SearchWeb2 Bar Removal! I've tried everything, please help!

Forums: Computers
Email this Topic • Print this Page

Hey, I've tried just about everything to get rid of this toolbar that keeps popping up everytime I start IE. I know it's the searchweb2 bar, but I just can't seem to get rid of it... Here's my HJT logfile, can someone help me?

Logfile of HijackThis v1.98.2
Scan saved at 10:14:59 PM, on 11/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Al\Desktop\Internet Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ffwxsbdhqiraoyt.com/mC7yjrHEqb8ncRHHbBtbUcvpemGi26wTUuBL9xANktQ9jpnmcobh3KLLPowJf/Jj.html
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\Program Files\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DefyOoze] C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{70750F56-E87C-4CF5-BB73-813395CC2C23}: NameServer = 198.164.30.2 198.164.4.2

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 1,151 • Replies: 9

No top replies

Hi IronMan and welcome to A2K

Reboot to safe mode ( By tapping the F8 key on start up)

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ffwxsbdhqiraoyt.com/mC7yjrHEqb8ncRHHbBtbUcvpemGi26wTUuBL9xANktQ9jpnmcobh3KLLPowJf/Jj.html
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe
O4 - HKCU\..\Run: [DefyOoze] C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe

Next Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\Program Files\SED\SED.exe
C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe

Restart your computer,
Next
Download Ad-Aware SE
Use the: "Check for Updates Now" option and download the latest reference files
Use the Start button, and on the next window, select: Perform Full System Scan
Press Next, and let Ad-aware scan the hard drive
When finished, right-click the window with the entries, choose: Select All from the menu, and click Next
Once AdAware has removed the entries, close the program
Restart the computer

Restart HJT and post back a fresh log please

0 Replies

Hey Don, I did everything you said, but those two files you told me to delete I couldn't find them... the SED.exe and Extra Exit Wma.exe files, unless I already got rid of them with the HJT program.... well here's my new posting, hopefully you can figure something out, thanks

Logfile of HijackThis v1.98.2
Scan saved at 9:14:50 PM, on 11/17/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Al\Desktop\Internet Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cjqtaxzefvnti.com/mC7yjrHEqb8ncRHHbBtbUcvpemGi26wTUuBL9xANktSOm_Gg0m0gm6LLPowJf/Jj.html
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\Program Files\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DefyOoze] C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{70750F56-E87C-4CF5-BB73-813395CC2C23}: NameServer = 198.164.30.2 198.164.4.2

0 Replies

getting there,

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ffwxsbdhqiraoyt.com/mC7yjrHEqb8ncRHHbBtbUcvpemGi26wTUuBL9xANktQ9jpnmcobh3KLLPowJf/Jj.html
O4 - HKCU\..\Run: [DefyOoze] C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe

While still in safe mode reopen HJT and if the R1 is still there fix it again with HJT then,
Restart your computer,
Restart HJT and post back a fresh log please

0 Replies

There, the bar is gone for now, but it did that last time for a couple of times and it re-downloaded itself to my comp... what else should I get rid of so I can finally be done with searcweb2...

Logfile of HijackThis v1.98.2
Scan saved at 1:36:45 AM, on 11/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Al\Desktop\Internet Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\Program Files\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{70750F56-E87C-4CF5-BB73-813395CC2C23}: NameServer = 198.164.30.2 198.164.4.2

0 Replies

It looks clean now Ironman,

Download the following programs, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.

Download Spyware Blaster and SpywareGaurd

Check for updates after you install them, And check weekly as well

Keep Ad-aware and Spybot handy, Check them for updates and run them weekly
Same with your Anti Virus,
Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.

Remeber to check Windows for updates

Post back if you have any further problems

0 Replies

Man, the toolbar is back, the R1 Main Search Bar keeps coming back and the 04 DefyOoze keeps coming back.... anything else I can do?

Logfile of HijackThis v1.98.2
Scan saved at 3:08:48 PM, on 11/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Al\Desktop\Internet Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nsqdyviqulrhmwthnubg.com/mC7yjrHEqb8ncRHHbBtbUcvpemGi26wTUuBL9xANktQYWYg5SmvjPaLLPowJf/Jj.php
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\Program Files\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DefyOoze] C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{70750F56-E87C-4CF5-BB73-813395CC2C23}: NameServer = 198.164.30.2 198.164.4.2

0 Replies

This can be a real pest sometimes,

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nsqdyviqulrhmwthnubg.com/mC7yjrHEqb8ncRHHbBtbUcvpemGi26wTUuBL9xANktQYWYg5SmvjPaLLPowJf/Jj.php
O4 - HKCU\..\Run: [DefyOoze] C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\DOCUME~1\Al\APPLIC~1\1PILE~1\Extra Exit Wma.exe

While still in safe mode, Open HJT again and see if it comes back, If so fix it again
While still in safe mode run Ad-aware and have it fix anything it finds,

Restart your computer
Restart HJT and post back a fresh log please

0 Replies

Hey, it works now, I just played around with my computer a bit and added those spyware programs to my comp.... but if it comes back I'll let yah know... thanks for the help, appreciate it, have a good one

0 Replies

Keep us posted IronMan, Your very welcome

0 Replies

SearchWeb2 Bar Removal! I've tried everything, please help!

Related Topics

Quick Links

My Account

able2know