Way Off Topic - Adware / HiJack This Help Needed- Mtbr.com
Results 1 to 13 of 13
  1. #1
    lurker spaz
    Reputation: Dr.Faustus's Avatar
    Join Date
    Jan 2004
    Posts
    340

    Bonking ... not feelin' well Way Off Topic - Adware / HiJack This Help Needed

    Sorry about this but I'm a little stuck.

    I'm helping clean up a thoroughly adware/spyware infested PC. A quick Google search turned up a tech forum dedicated to un-infesting hijacked PC's. As of TODAY that forum is closing up shop and I just posted my questions / HiJack This log file.

    1. Do you know of another good forum for getting answers on hijacked PC's?
    2. Do you know where I can find out how to read a HiJack This log file?
    3. Do you know how to read a HiJack This log file and tell me whats fine and what should be deleted?

    Help!
    Dr.(stymied)F.

    P.S. I'm posting my original tech post below.

  2. #2
    lurker spaz
    Reputation: Dr.Faustus's Avatar
    Join Date
    Jan 2004
    Posts
    340

    Hijack This Log (used Ad-aware)

    I started with a laptop running WinXP Home. Symptoms were the "Error Loading C:\WINDOWS\System32\bridge.dll" pop-up and an overall system slowdown. Updated Norton AV and ran that. Tried to update Windows and could only install about 3 critical updates. Uninstalled only those programs in "Add/Remove" that were obviously adware/spyware/etc.

    So, I then followed the instructions on . Ran Adaware with the most recent update. Ran Hijack This and got the following log file. Your help is greatly appreciated.

    Thanks,
    Tim

    ----------------------------------

    Logfile of HijackThis v1.98.0
    Scan saved at 1:24:15, on 20.7.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\windows\temp\z4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\System32\sfmprxy.exe
    C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe
    C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.colum.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\plg0\AproposPlugin.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [z4] C:\windows\temp\z4.exe
    O4 - HKLM\..\Run: [2ZQLKP#2WLSCTL] C:\WINDOWS\System32\ZlwJQ.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [AutoLoaderxw4r1JTkaRLW] "C:\WINDOWS\System32\upsole32.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [x3nX37O] upsole32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
    O4 - HKCU\..\Run: [g047RXiml] sfmprxy.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BOOKcase 4.0.lnk = C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe
    O4 - Global Startup: Iomega Icons.lnk = ?
    O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools_NT\STARTNT.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\REFRESH.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

    ----------------------------------

  3. #3
    mtbr member
    Reputation:
    Join Date
    Feb 2004
    Posts
    127
    There are a few good programs that have used to remove these.

    Spy Sweeper - http://www.spysweeper.com/download.html
    CWShredder - http://www.softpedia.com/public/scri...ero/10-17-150/




    Quote Originally Posted by Dr.Faustus
    I started with a laptop running WinXP Home. Symptoms were the "Error Loading C:\WINDOWS\System32\bridge.dll" pop-up and an overall system slowdown. Updated Norton AV and ran that. Tried to update Windows and could only install about 3 critical updates. Uninstalled only those programs in "Add/Remove" that were obviously adware/spyware/etc.

    So, I then followed the instructions on . Ran Adaware with the most recent update. Ran Hijack This and got the following log file. Your help is greatly appreciated.

    Thanks,
    Tim

    ----------------------------------

    Logfile of HijackThis v1.98.0
    Scan saved at 1:24:15, on 20.7.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\windows\temp\z4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\System32\sfmprxy.exe
    C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe
    C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.colum.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\plg0\AproposPlugin.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [z4] C:\windows\temp\z4.exe
    O4 - HKLM\..\Run: [2ZQLKP#2WLSCTL] C:\WINDOWS\System32\ZlwJQ.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [AutoLoaderxw4r1JTkaRLW] "C:\WINDOWS\System32\upsole32.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [x3nX37O] upsole32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
    O4 - HKCU\..\Run: [g047RXiml] sfmprxy.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BOOKcase 4.0.lnk = C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe
    O4 - Global Startup: Iomega Icons.lnk = ?
    O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools_NT\STARTNT.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\REFRESH.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

    ----------------------------------

  4. #4
    mtbr member
    Reputation: Casual Observer's Avatar
    Join Date
    Jan 2004
    Posts
    9,211
    Which one did you use?

    My PC recently was hijacked, and this site helped:
    http://www.cybertechhelp.com/forums/...splay.php?f=25

    Basically, they will ask you to post your HiJack This log file, and tell you what to delete (and how). It's usually files you don't recognize, but if you're clueless (like me), they should be able to walk you through it.

  5. #5
    lurker spaz
    Reputation: Dr.Faustus's Avatar
    Join Date
    Jan 2004
    Posts
    340

    Thanks!

    Quote Originally Posted by skinny-tire
    Which one did you use?

