Posts by caperjack

no good. it all keeps getting reinstalled. And i'm doing this offline too.

post a hjthis log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem218.dll (file missing)

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem214.dll

O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINNT\system32\iSearch\toolbar_.dll (file missing)

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/initial.cab

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://download.websearch.com/Dnl/T_50019/QDow.cab

O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.pornno2000.com/activex/sexshows.cab

O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab

O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binari..._1004a_pack.cab

O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB

Reboot and check you computer and then run hijack this …

you are running hiajckthis from a floppy although ok its not recomended dopy it to a folder on you hard drive aomething like c:\hjk\hijackthis.exe.

Close all browser windows and fix these .

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

reboot to safe mode and delete

C:\WINDOWS\alchem.exe>>>> delete file

C:\Program Files\Common files\updater>>> Delete folder

Reboot and run hijackthis and post new log .thanks

Do you know what this is ,its suspisous because its running from a temp folder ???
O4 - HKLM\..\Run: [5Pd] C:\Documents and Settings\Penn Bullock\Local Settings\Temp\5Pd.exe

sorry I don't see any thing in the log that might cause the problem .

I have been trying to run scan disk and degrag the computer and it says that theres something running and i click ctrl alt delete and theres a few things there but only what needs to be, theres nothing up and running. what do i do?/ someone please help me.

ok so you are a little confused ,me to !!
Anyway its quite simple reboot you computer hitting the f8 key until you get the choice to choose safe mode ,when in safe mode simply run you scandisk and then defrag programs .

Another explanation on how to get into safe mode .
http://www.computerhope.com/issues/chsafe.htm

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/

download/
After installing AAW, and before running the program, FIRST update the

reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'.Here
Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then

Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"

button.
Press that, then Ctrl-A to Select All, …

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O3 Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Program Files\Common Files\OE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [winmain] winmain.exe

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

O4 - HKLM\..\Run: [5Pd] C:\documents and settings\penn bullock\local settings\temp\5Pd.exe

O4 - HKCU\..\Run: [mgxi77y0n5] C:\WINDOWS\g30xdnnm4i.exe

this one is a rescourec hogg and suggested fix .

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/tr...styleSigned.cab

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab

Now reboot into safe mode and delete the following files or folders if found .

winmain.exe>>>>>>>> delete file

C:\Program Files\Common files\updater>>>delete folder

C:\documents and settings\penn bullock\local settings\temp\5Pd.exe>>>>>Delete file

C:\WINDOWS\g30xdnnm4i.exe >>>>>>>delete file

to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

ThePoison1 ,pleas use the create new topic ,and post you log in it .one piggyback in this threadis enough,I can't keep track ,thanks

HP say no more !:)
I agree with kc0arf ,its most likely something in the HP causing it ,or just shithouse luck[all bad ]

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...&c=2C01&lc=1009

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/...&c=2C01&lc=1009

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/...&c=2C01&lc=1009

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

Now reboot into safe mode and delete the following files and folders .

C:\WINDOWS\SYSTEM\A.EXE >>>>> delet this file if found

to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Just a note !I don't under stand you discription of your problem ,If you hit crtl+alt+ del on any computer 2 or 3 times it will restart!! ????

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DL

O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

fis this rescource hog,not needed in startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Reboot and post a new log .

also would be good to know what kind of problems you are having .

my hijackthis log is WAY to big to post on here, so ill just put what is MOSTLY on there and see if any of you know what this means??

the majority of it is this:
4 - HKLM\..\Run: [5np6gcvlyw] C:\WINDOWS\fo9dafcl34.exe
O4 - HKLM\..\Run: [4pg6n6jdch] C:\WINDOWS\yjdtsatmzn.exe
O4 - HKLM\..\Run: [yim80zzy8h] C:\WINDOWS\yjdtsatmzn.exe
O4 - HKLM\..\Run: [n8gsaeu581] C:\WINDOWS\fo9dafcl34.exe
O4 - HKLM\..\Run: [s

please help!

