help needed re hi-jacked "about blank"
-
IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
- Status
1 - 19 of 19 Posts
SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/
Since u are having trouble with AA - run it in safe mode as well as SpyBot
In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize and make sure teatimer is enabled
bOOT TO NORMAL
CWShredder http://www.intermute.com/spysubtract/cwshredder_download.html
Close all browser windows, open cwshredder.exe then click "Fix" and let
it run.
Then restart your computer.
Then get HiJack This http://www.majorgeeks.com/download3155.html, put
it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
log here
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/
Since u are having trouble with AA - run it in safe mode as well as SpyBot
In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize and make sure teatimer is enabled
bOOT TO NORMAL
CWShredder http://www.intermute.com/spysubtract/cwshredder_download.html
Close all browser windows, open cwshredder.exe then click "Fix" and let
it run.
Then restart your computer.
Then get HiJack This http://www.majorgeeks.com/download3155.html, put
it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
log here
Can't read that, cut and paste the log into a reply -
It should start out like this
Logfile of HijackThis v1.99.0
Scan saved at 7:49:25 PM, on 1/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
It should start out like this
Logfile of HijackThis v1.99.0
Scan saved at 7:49:25 PM, on 1/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
Sorry about my last message - I have now run Hijack This and saved the log.
Unfortunately I cannot open the log on my computer as you need Notepad.exe.
I have got wordpad but this does not seem to work or I am lacking in computer knowledge.
However I am posting the log as you may be able to open on your computer (hopefully)
Thanks again for the help you have given me - much appreciated to a novice like myself.
Unfortunately I cannot open the log on my computer as you need Notepad.exe.
I have got wordpad but this does not seem to work or I am lacking in computer knowledge.
However I am posting the log as you may be able to open on your computer (hopefully)
Thanks again for the help you have given me - much appreciated to a novice like myself.
Posting for visibility
Logfile of HijackThis v1.99.0
Scan saved at 20:29:24, on 16/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\CCPXYSVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MK9805.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\CANON\BJPV\TVMON.EXE
C:\PROGRAM FILES\CANON\BJCARD\BJLAUNCH.EXE
C:\PROGRAM FILES\COOLWALLPAPER\CWM_TRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\3DMOUSE\3DMOUSE.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\TEMP\LWNWOKH.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Omnipage] c:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Winsock32driver] svchhost.exe
O4 - HKLM\..\Run: [CoolWallpaperSoftware] C:\PROGRAM FILES\COOLWALLPAPER\cwm_tray.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMOUSE\3DMouse.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Lwnwokh] C:\WINDOWS\TEMP\LWNWOKH.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security Professional\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra button: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
Logfile of HijackThis v1.99.0
Scan saved at 20:29:24, on 16/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\CCPXYSVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MK9805.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\CANON\BJPV\TVMON.EXE
C:\PROGRAM FILES\CANON\BJCARD\BJLAUNCH.EXE
C:\PROGRAM FILES\COOLWALLPAPER\CWM_TRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\3DMOUSE\3DMOUSE.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\TEMP\LWNWOKH.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Omnipage] c:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Winsock32driver] svchhost.exe
O4 - HKLM\..\Run: [CoolWallpaperSoftware] C:\PROGRAM FILES\COOLWALLPAPER\cwm_tray.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMOUSE\3DMouse.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Lwnwokh] C:\WINDOWS\TEMP\LWNWOKH.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security Professional\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra button: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
Print this out and then boot to safe mode
Fix these
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Winsock32driver] svchhost.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [Lwnwokh] C:\WINDOWS\TEMP\LWNWOKH.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"
Delete these files
svchhost.exe most likely in C:\WINDOWS\SYSTEM note it has 2 Hs BE CAREFUL!!!
c:\explorer.cab
c:\ied_s7.cab
c:\x.cab
Delete this folder - C:\WINDOWS\SYSTEM\P2P NETWORKING
Delete all files in C:\WINDOWS\TEMP
START RUN key in %temp% - Edit Select all File Delete
Empty the recycle bin
Boot and post a new log
Fix these
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Winsock32driver] svchhost.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [Lwnwokh] C:\WINDOWS\TEMP\LWNWOKH.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"
Delete these files
svchhost.exe most likely in C:\WINDOWS\SYSTEM note it has 2 Hs BE CAREFUL!!!
c:\explorer.cab
c:\ied_s7.cab
c:\x.cab
Delete this folder - C:\WINDOWS\SYSTEM\P2P NETWORKING
Delete all files in C:\WINDOWS\TEMP
START RUN key in %temp% - Edit Select all File Delete
Empty the recycle bin
Boot and post a new log
Can I just clarify something please?
