Correctly posted hijack log
- Thread starter tjent
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Your version of Hijackthis is out of date.
Go and follow the instructions in this thread exactly.
Then post a fresh HJT log as an attachment.
Regards Howard
Go and follow the instructions in this thread exactly.
Then post a fresh HJT log as an attachment.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
This is getting farcical.
https://www.techspot.com/vb/showthread.php?t=34017
https://www.techspot.com/vb/showthread.php?t=33399
You have been given advice several times, and have not followed it. Your version of HJT is still out of date.
The thread I linked to clearly states
Did you even read it?
The bottom line is, if you don`t follow the advice given. We can`t help you.
Regards Howard
https://www.techspot.com/vb/showthread.php?t=34017
https://www.techspot.com/vb/showthread.php?t=33399
You have been given advice several times, and have not followed it. Your version of HJT is still out of date.
The thread I linked to clearly states
Did you even read it?
The bottom line is, if you don`t follow the advice given. We can`t help you.
Regards Howard
How about this one?
No need to get snippy...
I am new to this and it is really frustrating.
I think I have the right version of everything now and I am posting my new log in .txt form. If it's still wrong just tell me what program to buy to fix it. Norton? McAfee?
Your help IS appreciated.
No need to get snippy...
I am new to this and it is really frustrating.
I think I have the right version of everything now and I am posting my new log in .txt form. If it's still wrong just tell me what program to buy to fix it. Norton? McAfee?
Your help IS appreciated.
RealBlackStuff
Posts: 6,450 +3
Follow these instructions EXACTLY until you have run CWShredder:
How to remove Begin2Search/Coolwebsearch and Other Nasties
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
plook.exe
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\PLook\plook.exe
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O4 - HKLM\..\Run: [Plook] C:\Program Files\PLook\plook.exe
O4 - HKCU\..\Run: [Plook] C:\Program Files\PLook\plook.exe
Fix ALL O16 - DPF: entries
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINNT\Temp (except files dated from TODAY).
Boot normal.
How to remove Begin2Search/Coolwebsearch and Other Nasties
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
plook.exe
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\PLook\plook.exe
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O4 - HKLM\..\Run: [Plook] C:\Program Files\PLook\plook.exe
O4 - HKCU\..\Run: [Plook] C:\Program Files\PLook\plook.exe
Fix ALL O16 - DPF: entries
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINNT\Temp (except files dated from TODAY).
Boot normal.
Can't get this one....
I can't get to this link either by point and click or by typing it in directly:
AboutBuster from www.malwarebytes.biz/AboutBuster.zip.
I can't get to this link either by point and click or by typing it in directly:
AboutBuster from www.malwarebytes.biz/AboutBuster.zip.
RealBlackStuff
Posts: 6,450 +3
Get it here, I'll change the link
http://www.bleepingcomputer.com/files/spyware/AboutBuster5.zip
PS you don't need it for now.
http://www.bleepingcomputer.com/files/spyware/AboutBuster5.zip
PS you don't need it for now.
- Status
Latest posts
-
Razer launches $160 Viper V3 Pro gaming mouse with 8,000 Hz polling rate- Shawn Knight replied
