Home > Hijackthis Log > HiJackThis Log / CoolWebSearch

HiJackThis Log / CoolWebSearch

Please create a permanent folder for HijackThis (I suggest "C:\Program Files\HijackThis") and move the HijackThis program there. Back to top #3 delradie delradie New Member New Member 3 posts Posted 21 May 2004 - 04:43 AM Here's the log as requested. Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' Download the "FindIt" tool from here. 2. have a peek here

Anyone with similar problems, please start your own thread. Secure] C:\Program Files\Easy Desk Utilities\PCSecure\Pcsecure.exe Silent O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Article What Is A BHO (Browser Helper Object)? CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).

Once all are checked, click the "Fix checked" button. the search for the vv3izbnft7npt61.dll.dll turned up nothing. The time now is 07:15 PM.

Before running CWShredder, try this link: CWS.SmartKiller mini removal tool Additionally, make sure you're running the latest version of CWShredder. Typically there are two ways to find a file when you don't know what folder it is in. Did we mention that it's free. Then I ran CWShredder again, and it closed itself at the same spot, just like before.

In HijackThis 1.99.1 or higher, the button 'Delete NT Service' in the Misc Tools section can be used for this. b. Addition tools you may want to use are: BHO Captor: http://www.snapfiles.com/get/bho.html Autoruns: http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml Make sure you're using the latest versions of ALL your tools. If you don't, check it and have HijackThis fix it.

Then CLOSE YOUR BROWSER AND ANY WINDOWS EXCEPT THE ONE IT'S RUNNING IN and click on FIX (not SCAN, which will NOT fix anything), and let it fix everything it finds. waht should i learn? b. "Hide extensions for known file types" should be unchecked. Search your entire system and see if it can come up with that .DLL ("vv3izbnft7npt61.dll.dll").

hinaraees -5 6 posts since Jun 2011 Newbie Member More Recommended Articles About Us Contact Us Donate Advertising Vendor Program Terms of Service API Newsletter Archive Community Forums Recent Articles Recommended The "alcxmntr.exe" could have been removed by Ad-aware. Find.bat is running from: C:\Documents and Settings\Owner\My Documents\security\findit\Find It NT-2K-XP ------- System Files in System32 Directory ------- Volume in drive C is PRESARIO Volume Serial Number is C052-63FF Directory of C:\WINDOWS\System32 Make sure your Windows Explorer Folder Settings are as follows: (To access them, go "Tools" > "Folder Options" > "View") a. "Show hidden files and folders" should be checked.

Here's the Answer Article Google Chrome Security Article What Are the Differences Between Adware and Spyware? navigate here It will run for a minute or two, then produce a log (ignore any "File Not Found" messages on the screen, it should continue anyway). 4. Forum Today's Posts FAQ Calendar Forum Actions Mark Forums Read Quick Links View Forum Leaders What's New? Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools'

Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! Unregister the dll(s) we're going to remove, by entering the following: regsvr32 /u mstyp.dll It's ok, if these aren't found or 'error' out. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. http://softsystechnologies.com/hijackthis-log/hijackthis-log-help-me-out.html Reboot again, run another HijackThis scan and post the results here. 5.

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged The one deviation from what I've read about this is that its said this uses a hole in MSJVM to infect, and I've never had that on this system. No, create an account now.

Secure] C:\Program Files\Easy Desk Utilities\PCSecure\Pcsecure.exe Silent O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Be sure to use "Add Reply" to append it here. We made need to try one more tool to see if it is really gone. 0 Kudos Posted by Saul_2 ‎01-13-2005 06:50 PM Most Valued Poster View All Member Since: ‎04-25-2004 Reboot again, run another HijackThis scan and post > the results here. C.

it has a what looks like a very angry blue crab icon and says it is a realtek audio event monitor that was created sep 7, 04. thanks for your help jw _________________ 0 Kudos Posted by jw50 ‎01-14-2005 07:06 PM Most Valued Poster View All Member Since: ‎12-29-2003 Posts: 1,674 Message 8 of 21 (375 Views) Re: Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? this contact form the only place i found a reference to it was in a hijackthis log at this help2go web site thought the rest of the files this guy had listed might lead

I've been hijacked by what I suspect is coolwebsearch.searchx. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode". - Reboot. =============== After rebooting your PC, post back a new log and let me Results 1 to 3 of 3 Thread: Hijackthis log- infected coolwebsearch,wareout,crazy trojans Tweet Thread Tools Show Printable Version Email this Page… Subscribe to this Thread… Search Thread Advanced Search Display In the process of getting rid of this beast, I switched my browser to Opera, and it's so much better than IE...wish I had known about it earlier.

When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O4 - HKLM\..\Run: [avemspw] C:\WINDOWS\System32\avemspw.exe Reboot into safe Companion" "SV1"="" ------------- Keys Under Notify ------------- REGEDIT4 "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00 "Logoff"="ChainWlxLogoffEvent" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00 "Logoff"="CryptnetWlxLogoffEvent" "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" "DLLName"="wlnotify.dll" It's free. Be sure you do not remove > that.) > > c.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) Back to top #3 schrauber schrauber Mr.Mechanic Malware Response Team 24,794 posts OFFLINE Gender:Male Location:Munich,Germany Local time:12:15 AM Posted 31 The service needs to be deleted from the Registry manually or with another tool. PM me if you need that. :) 0 Discussion Starter lapeyre 12 Years Ago Okay, I got the mini removal tool to work, and it reported that I didn't have CWS.SmartKiller Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If

C:\WINDOWS\system32\sfarkxt.dll Check the date on this file and determine what company created it (Right-click on it, bring up its "Properties" > "Version"). 5. Back to top #6 k3dc k3dc Authentic Member Authentic Member 239 posts Interests:Musician, Radio Host and Producer
Ham Radio Operator, Opera Lover
General Curmudgeon and Tightwad
Hater of Malware Posted 21 May 2004 - While still in "Safe Mode", remove the > following files/folders: > > a. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Convert for CLI - C:\Program Files\Sony\Image Converter\menu.htm O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

What a thrill) and here's my latest HiJackThis log.