When you say "Fix these" - do you mean run "Hijack This" in Safe Mode and then put a tick in the boxes next to the entries you have identified and then click on the fix button - I just want to make sure that I do it right as "Hijack This" states be careful what you delete and I am not sure whether I should be putting ticks in the other boxes that you have not identified and leaving the ones you have identified blank - sorry for being a pain - I did say novice - now you know!
How is the weather in South Carolina ? It's freezing here in Peterborough England!
When you say "Fix these" - do you mean run "Hijack This" in Safe Mode and then put a tick in the boxes next to the entries you have identified and then click on the fix button - I just want to make sure that I do it right as "Hijack This" states be careful what you delete and I am not sure whether I should be putting ticks in the other boxes that you have not identified and leaving the ones you have identified blank - sorry for being a pain - I did say novice - now you know!
How is the weather in South Carolina ? It's freezing here in Peterborough England!
Hi...... 
.........for all that want to try something new , cute and usefull go and download Microsofts' new Windows AntiSpyware Beta and scan your pc to get rid of trouble....N-joy....
click here ---> http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
.........for all that want to try something new , cute and usefull go and download Microsofts' new Windows AntiSpyware Beta and scan your pc to get rid of trouble....N-joy....
click here ---> http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
I have followed your instructions and I am posting the new log
There was one item in the Internet Temp file that I could not delete.
The name is df5ee5.tmp.
My browser window now sticks on "detecting poxy settings" for ages without opening unless I keep clicking on say Google lots and then I might get a link to the web page after say 3/4 minutes.
Thanks in advance
There was one item in the Internet Temp file that I could not delete.
The name is df5ee5.tmp.
My browser window now sticks on "detecting poxy settings" for ages without opening unless I keep clicking on say Google lots and then I might get a link to the web page after say 3/4 minutes.
Thanks in advance
Posting for visibility
Logfile of HijackThis v1.99.0
Scan saved at 18:32:10, on 23/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\CCPXYSVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MK9805.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\CANON\BJPV\TVMON.EXE
C:\PROGRAM FILES\CANON\BJCARD\BJLAUNCH.EXE
C:\PROGRAM FILES\COOLWALLPAPER\CWM_TRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\3DMOUSE\3DMOUSE.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Omnipage] c:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [CoolWallpaperSoftware] C:\PROGRAM FILES\COOLWALLPAPER\cwm_tray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMOUSE\3DMouse.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security Professional\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra button: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
Logfile of HijackThis v1.99.0
Scan saved at 18:32:10, on 23/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\CCPXYSVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MK9805.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\CANON\BJPV\TVMON.EXE
C:\PROGRAM FILES\CANON\BJCARD\BJLAUNCH.EXE
C:\PROGRAM FILES\COOLWALLPAPER\CWM_TRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\3DMOUSE\3DMOUSE.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CHotKey] mk9805.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Omnipage] c:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [CoolWallpaperSoftware] C:\PROGRAM FILES\COOLWALLPAPER\cwm_tray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMOUSE\3DMouse.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] c:\Program Files\Norton Internet Security Professional\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra button: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5880B733-1D49-41C4-877B-7A4789FC32B9} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
Don't worry, some temps cannot be delete until u boot again
Get and run these
http://digital-solutions.co.uk/lavasoft/whndnfix.zip -
http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox. Do not select any entries
Then click Finish.
Get and run these
http://digital-solutions.co.uk/lavasoft/whndnfix.zip -
http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox. Do not select any entries
Then click Finish.
Hi.......
Before you reboot the system you want to make sure that you can see all that that is actually is in the temp folder or any folder on the PC ....maybe you know what to do but I will mention about anyway....First open the Temp folder than goto Tools -> Folder options ->...in the Folder options window goto View tab where you make sure the following are set as:
* show hidden files and folders -- checked
* hide extensions for know file types -- unchecked
* hide protected operating system files -- unchecked
than make sure when you click apply to also click on the top button that says Apply to all folders.... Doing so you will be able to see pretty much everything on your folders do a CTRL +A to select all files in the folder and a CTRL + D to delete .... You can also install a utility such as Window Washer... at http://www.webroot.com/products/window washer?rc=266&ac=500 which will keep your pc clean of junk...
Do not forget that as MFDnSC said you need to reboot the system because some files do not get to be deleted totally ...but only when you restart...
My pleasure....to help......
Before you reboot the system you want to make sure that you can see all that that is actually is in the temp folder or any folder on the PC ....maybe you know what to do but I will mention about anyway....First open the Temp folder than goto Tools -> Folder options ->...in the Folder options window goto View tab where you make sure the following are set as:
* show hidden files and folders -- checked
* hide extensions for know file types -- unchecked
* hide protected operating system files -- unchecked
than make sure when you click apply to also click on the top button that says Apply to all folders.... Doing so you will be able to see pretty much everything on your folders do a CTRL +A to select all files in the folder and a CTRL + D to delete .... You can also install a utility such as Window Washer... at http://www.webroot.com/products/window washer?rc=266&ac=500 which will keep your pc clean of junk...
