Hijack Log

This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.


Thread Starter
Sep 8, 2004
can anybody help me get rid of this cws???.
i have been reading some of the letter and i have done a hj log but don`t
know the next step?,here is the log any help would be very much appreciated



Malware Specialist
Sep 1, 2003
Hello Toad1 and welcome to TSG

Sorry but you log did not get posted. Please try again and someone here will be happy to take a look at it for you
Nov 6, 2002
In the future if you will copy and paste your log into the body of your reply instead of attaching it; it is easier for us to work on. (y)

Please Download CWShredder from HERE .Don't run it yet; just have it on your desktop (or where ever) ready to go when we need it Please re download if you already have this. Make sure you have the latest version!

Print these instructions as you need to have IE closed from all of the fixes listed below.

Please check your settings so that you are able to Show Hidden Files and Folders

With ONLY HijackThis running
Place a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btyahoo.com/welcome2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [winupd] F:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\Run: [WinInit] Win86.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)


Reboot to safe mode (instructions)

Find and delete the following files/folders:-
You will have to search for the following files with Start>Search>Files and Folders:
Make sure you delete all instances of the files you find.
Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary
Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\

[*]Empty your "Recycle Bin"

Now close all windows (including this one) then run the CWShredder you downloaded earlier; clicking on 'Fix' NOT 'Scan Only'

Then Reboot and post a fresh log back to this thread.
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online