1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacked home page .

Discussion in 'Web & Email' started by jujitsu62, Jan 30, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. jujitsu62

    jujitsu62 Thread Starter

    Joined:
    Mar 17, 2002
    Messages:
    42
    About blank has hijacked my home page . Everytime I try to log into hotmail it goes to this annoying directory page . Can some one look at this junk and let me know what I can or cannot delete ? THX DON C:\WINDOWS\PACKAGER.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [email protected]
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
    O2 - BHO: (no name) - {CE73261D-D185-4139-BAB2-787D195D27AA} - C:\WINDOWS\SYSTEM\IGHF.DLL
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRAM FILES\COMET\BIN\CSIETB.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\EN-US\MSNTB.DLL
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OUTPOST.EXE /waitservice
    O4 - HKLM\..\Run: [ehfibe] c:\windows\system\ehfibe.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OUTPOST.EXE /service
    O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (HKCU)
    O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (HKCU)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by WebHancer
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\\nosuch.mht!http://lacroix.nm.ru/index.chm::/index.exe
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.68/zr2YIWbYyBDC7Za2.chm::/on-line.exe
    O18 - Filter: text/html - {289A8397-DEAB-4F0B-8920-A94B14508085} - C:\WINDOWS\SYSTEM\IGHF.DLL
    O18 - Filter: text/plain - {289A8397-DEAB-4F0B-8920-A94B14508085} - C:\WINDOWS\SYSTEM\IGHF.DLL
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome to TSG :)

    It looks like the top part of the log is missing.

    Can you please post the full log?
     
  3. jujitsu62

    jujitsu62 Thread Starter

    Joined:
    Mar 17, 2002
    Messages:
    42
    Logfile of HijackThis v1.99.0
    Scan saved at 3:54:25 PM, on 30/01/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGWB.DAT
    C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
    C:\WINDOWS\SYSTEM\EHFIBE.EXE
    C:\WINDOWS\PACKAGER.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [email protected]
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
    O2 - BHO: (no name) - {CE73261D-D185-4139-BAB2-787D195D27AA} - C:\WINDOWS\SYSTEM\IGHF.DLL
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRAM FILES\COMET\BIN\CSIETB.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\EN-US\MSNTB.DLL
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OUTPOST.EXE /waitservice
    O4 - HKLM\..\Run: [ehfibe] c:\windows\system\ehfibe.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OUTPOST.EXE /service
    O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE"
    O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (HKCU)
    O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (HKCU)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\\nosuch.mht!http://lacroix.nm.ru/index.chm::/index.exe
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.68/zr2YIWbYyBDC7Za2.chm::/on-line.exe
    O18 - Filter: text/html - {289A8397-DEAB-4F0B-8920-A94B14508085} - C:\WINDOWS\SYSTEM\IGHF.DLL
    O18 - Filter: text/plain - {289A8397-DEAB-4F0B-8920-A94B14508085} - C:\WINDOWS\SYSTEM\IGHF.DLL
     

    Attached Files:

  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    First remove New.Net

    Instructions here: http://www.newdotnet.com/removal.html

    Then download and run these:

    Ad-Aware SE: http://www.lavasoftusa.com/support/download/

    Install and run it. On the bottom right corner of Ad-Aware you will see an option called "Check for updates now", click on that and choose "connect". Download the updates. Next click on "Scan now" on the left side of Ad-Aware. Make sure that "Search for negligible risk entries" is crossed out and not ticked. Choose "Perform full system scan" and click "Next". After Ad-Aware scans your computer, Ad-Aware may find some bad files on your computer so make sure you tick them all and choose "Next". It will ask if you want to remove those items so just continue. After removing the items close Ad-Aware.

    Reboot

    SpyBot: http://www.safer-networking.org/en/index.html

    Install and run it. Choose "Search for updates". Next choose "Download updates". After that, choose "Search and Destroy" and click on "Check for problems". If Spybot finds any nasties on your computer, make sure that they are ticked and choose "Fix selected problems".

    Reboot again

    Move Hijack This off the desktop. Have it in a permanent folder of your creation on the hard drive.

