1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack Log

Discussion in 'Virus & Other Malware Removal' started by TOAD1, Sep 8, 2004.

Thread Status:
Not open for further replies.
  1. TOAD1

    TOAD1 Thread Starter

    Sep 8, 2004
    can anybody help me get rid of this cws???.
    i have been reading some of the letter and i have done a hj log but don`t
    know the next step?,here is the log any help would be very much appreciated

    Attached Files:

  2. mjack547

    mjack547 Malware Specialist

    Sep 1, 2003
    Hello Toad1 and welcome to TSG

    Sorry but you log did not get posted. Please try again and someone here will be happy to take a look at it for you
  3. jwbirdsong


    Nov 6, 2002
    In the future if you will copy and paste your log into the body of your reply instead of attaching it; it is easier for us to work on. (y)

    Please Download CWShredder from HERE .Don't run it yet; just have it on your desktop (or where ever) ready to go when we need it Please re download if you already have this. Make sure you have the latest version!

    Print these instructions as you need to have IE closed from all of the fixes listed below.

    Please check your settings so that you are able to Show Hidden Files and Folders

    With ONLY HijackThis running
    Place a check next to these entries:
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btyahoo.com/welcome2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O4 - HKLM\..\Run: [winupd] F:\WINDOWS\System32\winupd.exe
    O4 - HKLM\..\Run: [WinInit] Win86.exe
    O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!
    O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)


    Reboot to safe mode (instructions)

    Find and delete the following files/folders:-
    You will have to search for the following files with Start>Search>Files and Folders:
    Make sure you delete all instances of the files you find.
    Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

    [*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

    [*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

    [*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary
    Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.

    [*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\

    [*]Empty your "Recycle Bin"

    Now close all windows (including this one) then run the CWShredder you downloaded earlier; clicking on 'Fix' NOT 'Scan Only'

    Then Reboot and post a fresh log back to this thread.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/271724

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice