• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
urmelii65

HELP - How do I get rid of Blazefind

5 posts in this topic

Hi guys,

 

My kids have been getting on game sites on the INternet and, of course, I am holding them responsible for this search toolbar that suddenly appeared on my screen.

 

There is a white bar labeled "search the web" in addition to another toobar item with a green arrow labeled "search". My google search page seems to be unaffected. When I clicked on the mystery search bar to see where it would take me, I arrived (didn't actually get there because I abortet the action) at blazefind.com.

 

I ran both Adaware and Spybot to no avail. Every once in a while I get a message that "somebody was trying to remove 180search assistant" and a question whether I want to remove it or not. I don't know if it's the same thing, but I always tell it to remove it. However, every time I boot the computer back up, there it is again.

 

I have several users on my computer and all of them seem to be affected.

 

Here is my hijack this log:

 

Logfile of HijackThis v1.97.7

Scan saved at 5:53:59 PM, on 7/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\WindUpdates\WinUpdt.exe

C:\WINDOWS\System32\sitktbnu.exe

C:\Program Files\WindUpdates\WinKA.exe

C:\Program Files\Web_Rebates\WebRebates0.exe

C:\Program Files\WindowsSA\omniscient.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Web_Rebates\WebRebates1.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Elsie Smith\Desktop\hijackthis1977\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.insightbb.com/

R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O1 - Hosts: 127.0.0.0 localhost

