View Single Post

**Buzz1927** · 06-15-2006, 04:59 PM

Boot back into safemode (without networking).

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O4 - HKLM\..\RunServices: [Microsoft Update Machine] Linux.exe
O4 - HKLM\..\RunServices: [candy] command32.exe
O4 - HKLM\..\RunServices: [candynet] taskmsg.exe
O4 - HKLM\..\RunServices: [update] adaware.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxuk10040US
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

Close all open windows and browsers, and hit "Fix Checked".

Search for and delete these files (make sure you can see hidden files and protected operating system files).
They will most likely be in C:\Windows or C:\Windows\system32 or system.

Linux.exe
command32.exe
taskmsg.exe
adaware.exe

Then reboot and post a new Hijackthis log.

06-15-2006, 04:59 PM	#4 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,087	Boot back into safemode (without networking). Run Hijackthis and select "Do a system scan only", place a check by the following entries. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) O4 - HKLM\..\RunServices: [Microsoft Update Machine] Linux.exe O4 - HKLM\..\RunServices: [candy] command32.exe O4 - HKLM\..\RunServices: [candynet] taskmsg.exe O4 - HKLM\..\RunServices: [update] adaware.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxuk10040US O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - Close all open windows and browsers, and hit "Fix Checked". Search for and delete these files (make sure you can see hidden files and protected operating system files). They will most likely be in C:\Windows or C:\Windows\system32 or system. Linux.exe command32.exe taskmsg.exe adaware.exe Then reboot and post a new Hijackthis log. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!