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

reboot computer and post a new hijackthis log

http://support.microsoft.com/?kbid=318378

try running them in safe mode
Reboot to SAFE mode

How to start computer in safe mode

Thermal grease can become condutive ,It can harden it and if its making a connecting between l1 ,l2 cache or what ever ,its like over clocking you CPU .a cleaning might be a good option before reloading .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvit.exe

Now reboot into safe mode and delete the following files and folders .

C:\WINDOWS\System32\wcpsvit.exe>> delete file if found

to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Also I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

reboot computer and post a new log

miaukitty
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D9FB-FA6BAD98FA7D} - C:\WINDOWS\DOWNLO~1\MyGeek.dll
O2 - BHO: (no name) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} - (no file)

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

Also uninstall P2P networking via control panel add and remove programs .

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe

lost me ,i was just checking to see if you had another usb device working ,that means you usb controller is installed .don't know what else to tell you .batteries ok in you camera ??

Picky, picky, picky....

:mrgreen:

no not really !!why call something ,what it isn't !!:)

What !! can you send a email to your yahoo from your hotmail !!

Does anyone know if/how you can receive from yahoo or do they just not allow it?

If that were the case what would be the sence in yahoo having a email server !

OK, here's the story. Today my laptop was infected with an extremely malicious strain of the CoolWebSearch spyware virus. It took me nearly two hours to remove it. The removal involved sifting through the Registry (run >> "regedit") and deleting the bugs responsible for the infection. Here's the key: I think that during that process, I accidentally deleted a file in the registry (something to do with browser helpers objects) that was vital to my internet functions.

The virus was eliminated. But now, as a result, my internet is working intermittently. In other words, I'll turn on the computer and my browser will be dead; then a few restarts later it will be perfectly fine...and so on.

I'm not sure if the alternations I made in the registry have anything to do with the failure. I might be a symptom of the virus, though I'm pretty sure it's been destroyed. Here's a site that has information on the C:\searchpage.html virus ("http://www.computing.net/security/wwwboard/forum/11198.html"), in case its useful.

I should also note that I did use HijackThis to help remove the virus; though that shouldn't be an issue since I've restored one essential file that I accidentally erased with it.

Again, in case the message got lost in all those words, here's my problem:

I deleted something in the registry and now my internet works on and off, but mostly off.

I'm wondering. Should I simply re-install internet explorer or is this a glitch that I can locate and fix? Is …

Oh crap! Not again!

Hi ,Format how ya doing!lol :)

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll (file missing)

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe

This one isn't spyware but is rescource hog and suggested fix .

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

P2P networking can and should be uninstall via control panel ,add and remove programs .Not needed

Now reboot into safe mode and delete the following files and folders .

C:\WINDOWS\System32\bridge.dll >>>> Delete file if found

C:\WINDOWS\System32\a.exe >>>>> delete file if found

to delete the above files and folder you will need to do the following
go to Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files

How to start computer in safe mode

reboot computer and post a new log

Here is a link to download a copy of the missing "bridge.dll".

http://www.dll-files.com/dllindex/dll-files.shtml?bridge

Instructions should be in the zip file on where to locate the bridge.dll file. It would normally go into the C:\windows\system folder.

Hope this helps

LittleMan :)

Bridge dll is spyware releated and you don't want to replace it you want to get rid of the references to it on you computer.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

reboot computer and post a new hijackthis log

I missed this one !! close all browser windows and fix it ,all else looks great .good luck

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

Also a trip to windows updates is needed for critical updates and SP1's
WINDOWS UPDATES

Have Hijack This fix the following by placing a check in the appropriate boxes

and selecting fix checked. Make sure all browser and all Windows Explorer

windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.

ramgo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://

www.ramgo.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http

://www.ramgo.com/search.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe

O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe

Now reboot into safe mode and delete the following file.

