack's advice on what to remove & could you also after doing that, do this as well: Start your computer in Safe Mode following the instructions [here](http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) (it may help if you print this out), and find and delete the mtwirl.dll file in your Windows\System32 folder In …  |
| | Where are they located on your system? A lot of the time these things are in your system restore folder & therefore cannot be fixed. If this is the case you need to disable system restore, run AVG in safe mode then set a new system restore point. All previous … |
| | A lot of what is being logged is just normal internet *noise* along with your ISP checking when you are on line. I have 6 listings in my log for the last 5 minutes. I would say that your firewall is just doing it's job. If it is blocking outbound … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O2 - BHO: (no name) - {631D8B8A-D7A4-4088-B71B-A7EB00BCF749} - C:\WINDOWS\quqfi.dll O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int113779.exe -auto O4 - HKLM\..\Run: … |
| | Please do this first. Download CWShredder from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot. To help prevent this from happening again, install the patches … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - … |
| | Re: pop up problems You have the peper trojan. Download the removal tool from [url]http://www.memorywatcher.com/uninst.exe[/url] & let it do it's thing. There will be no dialogue. Note that you must be online when you run the tool for it to be effective. You also have the adtomi parasite. These are the full instructions for … |
| | How to Remove Gator? 1) Right click on the Gator icon in the System Tray and click on Exit. 2) From the Windows Start button select Settings and then Control Panel. 3) When the Control Panel window opens, double-click on the Add/Remove Programs icon. 4) When the Add/Remove Programs Properties … |
| | Hi. You have some baddies there so I would ask you to do a couple of things B4 we do some manual removal. If you have version 1.2 of spybot S&D, plz uninstall it & I will provide a link for the latest version with instructions for it's use. Go … |
| | Hi. You may want to print this out. Uninstall MyWebSearch from add/remove programs first. Launch Notepad, and copy/paste the bold below into a new text file. Save it as URLRepair.reg (Change the 'Save As Type' to 'All Files'). Save it in C:\ [b] REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="" [/b] … |
| | Fix this one: O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/03aa669...ip/RdxIE601.cab[/url] Download dllfix.exe from [url]http://downloads.subratam.org/dllfix.exe[/url] . Create a folder on your desktop & click on the exe you downloaded. Direct the install into the new folder. You will see there are two more folders inside and two BAT files. Run … |
 | Apart from Messenger Plus which needs to be installed without the 3rd party sponsor, LOP, there doesn't appear to be anything bad in your log. |
| | Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which … |
| | C:\WINDOWS\wt\updater\wcmdmgr.exe=bad. HijackThis report would be better. |
| | Open Task Manager & end process on this file: rxecma.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R3 - Default … |
| | I would be worried about this one starting up in your temp folder. C:\WINDOWS\TEMP\GLB1A2B.EXE Please go [url=http://www.kaspersky.com/remoteviruschk.html][u]here[/u][/url] and have this file scanned. GLB1A2B.EXE |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the … |
| | Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box … |
| | Try the following & see if it works. download and run [url=http://www.computercops.biz/downloads-file-332.html][u]this[/u][/url] program. Once done, please reboot. See if you still have problems. How did you clean it out? Did you make backups first? |
| | R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/cus...://my.yahoo.com[/url] O4 - HKLM\..\Run: [grimtons] C:\PROGRA~1\CHINBLEH\Close Logo.exe Reboot & delete the CHINBLEH folder. |
| | Spyware. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPART~1.DLL … |
| | Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] O3 - Toolbar: (no name) … |
| | Download HijackThis from [url=http://www.computercops.biz/downloads-file-328.html][u]here[/u][/url] & unzip it into it's own, permanent folder, [color=red](Not a temporary folder or the desktop & not directly on your hard drive)[/color]. Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. … |
| | Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box … |
| | Open Task Manager & end process on this, if there: IEHost.exe Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. … |
| | You have a coolwebsearch infection. Download CWShredder from [url=http://www.computercops.biz/zx/phoenix22/cws.zip][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. To help prevent this from happening again, install the patches … |
| | Re: System 32 Folder [QUOTE=Jackal]Ok...This IS What I DId...I Used HijackThis And Fixed What U Lisyed Up There After I Did That System Reboot Off Thingy Then I Deleted All The Files In The [i]Prefetch Folder...But There Wasnt That ZZb.Exe File There...And That Spoolvs File There And When I restarted My Comp The Folder … |
| | Try the following & after running it, clear out any unwanted stuff from your favourites folder. If it persists download hijackthis. Download CWShredder from [url=http://www.computercops.biz/downloads-file-349.html][u]here[/u][/url] & run it. Select the fix button & it will get rid of everything related to CoolWebSearch in it's database. Close ALL windows, including IE, … |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the … |
| | I would love to do it. Will give directions now to ensure there are no hiccups. unzip hijackthis it into it's own, permanent folder, [color=red](Not a temporary folder or the desktop & not directly on your hard drive)[/color]. Start HJT & with all browser windows closed, press the scan button. … |
 | Re: Flash trouble! Do you have spywareblaster installed? It has a flash killer that you may have to disable. |
| | Reboot into safe mode following the instructions [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here[/u][/url] & Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the … |
| | Just this one: O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/22d2911c723485...tzip/RdxIE6.cab[/url] |
| | Go [url=http://housecall.trendmicro.com/][u]here[/u][/url] for an on-line scan & set it to autoclean for you. Plz report back what & where it finds anything. |
| | Open Task Manager & end process on the following: Search.exe P2P Networking.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank … |
| | Trend micro has the option to auto clean when you scan. If it couldn't clean up then boot into safe mode [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406][u]here's how,[/u][/url] & delete those files & the clearsearch folder. Then run updated Adaware & spybot, then Download HijackThis from [url=http://www.computercops.biz/downloads-file-328.html][u]here[/u][/url] & unzip it into it's own, permanent folder, … |
| | Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. [color=red](Not a temporary folder or the desktop & not directly on your hard drive).[/color] Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box … |
| | If the computer has Spybot S&D on it, run that & it will fix the 010 entry. If not you can try the following. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries … |
The End.