    My PC recently was hijacked, and this site helped:
    http://www.cybertechhelp.com/forums/...splay.php?f=25

    Basically, they will ask you to post your HiJack This log file, and tell you what to delete (and how). It's usually files you don't recognize, but if you're clueless (like me), they should be able to walk you through it.
    I tried WilderSecurity forums, and as I said they just closed that forum off . Re: clueless - SOME of the files I recognize, but not all of them by far!

    Gracias,
    Dr.F.

  6. #6
    mtbr member
    Reputation: Casual Observer's Avatar
    Join Date
    Jan 2004
    Posts
    9,211
    I'd remove this one:
    O4 - Global Startup: Naked Brittney Spears Photos = C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe
    :-)

  7. #7
    mtbr member
    Reputation: Casual Observer's Avatar
    Join Date
    Jan 2004
    Posts
    9,211
    It was a major pain in my behind. I bit the bullete and called my IT guy (I work remote). After getting read the riot act (for I guess downloading something I should not have), he actually walked me through it. You can try these too:
    http://www.pcstats.com/articleview.c...d=1579&page=5#

    http://www.computing.net/security/ww.../wwwboard.html

  8. #8
    MTBR.com Addict
    Reputation: STrackMike's Avatar
    Join Date
    Jan 2004
    Posts
    616
    You can also try installing and running 'Spybot Search and Destroy'. I run that and Adaware once to twice a month. Keeps me out of trouble pretty good.
    You can find it through download dot com

    Education Coordinator for Bicycle Trails Council of the East Bay
    www.btceb.org
    Help us support open and multi-use trails.


  9. #9
    Dork
    Reputation: Drewpy's Avatar
    Join Date
    Jan 2004
    Posts
    222
    Google "cwshredder" and download it. Restart your computer in safe mode and run it.
    Princess Scooter's last friend.

  10. #10
    It's the axle
    Reputation: Gregg K's Avatar
    Join Date
    Jan 2004
    Posts
    1,762
    Adaware 6. Load most recent downloads.
    Use custom scanning options-
    General- Everything checked except "run at windows startup"
    Scanning- top box-scan with archives checked
    - lower box- all checked
    Tweak- Cleaning engine- check "let windows remove files..."

    There are a few more options. I suggest freedomlist.com

    I had horrible trojans, and after using Adaware with the newest downloads, I finally came clean.

    Goodl luck, and stay away from crappy websites. Use Firefox as a browser. Set up the security settings. It's a study to get it right.

  11. #11
    govt kontrakt projkt mgr
    Reputation: ArmySlowRdr's Avatar
    Join Date
    Dec 2003
    Posts
    6,170

    Good job! 2d dat..

    Just used the adaware 6 by lavasoft today to clean up the computer; the family had teenaged company while I was away in Iraq. I come back for r and r last night and find n almost non working computer. All seems back to normal now.

    Quote Originally Posted by Gregg K
    Adaware 6. Load most recent downloads.
    Use custom scanning options-
    General- Everything checked except "run at windows startup"
    Scanning- top box-scan with archives checked
    - lower box- all checked
    Tweak- Cleaning engine- check "let windows remove files..."

    There are a few more options. I suggest freedomlist.com

    I had horrible trojans, and after using Adaware with the newest downloads, I finally came clean.

    Goodl luck, and stay away from crappy websites. Use Firefox as a browser. Set up the security settings. It's a study to get it right.

  12. #12
    Who's that guy?
    Reputation: Darkan's Avatar
    Join Date
    Mar 2004
    Posts
    233

    pchell

    pchell.com has a bunch of walkthru fixes for more common problems including adware and hijacks.

    Good luck!

    Slow and steady gets you...7th place.


    "Hey! Where is everybody going??"

  13. #13
    DWW
    DWW is offline

    Reputation:
    Join Date
    Mar 2004
    Posts
    67

    Spyware Stormer

    Quote Originally Posted by Dr.Faustus
    Sorry about this but I'm a little stuck.

    I'm helping clean up a thoroughly adware/spyware infested PC. A quick Google search turned up a tech forum dedicated to un-infesting hijacked PC's. As of TODAY that forum is closing up shop and I just posted my questions / HiJack This log file.

    1. Do you know of another good forum for getting answers on hijacked PC's?
    2. Do you know where I can find out how to read a HiJack This log file?
    3. Do you know how to read a HiJack This log file and tell me whats fine and what should be deleted?

    Help!
    Dr.(stymied)F.

    P.S. I'm posting my original tech post below.
    I think this may help...

    http://www.spywarestormer.com/
    Spyware Stormer

    D.

Similar Threads

  1. Moderator needed??
    By Low_Rider in forum Site Feedback/Issues
    Replies: 0
    Last Post: 06-01-2004, 06:08 PM

Members who have read this thread: 0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

THE SITE

ABOUT MTBR

VISIT US AT

© Copyright 2020 VerticalScope Inc. All rights reserved.