C:\WINDOWS\avserve2.exe >>>> delete file

to delete the above files and folder you will need to do the following
go to Show hidden files

& folders

"Fix Checked"...Reboot to SAFE mode to delete files

How to start computer in safe mode

reboot computer and post a new log

so the virus came back after asystem restor then i think you will need to disable system restore to get rid of the virus,or else it will return everytime you do a restore .

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Yay, I downloaded a new driver and everything is good again. Thanks so much for the help Caperjack, and DMR. I really appreciate it.

Your welcom ,glad to see we got it all straitened out ,if you do caome back here are 2 program to help stop spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place in my signature

Please put the hijackthis .exe in a folder of its own ,[for it makes backups of what it fixes just in case !!],not just sitting on the drive .

Have Hijack This fix the following by placing a check in the appropriate boxes

and selecting fix checked. Make sure all browser and all Windows Explorer

windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://

greatsearch.biz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://

greatsearch.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://

greatsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://

greatsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://

greatsearch.biz/

O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O2 - BHO: (no name) - {63CF97E8-4133-438a-A831-CC9C6D47D673} - (no file)

O2 - BHO: (no name) - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - (no file)

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

If you used spybot to set theses 06'sthen leave if not then fix them .
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del

/loader.cab

O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} (IntPagomaster Class) - http

://www.webcamenvivo.com/xxx/pagomast.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs

/roing.cab

O19 - User stylesheet: (file …

do you have anyother USB devices attached and working on you computer .

this thread is a old one and was duplicated and the fix was in the other one !
http://www.daniweb.com/techtalkforums/thread5424.html

And this .

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

reboot computer and post a new hijackthis log

And before you post a new log ,please run the free online virus scan in my signature .

Start with this '

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

try start/settings/control panel /display and change the settings and see if they stay set to what you set them to

Also I forgot ,twice now to mention these I think you should also fix them i don't think they are what you want to use to search if they are leave them onfixes .
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.windowsmediasolutions.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.windowsmediasolutions.com/

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://search.windowsmediasolutions.com/

Yes, I should have run spybot first. This is done,

You ran spybot did you also run Ad-Aware and Cwshredder ,Adaware and how to setup it up is in my signature .

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

all looks good you can fix these 2 .close all browser windowes and fix

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

Do as instructed in above post and also this !!

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:

\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS.000

\NETI.DLL

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS.000

\BXXS5.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no

file)

If you put these in your host file ,leave unfixed if you didn't fix them '
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O4 - HKLM\..\Run: [WAU] C:\WINDOWS\WAU.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS.000\BXXS5.DLL,DllRun

O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://

download.sidestep.com/get/k00719/sb01c.cab

O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.

chargitdial.com/chargitplug.dll

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.

188.25.43/04ffa35c9f4670...etzip/RdxIE.cab

O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug

.com/mini...uginstaller.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.

188.7.150/25349c5d0c3b77...ip/RdxIE601.cab

O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.

com/875455/files/installer.cab

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://

as far as drivers go It was the only way i could get the thing to work ,when i bought mine it had no CD ,i got a deal because of that !! so i tried to use it with out drivers ,all i got was unrecionized usb device when i plugged it in .as for software we use ACDsee all 3 useers and we know excatly where they go and what format they are being saved in.the pc350 being a Delux web cam and not just a still camera ,it doesen't show up as another drive letter,i think the proper drivers are a must to make it work right

did you install video drivers when you install your card in her computer ,and did you check device manager to see if here video card drivers are installed correctly !

I have Windows XP Pro OEM on a custom PC.
Have installed the PC-Cam 350 software onto My PC and now it
does not show me my photos from the camera--- only all blackness.

You say software did you load the drivers ,I have a pc cam 300,and you need drivers for the still and then it install the motion video drivers.If you need the drivers get them here .to Install the drivers unplug your camera ,install drivers ,then plug in the camers and windows will set it up

http://us.creative.com/support/downloads/download.asp