Need to remove "websearchtv"

By Ed3
Jan 7, 2006
  1. Howdy!

    I've seen other solutions posted to remove "websearchtv," but cannot seem to get rid of this pop-up.

    I'm running Windows XP SP2 fully updated. I have run Spybot S&D, Adaware, Spy Doctor - even ran these in Safe Mode. Have also run HJK as posted and looked for the lines that need fixing. Couldn't find the lines that need fixing? I also have loaded Mozilla Firefox and have attempted to disable Internet Explorer -- and the rascal still gets gets either "Advertisement" or "" pop-ups through.

    I've attached a Hijack log text file. Can anyone tell me which lines I need to deletle or recommed a solition?


  2. Vigilante

    Vigilante TechSpot Paladin Posts: 1,666

    Let's play " I SPY".

    I SPY two copies of Explorer running, hmm

    I spy a suspicious process that could be MS network monitor, or a virus!
    C:\Program Files\Network Monitor\netmon.exe

    I spy a rundll32, which is not bad, but sometimes a virus can hide under it, or your spyware. Feel free to close it and see if it was a good program using it, or seemingly nothing.

    I spy an svchost running from the windows directory. That doesn't sound right to me, it should be system32 unless I'm mistaken, this could very well BE the nasty! But there can be multiple svchosts running, and most would be good. but...

    You need to remove these:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fakeproxy
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [0g640iv8.dll] RUNDLL32.EXE 0g640iv8.dll,b 222932656

    Don't know anything about PCTools, about how legit they are. But if you are 100% certain they are good, leave the pc tools references.

    Normally you do not see a winsock entry like this, it could be your malware, or something else. But changing this could affect your Internet connectivity.
    O21 - SSODL: System - {1E6D8DB6-AC3D-4CF6-BAF2-734B2521198E} - C:\WINDOWS\system32\winsock32.dll

    Here is our network monitor, notice "Unknown owner", shouldn't that be Microsoft?
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

    After deleting and restarting, are any back again? Legit processes usually don't force themselves back, malware does.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...