Member Panel

mlee3

:-D Hi everyone i am new kid on the block

I am not able to delete off some adult undesirable webside under my internet favorite listing

This webside captured in my internet favorite even without me knowing.

Is there any free software to prevent this authorised access and i have try ways to clear it but failed .

After deleting , it appear again in the favorite after shutting down my computer

Appreciate anyone help on how to permantly delete off this web favorite .

:banghead:mlee3

joe5

Hi there Mlee3.

Can you post a hijackthis log here:

http://www.pchelpforum.com/component...80/board,69.0/

Let's have a look if there is any mal-ware on youre pc.

http://www.merijn.org/files/hijackthis.zip

mlee3

:-DHi Joe

Thank for the zip link ,sorry after unzipping the files what should i do

kindly advise as i am not so techically person

for the highjack log how to activiate it

Thank a million

joe5

Just dubbelclick on hijackthis.exe , select the top option "do a system scan and safe a log file" then youre comp will be scanned and a log will popup. Then copy the content of that log to a post here.

mlee3 · 03:42 AM

Hi Joe

Here is the log

tks
mlee

joe5

OUCH!... that doesn't look good at all...

This could take more then one try , but let's start with downloading 2 files you need later:

Shell.dll
and
Hoster.zip

safe them to youre desktop , you need them later.

Now boot in safe mode (hit f8 when booting up) and delete all youre temp files and the contents of prefetch folder and the unwanted shortcuts , after that run hijackthis again and fix these:

C:\WINNT\system32\sdkao.exe
C:\WINNT\system32\waegin.exe
C:\WINNT\system32\cruk.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C69D9B9F-AC71-5BB2-FF6C-147AB098C91D} - C:\WINNT\d3jd.dll
O4 - HKLM\..\Run: [iexh32.exe] C:\WINNT\system32\iexh32.exe
O4 - HKLM\..\Run: [Windows TM] WindowsSys32.exe
O4 - HKLM\..\Run: [REMOVE ME] waegin.exe
O4 - HKLM\..\Run: [cruk.exe] C:\WINNT\system32\cruk.exe
O4 - HKLM\..\RunServices: [Windows TM] WindowsSys32.exe
O4 - HKLM\..\RunServices: [REMOVE ME] waegin.exe
O4 - HKLM\..\RunOnce: [REMOVE ME] waegin.exe
O4 - HKCU\..\Run: [Windows TM] WindowsSys32.exe
O4 - HKCU\..\Run: [REMOVE ME] waegin.exe
O4 - HKCU\..\RunOnce: [Windows TM] WindowsSys32.exe
O4 - HKCU\..\RunOnce: [REMOVE ME] waegin.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...aversInitialSe tup1.0.0.8.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F??#????`I) - Unknown owner - C:\WINNT\system32\sdkao.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINNT\system32\hwclock.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\puysk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\puysk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\puysk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\puysk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\puysk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\puysk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\puysk.dll/sp.html#37049

There MIGHT be a built in uninstaller for some people called mywebsearch in your add/remove programs. look for that before fixing these:

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxmk14241SG

If you don't regognize this site then fix it too:

O16 - DPF: {8C4A2492-3FED-41F2-BBAB-34E802844F8D} (IESettings Class) - http://schdnaweb.schooldna.com/schoo...naClientIE.CAB

Now open and copy shell.dll to the following locations (%windir% being the windows or winnt directory):

%windir%\system32
%windir%\system

Now open and start the hoster.zip and press the Restore Original Hosts button and then press the OK button. Now exit the program as your HOSTS file is now restored.

Also when in an I.E. window ,go to: tools/internetoptions/securety/trusted sites/sites and remove everything you don't know/putt there.
now re-boot to normal mode , and see if the probs are gone.

And do you work for asiapacific.cpqcorp.net ?

When youre done can you post a new log?

Member Panel

Sponsors and Ads

Noticeboard