Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Incredimail Driving me nuts!


(!)

PQ2's Avatar
PQ2 PQ2 is offline
Computer Specs
Junior Member with 28 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Computer Illiterate
13-Oct-2007, 07:59 PM #1
Unhappy Incredimail Driving me nuts!
I installed incredimail, but didn't like it. I uninstalled it but it left something that has hijacked my home page. How the heck do I get rid of it.

my new home page IS http://mystart.incredimail.com/english/

Please tell me how to get rid of this evil thing. Thanks.

Last edited by PQ2; 13-Oct-2007 at 08:13 PM..
HalTrout's Avatar
HalTrout HalTrout is offline HalTrout has a Profile Picture
Computer Specs
Senior Member with 911 posts.
 
Join Date: Mar 2007
Location: Arizona High Country
Experience: Not quite enough
13-Oct-2007, 08:18 PM #2
Bring up explorer and select tools>internet options and under the general tab change your home page to what you want.
PQ2's Avatar
PQ2 PQ2 is offline
Computer Specs
Junior Member with 28 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Computer Illiterate
13-Oct-2007, 08:23 PM #3
I did and it keeps going back to http://mystart.incredimail.com/english/

How do I get rid of this????? Driving me nuts.
ozrom1e's Avatar
Computer Specs
Member with 11,849 posts.
 
Join Date: May 2006
Experience: Advanced
13-Oct-2007, 09:38 PM #4
Welcome to TSG....

This will be a start and when you go thru this and have the log file please do not try to work on this yourself we have specail trained techs here at TSG that will work this thru with you all you got to do is follow the instructions:

To download HJTsetup.exe from TrendSecure To Download HijackThis go to the following at the File Repository
Click on the link below to Download HijackThis Self Installer:

http://www.trendsecure.com/portal/en...HJTInstall.exe

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
__________________
I still use my Osborne 01 with a 300 Baud modem all the time.

I was always taught to respect my elders, but it keeps getting harder to find one.

Heaven goes by favorites, If it didn't then your dog would get in first. Amen.
PQ2's Avatar
PQ2 PQ2 is offline
Computer Specs
Junior Member with 28 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Computer Illiterate
13-Oct-2007, 10:13 PM #5
Incredimail Driving me nuts!!
Here is the log file from Hijack Scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:03 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - AB5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - XA3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/...ad/tgctlcm.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10397 bytes
PQ2's Avatar
PQ2 PQ2 is offline
Computer Specs
Junior Member with 28 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Computer Illiterate
14-Oct-2007, 12:40 PM #6
Still Need Your Help
I posted the log, Someone please assist me. Thanks.
redoak's Avatar
Computer Specs
Gone but never forgotten with 6,782 posts.
 
Join Date: Jun 2004
Location: West Glenville, Sch'dy Cty, NY
Experience: Intermediate
15-Oct-2007, 05:48 AM #7
I have asked the Moderator to respond or have another qualified person do so. Be patient.
{redoak}
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,691 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
15-Oct-2007, 07:37 AM #8
Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - AB5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - XA3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

then

download Sunbelt Counterspy Free trial

Save the install file to desktop and double click it to install counterspy

Once it has installed, follow the set up wizard which will automatically start, allow it to update itself

It will take a few minutes to update to the latest definitions file versions

run a full scan & when it finishes a window will open with all items found

They should all be marked as quarantine by default so scroll down & check that nothing you know to be good or want to keep is detected. Then just press the take action button & follow any prompts ( set anything you want to keep as ignore)

post back with it's report ( on the scan page, press view details & copy that report & paste it back here )
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
PQ2's Avatar
PQ2 PQ2 is offline
Computer Specs
Junior Member with 28 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Computer Illiterate
15-Oct-2007, 01:21 PM #9
Scan History Details
Start Date: 10/15/2007 11:01:52 AM
End Date: 10/15/2007 12:05:15 PM
Total Time: 63 Min 23 Sec
Detected security risks

Cookie: AdsRemote.Scripps.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@adsremote.scripps[1].txt


Cookie: BeloInteractive.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@belointeractive[2].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@a[1].txt


Cookie: PriceGrabber Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@pricegrabber[1].txt


Cookie: SageAnalyst Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@sageanalyst[1].txt


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Ignored

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Ignored

Registry entries detected
HKEY_USERS\SEARCH
PQ2's Avatar
PQ2 PQ2 is offline
Computer Specs
Junior Member with 28 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Computer Illiterate
15-Oct-2007, 01:27 PM #10
Sorry It took so long
The Spy thing took forever and I was meeting friends for lunch. It didn't show on the report but did have a review:

The one that concerned me was 247654 Registry locations checked 25 infected. It did not tell me which registry locations were infected. Should I be concerned?

Thanks for your help.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,691 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Oct-2007, 07:19 AM #11
I wouldn't worry about the infected registry locations
they would have been the ones with mywebsearch listed in previous post


Turn off system restore by following instructions here
http://www.thespykiller.co.uk/index.php?page=8
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.
and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Then pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
PQ2's Avatar
PQ2 PQ2 is offline
Computer Specs
Junior Member with 28 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Computer Illiterate
22-Oct-2007, 08:15 PM #12
Thanks DVK, I downloaded the javascript. I really appreciate the step by step instructions, they were very easy to follow and I had no problems.
GrandmaKCAT's Avatar
GrandmaKCAT GrandmaKCAT is offline
Computer Specs
Junior Member with 6 posts.
 
Join Date: Aug 2008
Location: upstate NY
Experience: Intermediate
07-Aug-2008, 08:15 PM #13
Question Please help me get rid of mystart.com!!
I've read the post where a tech was able to help another woman get rid of this exe. file. I don't want to go and do something stupid by following the directions given for her if I have different items in my registry file.
When I logged on tonight to read email - incredimail informed me that there was an update. I've used incredimail for years with no problems until now. When I log on the internet the mystart page comes up. I tried to get rid of it by re-entering my home page preference, but it still takes over.
Please help me get rid of this!! If I must delete incredimail from my system I'll do it.
I appreciate any help you can give me!
Thanks,
Ronnie AKA GrandmaKCAT
PQ2's Avatar
PQ2 PQ2 is offline
Computer Specs
Junior Member with 28 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Computer Illiterate
23-Aug-2008, 12:38 PM #14
You may need to start your own separate thread. The gurus are great and I'm sure they will help you.
SUEOHIO's Avatar
SUEOHIO   (SUE) SUEOHIO is offline SUEOHIO has a Profile Picture
Computer Specs
Member with 3,684 posts.
 
Join Date: Jan 2007
Location: NORTHEASTERN OHIO
Experience: Advanced
23-Aug-2008, 12:53 PM #15
all i can say is im sorry for u that u have had problems with incredimail. i wont recommend it to anyone to use free or paid versions. for just this reason. it causes too many problems and ive heard to many horror stories and have personally experienced problems with this program that were so bad i had to reinstall my OS. so again a word to the wise with this.use extreme caution if u really want this program.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