I can't believe that 8 people reply to that HJT log and no-one says anything about the infestation.
Take that log to the SWI forums and get help removing all the shit before looking elsewhere for the problem.
Printable View
I can't believe that 8 people reply to that HJT log and no-one says anything about the infestation.
Take that log to the SWI forums and get help removing all the shit before looking elsewhere for the problem.
OH for the love of god virus check adaware check get help if all else fails give up
the only problem is that they are very swamped at SWI and may not even get to alot of posts :(
do run the virus scan at housecall in the previous post.
ok. extract hijack this into it's own folder. otherwise the backups may get lost. rescan with hijack this and check the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
(and any other unwanted R0's or R1's)
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
the second nature screensaver eats alot of resources on some machines, and the startup entry isn't needed so i suggest fixing this as well:
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
close all browser windows and hit fix checked.
Reboot
then delete this folder
C:\Program Files\NZSearch
and this file:
C:\Program Files\NetZero\exec.exe
reboot and post a new log when done.
Why are we deleting the start page?
Why are we deleting netzero? I need that to go online
:) the next time it begins to restart, abort the shutdwon by doing this:
1.From the Start button, find "Run...." in Windows XP.
2.In the Run window, type cmd and click OK.
3.In the cmd.exe box that opens, type shutdown -a
Source
-DeLeTrIuS- B)
those particular urls are red sheriff spyware.
you can set your homepage to the regular http://yahoo.com if you wish
the netzero item isn't necessary at startup, but it is your choice,
good luck. ;)
That's my portal page! For my sbc..Quote:
Originally posted by dopey@2 July 2004 - 23:23
those particular urls are red sheriff spyware.
you can set your homepage to the regular http://yahoo.com if you wish
the netzero item isn't necessary at startup, but it is your choice,
good luck. ;)