    Post a new log
     
  5. jujitsu62

    jujitsu62 Thread Starter

    Joined:
    Mar 17, 2002
    Messages:
    42
    One question ; why have hijack this off the desk top ? DON, THX A BUNCH
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Just make a new folder on your hard drive. Call it something like "HJT"
    Then copy and paste the HijackThis.exe from the Desktop to the new folder and run it again from there (y)
     
  7. jujitsu62

    jujitsu62 Thread Starter

    Joined:
    Mar 17, 2002
    Messages:
    42
    I am wondering if it isn't a virus . I tried all of these fixes and they seem to work until I try to sign in to hotmail . Everything to do with Microsoft is screwed up . I can go to google , Help on the net ! ; all my other sites ,uneffected . As soon as I go to my MSNSympatico.ca homepage or sign into my hotmail ; POOF , I shoot back to blank crap . Do any of these people that advertise with this group think I or anyone else that is hijacked is going to buy anything from them . NOT IN YOUR LIFE . DON
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You definitely have stuff going on in that log. Let me grab a Moderator to check it.
     
  9. jujitsu62

    jujitsu62 Thread Starter

    Joined:
    Mar 17, 2002
    Messages:
    42
    When I get home I will do another hijack this and post it . I'm sure it changed from yesterday . I did all of those tips but as soon as I signed into hotmail , I was back to slimeball blank page .
     
  10. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Step 1
    Download CW Shredder: http://www.spyware911.net/downloads/CWShredder.exe
    Don't run it yet.
    Step 2
    Get The latest version of Adaware
    You can download the free version here:
    http://www.lavasoftusa.com/support/download/
    Again just let it be until later.
    Step 3
    Now reboot into safe mode http://www.spyware911.net/safemode.htm
    Step 4
    Set the system to show hidden files and folders http://www.spyware911.net/showhiddenfiles.htm
    Step 5
    Run CWShredder and click fix (not scan) and let it fix anything it finds.
    step 6
    Now rescan with hijack, insert a check next to each of the following then close all other open windows and click "fix checked"


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [email protected]


    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL


    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL

    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL

    O2 - BHO: (no name) - {CE73261D-D185-4139-BAB2-787D195D27AA} - C:\WINDOWS\SYSTEM\IGHF.DLL

    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll


    O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRAM FILES\COMET\BIN\CSIETB.DLL


    O4 - HKLM\..\Run: [ehfibe] c:\windows\system\ehfibe.exe

    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe


    O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm


    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\\nosuch.mht!http://lacroix.nm.ru/index.chm::/index.exe

    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.68/zr2YIWbYyBDC7Za2.chm::/on-line.exe

    O18 - Filter: text/html - {289A8397-DEAB-4F0B-8920-A94B14508085} - C:\WINDOWS\SYSTEM\IGHF.DLL

    O18 - Filter: text/plain - {289A8397-DEAB-4F0B-8920-A94B14508085} - C:\WINDOWS\SYSTEM\IGHF.DLL


    Now open windows explorer, find then delete:
    c:\windows\system\ehfibe.exe
    C:\PROGRAM FILES\MYWEBSEARCH
    step 7
    Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
    Step 8
    Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

    Step 9
    Empty the Recycle Bin
    Step 10
    Then open adaware You need to be logged on as Adminstrator through the installation.
    For ease in installation and operation, view the tutorial here http://www.spyware911.net/adaware.htm

    Just download it to your desktop and then to install click on the file you just downloaded (aawsepersonal.exe). You will be guided through the installation. It is recommended to use the default setting of "Protect anyone who uses this computer".

    On the main screen of Adaware please look for the *check for updates now* link, just above the start button in the bottom right corner or you can click on the Webupdate button that looks like a globe icon at the top. Press * connect* to let it check for any recent updates. If any are found, please let it download and install them.

    Now, configure your settings. Click the gear icon at the top. These are the recommended settings:

    AAW SE settings

    General Button
    Safety:
    Check (Green) all three.

    Advanced Button
    Logfile Detail Level:
    All options under this should be checked (Green).

    Tweak Button
    Check (Green) the following:
    Log Files
    Include basic Ad-Aware settings in logfile:
    Include additional Ad-Aware settings in logfile:
    Please do not check (Green): Include Module list in logfile:

    On your first scan, use the Full Scan (Perform full system scan) mode.

    Let Adaware remove any *bad* objects found. Reboot your PC and scan again. Repeat this process until no more bad items are found. It may take several scans to clean everything, depending on the type of infections found.

    Then reboot, rescan with hijack and post a fresh updates logfile
     
  11. jujitsu62

    jujitsu62 Thread Starter

    Joined:
    Mar 17, 2002
    Messages:
    42
    I am truly impressed . Not only has the garbage been taken out but the ole jalopy seems to be running better in general . Thx a bunch guys . I had trouble getting shredder to open up ; had to go directly to the site and get it . I guess it is about time I figure out how to make a donation . DON
     
  12. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Thats great Don and if you care to post yet one more hijack log for a final look I would be glad to look it over.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324947

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice