• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

FBJ

Trusted Advisor
  • Content count

    76
  • Joined

  • Last visited

About FBJ

  • Rank
    Member
  • Birthday

Contact Methods

  • ICQ
    0

Profile Information

  • Location
    Denmark
  1. No... the Task Scheduler service is only running on Win2000 and later. You will not be able to do the same on Win98 and ME.
  2. This Command Line utility will run on W2K: http://www.jsiinc.com/SUBF/TIP2600/rh2621.htm Download jt.exe (to C:\) - open a command prompt (Start -> Run -> cmd (Enter)) Write: jt /sd DF58C12815E78EA.job (Enter) This would delete the job you mention. Write: jt /se p >>c:\findlop.txt (Enter) ...and open findlop.txt to check if there's other tasks scheduled.
  3. Your log is clean or as clean as your mom wants it. You need to activate system restore again. I recommend you read this short article about safer surfing: http://www.wilderssecurity.com/showthread.php?t=27971 Enjoy PS Discussed in chatroom.
  4. Hi hearsjohnny Disable System restore ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm ) Run HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking "Fix checked": O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe Be sure you are configured to SHOW ALL FILES AND FOLDERS, including System and Hidden Files. If you are unsure of how to do that, follow this link http://www.xtra.co.nz/help/0,,4155-1916458,00.html and follow the step-by-step directions for your Windows version. Reboot in Safe Mode ( http://tinyurl.com/pfca ): Find and delete: C:\WINDOWS\wt\updater\ <<-- entire folder C:\PROGRAM FILES\MYWEBS~1\ <<-- entire folder C:\PROGRA~1\AWS\ <<-- entire folder Reboot in to Normal Mode, run HijackThis and post a fresh log here.
  5. Are you running BitDefender?
  6. Hi Danny Disable System restore ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm ) You have a CWS infection in addition to some other malware on your computer. Please download and run CWShredder ( http://www.spywareinfo.com/downloads/tools/CWShredder.exe ) and choose "Fix" rather than just "Scan". Once CWShredder has done its job reboot your computer. Run HijackThis, scan and when complete, remove the following entries (those that are left) by checking the box to the left and clicking "Fix checked" (blue is optional): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: (no name) - {61FD625B-966A-78BA-8451-61550BAF7E6F} - C:\WINDOWS\System32\rncbv.dll O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll O2 - BHO: (no name) - {B6598677-4B54-42A9-BA67-8B64E3FCD92D} - C:\WINDOWS\System32\psic2.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe O4 - HKCU\..\Run: [Lcbmej] C:\WINDOWS\System32\budnnva.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: winlogin.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab Be sure you are configured to SHOW ALL FILES AND FOLDERS, including System and Hidden Files. If you don't know how to do that, follow this link http://www.xtra.co.nz/help/0,,4155-1916458,00.html and follow the step-by-step directions for your Windows version. Reboot in Safe Mode (by tapping F8 during start-up). Find and delete: C:\Program Files\MyWebSearch\<-- entire folder C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\Save\<<-- entire folder C:\Documents and Settings\Owner\Application Data\ttuh.exe C:\WINDOWS\System32\budnnva.exe c:\documents and settings\all users\start menu\programs\startup\winlogin.exe Reboot in to Normal Mode, download the newest version of HijackThis here: http://subratam.org/go/?r=ht Run HijackThis, scan and post a fresh log here.
  7. Hi LaserBeak First of all, Disable System restore ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm ) Next, go Start -> Control Panel -> Add/remove programs and look for SpyBlocs on the list - if you find it, uninstall it. I recommend that you make a folder for HijackThis (ie C:\HJT) and move HijackThis.exe to this, to avoid having back-up files clutter your C:\. Now, I'll have to ask you not to open Internet Explorer (IE) during the following fix - print these instructions or copy the instructions to Notepad, so that you have them available without having to open IE. 1. Please download this tool called About:Buster here: http://www.malwarebytes.biz/AboutBuster.zip Unzip it to your desktop but don't run it yet. 2. Press CTRL+ALT+DEL, find and rightclick these processes: netvw.exe ipzp.exe ... and "End proces". 3. Run HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking "Fix checked": O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O2 - BHO: (no name) - {2D51754D-958D-1F18-2FA3-903674B08B1F} - C:\WINDOWS\system32\d3sl32.dll O4 - HKLM\..\Run: [spyBlocs] C:\PROGRA~1\SpyBlocs\SpyBlocs.exe O4 - HKLM\..\Run: [ipzp.exe] C:\WINDOWS\ipzp.exe O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe O4 - HKLM\..\RunOnce: [netvw.exe] C:\WINDOWS\system32\netvw.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\glqwhbrt.exe 4. Be sure you are configured to SHOW ALL FILES AND FOLDERS, including System and Hidden Files. If you don't know how to do that, follow this link http://www.xtra.co.nz/help/0,,4155-1916458,00.html and follow the step-by-step directions for your Windows version. Find and delete: C:\WINDOWS\system32\d3sl32.dll C:\PROGRA~1\SpyBlocs\<<-- entire folder C:\WINDOWS\ipzp.exe C:\WINDOWS\System32\msmc.exe C:\WINDOWS\system32\netvw.exe 5. Run AboutBuster (the program you downloaded earlier) - click OK, click Start, then click OK - let it work. 6. Reboot, run HijackThis - click Config -> Misc Tools and Check for updates. Once updated, scan and post a fresh log here (you can open IE now).
  8. Your log is clean. Check the link in my sig (How did I ....) for some excellent advice on how to stay clean. Happy surfing B)
  9. If in doubt on how to get into Safe Mode - check this link: http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
  10. Hi marcis Disable System restore ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm ) Run HijackThis, scan and when complete, remove the following entries by checking the box to the left - close all other program windows - and click "Fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.spidersearch.com/frame_results.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.spidersearch.com/frame_results.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.spidersearch.com/frame_results.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.spidersearch.com/frame_results.php http://www.spidersearch.com/frame_results.php O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\System32\winalot32.dll O3 - Toolbar: SpiderSearch.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\System32\winalot32.dll O4 - HKLM\..\Run: [internet Explorer Website Manager] C:\WINDOWS\SYSTEM32\iexplore32w.exe O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [instant Access] rundll32.exe EGCOMLIB_1034.dll,InstantAccess O4 - HKCU\..\Run: [internet Explorer Website Manager] C:\WINDOWS\SYSTEM32\iexplore32w.exe O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.exe O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://www.traffichog.com/toolbar2/winalot32.cab O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab Be sure you are configured to SHOW ALL FILES AND FOLDERS, including System and Hidden Files. If you don't know how to do that, follow this link http://www.xtra.co.nz/help/0,,4155-1916458,00.html and follow the step-by-step directions for your Windows version. Reboot in Safe Mode (by tapping F8 during start-up). Find and delete: C:\WINDOWS\SYSTEM32\iexplore32w.exe C:\Program Files\Save\ <<-- the folder Instant Access (search for a folder with this name and delete) Reboot in to Normal Mode, run HijackThis and post a fresh log here.