Do not forget that as MFDnSC said you need to reboot the system because some files do not get to be deleted totally ...but only when you restart...
My pleasure....to help......
I ran the download but it did not find any files - all reports showed nil
I cannot read the second download as I need notepad and I don't have it on my computer.
Good news is about blank has gone - thank you very much for that!
I am still getting a delay connecting to my MSN home page when I open my browser but the time delay is less about 2 mins
I get a blank page with "detecting proxy setting" in bottom left hand corner.
Cheers
I cannot read the second download as I need notepad and I don't have it on my computer.
Good news is about blank has gone - thank you very much for that!
I am still getting a delay connecting to my MSN home page when I open my browser but the time delay is less about 2 mins
I get a blank page with "detecting proxy setting" in bottom left hand corner.
Cheers
Hi.....
You should chech to see if in the iternet explorer settings you checked at the connections tab the option at the bottom Lan settings to auto...In addition , if you are having a broadband connection (cable, dsl, etc..) go and check the settings of you LAN connections/TCP/IP settings in the My network places...see if you get your IP address, Default Gateway and DNS automatically from your ISP....In case you are using a local router (Linksys, Netgear, D-link) they provide you with the settings for IP and Default Gateway....I would recommend that you go in the settings for the TCP/IP and instead of the automatic DNS setup you manually introduce the addresses for DNS such as 24.29.99.17 or 24.29.99.19 etc. You can also check to see if you install a different browser such as Firefox http://www.mozilla.org/ you have the same issues....
.........
You should chech to see if in the iternet explorer settings you checked at the connections tab the option at the bottom Lan settings to auto...In addition , if you are having a broadband connection (cable, dsl, etc..) go and check the settings of you LAN connections/TCP/IP settings in the My network places...see if you get your IP address, Default Gateway and DNS automatically from your ISP....In case you are using a local router (Linksys, Netgear, D-link) they provide you with the settings for IP and Default Gateway....I would recommend that you go in the settings for the TCP/IP and instead of the automatic DNS setup you manually introduce the addresses for DNS such as 24.29.99.17 or 24.29.99.19 etc. You can also check to see if you install a different browser such as Firefox http://www.mozilla.org/ you have the same issues....
.........
I have run Spy bot-search on my computer and it has still found a file
CoolwwwSearch but it cannot uninstall
Spy bot says the file is in c\windows\system\OLB.DLL
I have clicked the box to show all files on the computer in Explorer but I cannot trace this file.
Spy bot ran a scan again when I re-booted the computer but crashed before it got to the end of the scan - I got a flashing error box saying "The parameter is incorrect"
I clicked the "ok" button but nothing happened except the computer froze and would not respond to any program - I ended up having to cut the power to free it
Spy -bot found one other fault on my original scan - DSO Exploit - Data source object exploit - HKEY-USERS\DEFAULT\Software\Microsoft\Windows\Current Version\Internet Setting This was a registry change fault which Spy bot reported as fixed.
Thanks in advance
CoolwwwSearch but it cannot uninstall
Spy bot says the file is in c\windows\system\OLB.DLL
I have clicked the box to show all files on the computer in Explorer but I cannot trace this file.
Spy bot ran a scan again when I re-booted the computer but crashed before it got to the end of the scan - I got a flashing error box saying "The parameter is incorrect"
I clicked the "ok" button but nothing happened except the computer froze and would not respond to any program - I ended up having to cut the power to free it
Spy -bot found one other fault on my original scan - DSO Exploit - Data source object exploit - HKEY-USERS\DEFAULT\Software\Microsoft\Windows\Current Version\Internet Setting This was a registry change fault which Spy bot reported as fixed.
Thanks in advance
Hi again.....You can look for the OLB.DLL in the save mode and than when you find it delete it manually for good if you are sure about it ....Before you do so I do not know what shape your PC is in , but I would recommend some utilities for you to check it up....First uninstall Spy bot-search and make sure your antivirus is up to date scan your system completely....than do...
1. Cet Trojan Hunter and scan the system ....http://www.misec.net/trojanhunter/
2. Get Microsoft's new Windows AntiSpyware (Beta)....
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
3. Get Registry Mechanic and scan the system....
4. Get Executive Software - Diskeeper 9 for defrag....http://www.execsoft.com/coverpage.asp
5. update the OS.......windows updates....for security reasons...of course....
Let me know....
1. Cet Trojan Hunter and scan the system ....http://www.misec.net/trojanhunter/
2. Get Microsoft's new Windows AntiSpyware (Beta)....
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
3. Get Registry Mechanic and scan the system....
4. Get Executive Software - Diskeeper 9 for defrag....http://www.execsoft.com/coverpage.asp
5. update the OS.......windows updates....for security reasons...of course....
Let me know....
1 - 19 of 19 Posts
- Status
Join the discussion