O1 - Hosts: 127.0.0.2 auditmypc.com

O1 - Hosts: 127.0.0.3 boards.cexx.org

O1 - Hosts: 127.0.0.4 bulletproofsoft.net

O1 - Hosts: 127.0.0.5 camtech2000.net

O1 - Hosts: 127.0.0.6 cexx.org

O1 - Hosts: 127.0.0.7 computercops.us

O1 - Hosts: 127.0.0.8 ct7support.com

O1 - Hosts: 127.0.0.9 doxdesk.com

O1 - Hosts: 127.0.0.20 kellys-korner-xp.com

O1 - Hosts: 127.0.0.21 kephyr.com

O1 - Hosts: 127.0.0.22 lavasoft.de

O1 - Hosts: 127.0.0.23 lavasoftusa.com

O1 - Hosts: 127.0.0.24 lurkhere.com

O1 - Hosts: 127.0.0.25 majorgeeks.com

O1 - Hosts: 127.0.0.26 merijn.org

O1 - Hosts: 127.0.0.27 mjc1.com

O1 - Hosts: 127.0.0.28 moosoft.com

O1 - Hosts: 127.0.0.29 mvps.org

O1 - Hosts: 127.0.0.30 net-integration.net

O1 - Hosts: 127.0.0.31 noadware.net

O1 - Hosts: 127.0.0.32 no-spybot.com

O1 - Hosts: 127.0.0.33 onlinepcfix.com

O1 - Hosts: 127.0.0.34 pchell.com

O1 - Hosts: 127.0.0.35 pestpatrol.com

O1 - Hosts: 127.0.0.36 safer-networking.org

O1 - Hosts: 127.0.0.37 secure.spykiller.com

O1 - Hosts: 127.0.0.38 secureie.com

O1 - Hosts: 127.0.0.39 security.kolla.de

O1 - Hosts: 127.0.0.40 spybot.info

O1 - Hosts: 127.0.0.41 spychecker.com

O1 - Hosts: 127.0.0.42 spychecker.com

O1 - Hosts: 127.0.0.43 spycop.com

O1 - Hosts: 127.0.0.44 spyguard.com

O1 - Hosts: 127.0.0.45 spykiller.com

O1 - Hosts: 127.0.0.46 spyware.co.uk

O1 - Hosts: 127.0.0.47 spyware-cop.com

O1 - Hosts: 127.0.0.49 spywarenuker.com

O1 - Hosts: 127.0.0.50 spywareremove.com

O1 - Hosts: 127.0.0.51 spywareremove.com

O1 - Hosts: 127.0.0.52 stopzillapro.com

O1 - Hosts: 127.0.0.53 sunbelt-software.com

O1 - Hosts: 127.0.0.54 thiefware.com

O1 - Hosts: 127.0.0.55 tomcoyote.org

O1 - Hosts: 127.0.0.56 unwantedlinks.com

O1 - Hosts: 127.0.0.57 webattack.com

O1 - Hosts: 127.0.0.58 wilders.org

O1 - Hosts: 127.0.0.59 www.auditmypc.com

O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net

O1 - Hosts: 127.0.0.61 www.cexx.org

O1 - Hosts: 127.0.0.62 www.computercops.us

O1 - Hosts: 127.0.0.63 www.ct7support.com

O1 - Hosts: 127.0.0.64 www.doxdesk.com

O1 - Hosts: 127.0.0.65 www.eblocs.com

O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com

O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com

O1 - Hosts: 127.0.0.68 www.free-web-browsers.com

O1 - Hosts: 127.0.0.69 www.grc.com

O1 - Hosts: 127.0.0.70 www.grisoft.com

O1 - Hosts: 127.0.0.71 www.hackfaq.org

O1 - Hosts: 127.0.0.72 www.hazeleger.net

O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com

O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com

O1 - Hosts: 127.0.0.75 www.kephyr.com

O1 - Hosts: 127.0.0.76 www.lavasoft.de

O1 - Hosts: 127.0.0.77 www.lavasoftusa.com

O1 - Hosts: 127.0.0.78 www.lurkhere.com

O1 - Hosts: 127.0.0.79 www.majorgeeks.com

O1 - Hosts: 127.0.0.80 www.merijn.org

O1 - Hosts: 127.0.0.81 www.mjc1.com

O1 - Hosts: 127.0.0.82 www.moosoft.com

O1 - Hosts: 127.0.0.83 www.mvps.org

O1 - Hosts: 127.0.0.84 www.net-integration.net

O1 - Hosts: 127.0.0.85 www.noadware.net

O1 - Hosts: 127.0.0.86 www.no-spybot.com

O1 - Hosts: 127.0.0.87 www.onlinepcfix.com

O1 - Hosts: 127.0.0.88 www.pchell.com

O1 - Hosts: 127.0.0.89 www.pestpatrol.com

O1 - Hosts: 127.0.0.90 www.safer-networking.org

O1 - Hosts: 127.0.0.91 www.secureie.com

O1 - Hosts: 127.0.0.92 www.security.kolla.de

O1 - Hosts: 127.0.0.93 www.spybot.info

O1 - Hosts: 127.0.0.94 www.spychecker.com

O1 - Hosts: 127.0.0.95 www.spychecker.com

O1 - Hosts: 127.0.0.96 www.spycop.com

O1 - Hosts: 127.0.0.97 www.spyguard.com

O1 - Hosts: 127.0.0.98 www.spykiller.com

O1 - Hosts: 127.0.0.99 www.spyware.co.uk

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

O4 - HKLM\..\Run: [vkctmy] C:\WINDOWS\System32\sitktbnu.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [sAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: Research (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5d3bfb922982d39

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

Thanks,

Elsie

 

PS: I read the general "How to remove spyware ir a hijacker" file, but could not read the "Hijacked" article that's linked from there. When I tried I got a "page not found" error

Share this post


Link to post
Share on other sites

Hi,

First thing to do is ...

 

Uninstall via Add Remove:

 

WindUpdates

Web_Rebates

WindowsSA (Search Assistant)

 

Next:

 

Update Ad-aware's Reference File: instructions icon11.gifhere

 

Required Step: icon11.gifReconfigure Ad-Aware for Full Scan

 

Note: do not run Ad-Aware yet, just update and reconfigure.

 

Next:

 

Reconfigure Windows Explorer to show Hidden Files: [required step]

Open the Windows Explorer | Tools | Folder Options - View [tab]:

 

Scroll down to the "Files and Folders" section.

Select: "Display the contents of system folders".

 

Scroll down to the "Hidden Files and Folders" section.

Select: "Show hidden files and folders", Ok the prompt

Uncheck: "Hide file extensions for known file types"

Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

 

Click the "Apply to all Folders" button. Close Windows Explorer.

 

Next:

 

Close all open programs and browsers, rescan with HijackThis

Place a check in each of the following then click "Fix checked".

 

R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O1 - Hosts:

<--fix all of these!

O1 - Hosts:

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

O4 - HKLM\..\Run: [vkctmy] C:\WINDOWS\System32\sitktbnu.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5d3bfb922982d39

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\Program Files\WindUpdates <--this folder

C:\Program Files\WindowsSA <--this folder

C:\Program Files\Web_Rebates <--this folder

C:\WINDOWS\System32\sitktbnu.exe <--this file

C:\Windows\System32\wsaupdater.exe <--this file

 

While still in Safe Mode, run Ad-Aware and fix everything it finds.

 

Restart normally and then ... Download icon11.gifHijackThis! 1.98

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

 

When I tried I got a "page not found" error
This is caused by the HOSTS file entries above

Share this post


Link to post
Share on other sites

Hi there,

 

Thanks for the quick reply. I did everything you told me to do (to the best of my abilities...). Here is the new Hijack this log:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:02:34 AM, on 7/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\hjt\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.insightbb.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

 

The search bar did not re-appear when I rebooted. I hope it stays gone.

 

How do I keep things like this from happening? What do I tell my kids to do - or not to do? Does each user have to run adaware etc. or can I run it for everybody?

 

I was afraid that the host file entries were the reason why I couldn't get to those sites.

 

Thanks again for the help.

 

Elsie :D

Share this post


Link to post
Share on other sites

Elsie,

Your log looks clean now ... good job!

 

Last Step:

 

1) Empty the Recycle Bin

2) "Flush System Restore" (see "How To" below)

Basically turn off System Restore, reboot, run a full (updated) McAfee scan, reboot and turn System Restore back on and create a new Restore Point.

 

Disabling System Restore (McAfee article)

 

How To: Scan for unwanted programs (McAfee article)

 

How do I keep things like this from happening?
I would suggest adding some "Defense" to your system ...

atb_help.gifHow To: Prevent this from happening again?

 

Does each user have to run adaware etc.
Yes you should run a scan on each user. If needed you can post a log here for each user (one at a time) just let me know that it's a different user.

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0