ComputerBB

Short Circuits, Big Ideas
https://www.computerbb.org/

CWS & TOOLBAR Problem - Please Help with HJT Log

https://www.computerbb.org/viewtopic.php?t=2500

Page 1 of 1

CWS & TOOLBAR Problem - Please Help with HJT Log

Posted: October 2nd, 2005, 2:33 pm
by chris3737
Hello, Any help would be much appreciated. I've used HJT to try to get rid of CWS and the toolbar. I've been deleted entry 03 below over and over but it re-enters there at every reboot. Below is the latest HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 15:00:39, on 02/10/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\VXFJJ.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [GSISETUP] C:\WINDOWS\TEMP\GsiInst.exe INSTALL C:\WINDOWS\TEMP\.\V205Res 23 O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [BCMHal] rundll32.exe bcmhal9x.dll,BCInit O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll Thanks in advance, Chris

Posted: October 3rd, 2005, 12:29 am
by richh0323
Start out by turning off you're system restore (start/help and support/tools/system restore/system restore settings/ check box to turn off) Start up in safe mode, run HiJack this and fix the following entries, R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\VXFJJ.DLL Now go to this site follow the link and download CWShredder, follow the instructions and run it. After you do this start up in normal mode, post new HJ log, and if all is good then we'll turn back on system restore

Posted: October 3rd, 2005, 12:29 am
by richh0323
Opps link... http://www.spywareinfo.com/articles/cws/
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited