Besttechie

Close all explorer windows, run HijackThis and have it fix the following. R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank Then download and run this program. RapidBlaster Killer (Direct Download) RapidBlaster Killer will create a log file named "scanlog.txt" in the same folder as "rbkiller.exe" if RapidBlaster is detected, and will notify the user of the file path/location (plus any other actions that took place during optional clean up). Next, download KillBox (Direct Download) Put it in a convenient location and then double-click on KillBox.exe to launch t

Ok, sorry, about that. I misread the real player part of the question. So uninstall UltraPlayer. To uninstall UltraPlayer: Close UltraPlayer. Press the START button on your taskbar and select "Settings", then "Control Panel". Double-click the "Add/Remove Programs" icon. In the list of programs on the "Install/Uninstall" tab, highlight "UltraPlayer" and press the Add/Remove button. You will be asked if you really want to remove UltraPlayer. Press YES. UltraPlayer will be removed from your computer. In IE Tools Internet Options Security Tab Click Default Level Privacy tab Set to Medium Apply/O

Hi and Welcome, Here are a few things to try. In IE Tools Intertnet Options Delete Cookies Delete Files - make sure you tick the box for delete all offline content too Advanced tab Under Multimedia tick show pictures Apply/OK I assume you have the pc having problems is the one where the router is connected to? Which is the XP one? Next, uninstall Real Player if you reinstalled it. Once those Real Player is uninstalled, download this dll. (I am assuming that Zone Alarm is installed) http://www.dll-files.com/dllindex/dll-files.shtml?ssleay32 Then put it in the proper place. Which i believ

Ok, Lets try this... Download Ad-aware SE Personal 1.05 http://www.snapfiles.com/get/adaware.html After installing AAW, and before running the program, you need to first update it: Launch Ad-Aware, and click "Check for Updates" above the start button; you'll be prompted to download and install the latest Definitions File. Next, launch Ad-Aware, and press Start > Next to let it scan your drives... It will find a number of "bad" files and registry keys. Press 'Next' Right-click in that results pane and choose "select all" Press "Next" again It will ask you whether you'd like to remove al

Hi, Download Ad-aware SE Personal 1.05 http://www.snapfiles.com/get/adaware.html After installing AAW, and before running the program, you need to first update it: Launch Ad-Aware, and click "Check for Updates" above the start button; you'll be prompted to download and install the latest Definitions File. Then boot into Safe Mode: To get into the Windows 2000 / XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key. Run CWShredder from Saf

You might want to print these direcrtions out, because you will have to close IE when fixing the HijackThis entries. Now, close all explorer windows, and then run HijackThis. Click the button that says 'Scan' then have it fix the following entries. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.i--search.com/ie/ R3 - Default URLSearchHook is missing ..... O2 - BHO: Viewpoint Toolbar BHO

Hi and Welcome back, Please download CWShredder from this link. CWShredder Download Double click CWShredder.exe, click Fix, This will scan your computer for the bad files and delete them. After you run CWShredder reboot, and post a new HijackThis logfile. B

Hi and Welcome redi, I will be analyzing your HijackThis log, and should have a response soon. B

Happy B-day JSKY!! Enjoy!! B

Hi, Ok, you missed one thing, but other than that it's looking much better. Close all explorer windows again, and run HijackThis. Have it fix this. O4 - HKLM\..\Run: [cmssSystemProcess] C:\WINDOWS\System32\csmss.exe Then reboot, into Safe Mode again, and delete the following file in red. C:\WINDOWS\System32\csmss.exe Then reboot into normal mode, and post a new logfile. As for the processes, I recommend you check out the following sites. A lot of the processes can be disabled from starting at startup. Then if you need them once you lauch something that needs them the process will start.

Hi and Welcome back, Ok, you're doing good so far, just a few more things. Close all explorer windows, again, and run HijackThis. Then have HijackThis fix the following. R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) ...... Do you still have Kazaa installed? Also, remove these: O4 - HKLM\..\Run: [Microsoft Tray] C:\Program Files\Kazaa\My Shared Folder\grand theft auto vice city setup launcher.exe O4 - HKLM\..\Run: [cmssSystemProcess] C:\WINDOWS\System32\csmss.exe ...... Did you install a program called: WinPcap ? If so, ig

Hi Snaxe, Don't disable System Restore yet. After I fix the computer then disable System Restore, reboot, and then re-enable System Restore. This way if you have to restore you don't restore the infections. I'll let you know when to do that. B

Hi and Welcome, You might want to print these directions, as you will have to close IE and all other explorer windows when fixing entries with HijackThis. Now, close all explorer windows, you should only have HijackThis open now. Then have HijackThis fix the following. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://devilsfuck.com R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) ..... O2 - BHO: (no name) - {16D889C1-4000-60F7-573B-4

Ok, please run the following scans then reboot and post a new HijackThis logfile. Housecall Online Scan Click "Scan Now, It's free" Then select where you are "Go" Tick the box that says "Auto Clean" Tick My Computer. Then click Scan. Also, run this. Sygate Security Scan Run the trojan scan here. After both scans are done, reboot and post a new logfile. B

Hi Snaxe, I will be analyzing your log. I will have a response as soon as I can. B

Repair Install of Windows XP At some point in time you may come across a problem with Windows that you just can’t fix. This is mostly used instead of a clean install because it attempts to only fix your copy of Windows, without having to delete any files. It is very important to back up all important, and non-replaceable files before attempting a repair install. While the main purpose is to repair Windows without losing files; there is always a chance something could go wrong, or a repair install could not be carried out. I would also recommend disconnecting your modem from the computer,

No Problem. Glad to help. B

Hi bearskin, That security popup is just going to allow you connect to the network my chat room is hosted at. I assure you that it is ok. Just click Ok/Yes, and it will connect you, then within a few moments you will be in the chatroom. With a nickname such as, Besttechie123, something like that. Once you get in, just type exactly like this. /nick bearskin Then hit Enter It will change your nickname to bearskin. If you need any more help with that we will be glad to help you in chat. Plenty of knowledgeable and nice people there. Hope to see you there in the near future. B

Read here please. I Hope This Clears This All Up B

Hi Everyone, I am very sorry about all this. It seems to be one big confusion and misunderstanding. So I am going to try to clear everything up. First off, I am going to explain each bot. (They are not my bots, nor anyones on these forums) They are sent from Google.com and Archive.org. Now, the Googlebot is a bot that index's the whole forum and puts it on Google. This allows the site to grow and be helpful to people who search for things that have been fixed here at BestTechie. The Archive.org bot is just archiving the forum and site so, it can be put in the internet archive. If yo

Hi mikex, Maybe if I explian the color code it will help. Red = Admins/SuperMods Blue = Windows Experts Orange = Linux Experts Purple = Mac Experts Blueish/Purple = HijackThis Team Light Green = IRC Helpers Sky Blue = Editor Green = Members Hope that helps. B

AboutBuster 6.06 Tutorial Download AboutBuster 6.06: http://www.besttechie.net/tools/AboutBuster.zip http://www.malwarebytes.org/AboutBuster.zip Once downloaded, unzip it, and put the folder on your desktop. Then double-click on the AboutBuster icon to start the program. Click Begin Removal. Click Yes. This will shutdown all open Internet Explorer windows. When the scan is done, click Ok. After you click Ok, you should follow the protection tab and install FireFox and SpywareBlaster. To learn how to install them, click Protection. Click Install FireFox to install the free alternative

No Problem. Glad you got everything fixed. Also, be sure you check this out. How did I get infected in the first place? B

Hi, Ok, as for workflow.exe it is legit, it's not spyware. More info here... http://www.liutilities.com/products/wintas...brary/workflow/ Next, open HijackThis and have it fix the following... O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe Then reboot into Safe Mode once more, and delete the following files and/or folder in red. How to boot into Safe Mode C:\Program Files\Admanager Controller\AdManCtl.exe Then reboot into normal mode and post a new logfile. Now, as for your firewall not working, I believe that has to do with this line. O23 - Servic

Lets try this... 1) Click on Start, Settings, Control Panel 2) Choose Add/Remove Programs 3) Select the Bullseye Network and click Add/Remove. During the uninstall you are required to fill out a survey asking why you uninstalled the product also be careful in answering the Yes/No questions during the uninstall since they are worded in such a way as to make you keep the product. Then go to this path and delete the rest if still there. Delete the red part (if still there if not don't worry about it). C:\Program Files\BullsEye Network\bin\bargains.exe Next, open HijackThis and close all windows