Home > Hjt Log > Hjt Log - Neeed Coolwwwsearh

Hjt Log - Neeed Coolwwwsearh

coolwwwsearch driving me insane, hijack this logs + spybot logs Discussion in 'Virus & Other Malware Removal' started by Rfouche, May 19, 2004. For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.F0, F1, F2, F3 - Autoloading programs from INI filesWhat it looks like:F0 - system.ini: Shell=Explorer.exe Help Home Top RSS Terms and Rules All content Copyright ©2000 - 2015 MajorGeeks.comForum software by XenForo™ ©2010-2016 XenForo Ltd. How To Analyze HijackThis Logs Search the site GO If there is some abnormality detected on your computer HijackThis will save them into a logfile.

When done, please post back a FindNarrator log, and another HijackThis log. I do some simple windows administration at work and I know more than the average bear. Most people never use it and you can uninstall it if you do not. That does not stop Quiktime from working.

Can you also disable Ewido Guard for now. Blaine Blaine, Feb 7, 2005 #22 chaslang MajorGeeks Admin - Master Malware Expert Staff Member You're welcome! Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop.

Does this indicate another problem? Right click an empty spot of the Taskbar (bar on the bottom of the screen) Select: Task Manager In Windows Task Manager, Processes tab, double click Image Name to list all http://www.extremetech.com/article2/0,3973,1224361,00.asp Styxx, May 27, 2004 #4 tombrend Joined: May 29, 2004 Messages: 1 NOTE: emcraft1.cab is spyware tombrend, Jun 12, 2004 #5 Sponsor This thread has been Locked Do the same for all these: C:\WINDOWS\system32\msupd4.exe C:\WINDOWS\system32\gcougz.dll C:\WINDOWS\system32\phwupm.exe C:\WINDOWS\system32\zebpzu.dll C:\WINDOWS\system32\qpbuqy.dat C:\WINDOWS\system32\SKCL.dll Finally, in Full Path of File to Delete, copy and paste the following: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yhtgyp.exe Press

Back to top #29 Argh!!! There are seveal pieces of software that don't come with options in their own preferences to prevent them from loading: quicktime, roxio, windows messenger, and one more I can't remember now. Member Members 58 posts Posted 13 January 2005 - 06:40 PM Find it part 1 ---------------- FindVX2 NT-2K-XP ---------------- Warning! Sign In Become an Icrontian Sign In · Register All Discussions Categories Categories All Discussions Activity Best Of...

A-squared always locks up and dies in the same place c\windows\ServicePackFiles\i386\. Please run msconfig and select normal startup. Your computer will go bazonkers (now there's a great technical term!) for a bit, but just let it run. This site is completely free -- paid for by advertisers and donations.

Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India I save stuff like this to a C:\downloads\Spyware-Stuff folder and I put each in their own subfolder. Ask a question and give support. Ironically, I just completed one on spyware.

Ask a question and give support. I appreciate your offer of help though. Facebook Google+ Twitter YouTube Subscribe to TechSpot RSS Get our weekly newsletter Search TechSpot Trending Hardware The Web Culture Mobile Gaming Apple Microsoft Google Reviews Graphics Laptops Smartphones CPUs Storage Cases Ad-aware and Spybot Search and DestroyClick to expand...

Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If I would like to understand the tools you used to clean my machine and I would like to be able to help others like you guys helped me out. Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now: O1 - Hosts: Please post the log from Spybot so I can see exactly what it is finding. 0 OptionsEdit tbryant Apr 2005 edited Apr 2005 Here is my spybot log CoolWWWSearch.Leftovers: Trusted Site

I went this route because there were some annoying things I couldn't get rid of at start up that I will ask you about when we are all done. Member Members 58 posts Posted 13 January 2005 - 06:59 PM Narrator ---------------- FindNarrator NT-2K-XP ---------------- Warning! Post those error messages when you come back to post the logs.

coolWWWsearch is a pretty nasty little piece of work.

Now that we're in the middle of Legion, with Nighthold here and our raid team making excellent progress, it's time to ta… primesuspect Beepin n' Boopin Detroit, MI 15 Jan Icrontic Several functions may not work. Was anything else skipped? Share this post Link to post Share on other sites Rawe    New Member Trusted Advisors 9 posts Location: Finland ID: 5   Posted November 10, 2005 I could check your

Then, post your HJT log as well as the Ewido log. Create an blank Notepad file on the Desktop: Right click the Desktop, select New>Text Document Right click the text document and delete it. Exit any running programs. Join thousands of tech enthusiasts and participate.

Place it in its own folder, for example C:\Program Files\HJT chaslang, Feb 4, 2005 #2 TheOldThug First Sergeant Welcome I see Chas beat me to it. Argh!!! Logfile of HijackThis v1.99.0 Scan saved at 5:40:17 PM, on 1/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe I know the account where it does not load has in the past not been an administrative account but it is now.

I have already sent others to the site and with the bosses approval will be sending around a note to my co-workers to check the prevening infection posting. By continuing to use this site, you are agreeing to our use of cookies. Yes, my password is: Forgot your password? Argh!!!

Under Scanning engine select: Unload recognized processes during scanning and under Cleaning Engine select: Let windows remove files in use at next reboot Click proceed to save your settings. Have you installed SpywareBlaster yet? Just use the search button up above next to new posts and search "messenger remove" and you'll find it. My first article was about filtering internet access for families.

You may also... However, since only Coolwebsearch does this, it's better to use CWShredder to fix it.O20 - AppInit_DLLs Registry value autorunWhat it looks like: O20 - AppInit_DLLs: msconfd.dll What to do:This Registry value Started by Argh!!! , Jan 10 2005 06:45 PM Prev Page 2 of 5 1 2 3 4 Next » Please log in to reply 81 replies to this topic #21 Save good links for reference.

Yes, my password is: Forgot your password? If you like Norton and feel comfortable with it and most important have a paid subscription where you get constant updates, then you can keep it. Let's worry about those later after fixing all the problems I can see (there are a bunch). Ironically, I just completed one on spyware.

Should I chuck Norton and go with one of those? You have several problems including a nasty VX2 problem and a Narrator trojan.