coltm4carbine

Tip.It filters [Caution: Executable File] incase it is put in a link and someone downloads something unpleasant onto their machines. I would suggest you uninstall and reinstall Norton from add/remove program to try and sort this problem out .

It's the remains of some malware.....It should be in one of your start-up registration entries. Look at Msconfig and see if you can find it and disable it. Should be just an orphaned entry. Woops I've overlooked your thread... I'll post back into that other thread in a few hours....

Most are cookies - they are harmless. The reason I asked if you've set that as your homepage was becuase that site is related to some crap infested sites. So if you didn't set it you could remove it with HJT. Can I have a new HJT log before you fix anything...?

I've checked all the links - they're all legit to me :S... None of them has been changed. Have you been to any dodgy sites (I'm mainly talking about ones which installs crap on your PC without you noticing.) Mainly talking about hxxp://verycd.265.com/. It's related to a few crap infested sites (looking at YOK here). Another question.... Did you set your homepage to hxxp://verycd.265.com? the link to counterspy is from download.com and the program is made by sunbelt software - one of the best companies in the antimalware business ATM... It's a 15 day trial though. Do you have the log from whichever scanner that detected your malware? That would help... Also which scanner did you use.

Yeh, scan in safemode then save the log and post it here if you can. Does Norton tell you the location of the infected file or something? If it does can you tell me it's location?

Try counterspy link. and do a scan with it. That R3 is just a leftover. Counterspy should in theory remove any files I can't see... Even AVG didn't find quicksearch... Is your copy of Norton up to date (is the definitions up-to-date)?

Tip.it censored my link. I am not talking about AVG antivirus I'm talking about AVG antispyware. http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.0.50[Caution: Executable File] Click on the link and at the address bar replace %5BCaution:%20ExecutableFile%5D with [Caution: Executable File] Uninstall AVG antivirus. Do you have a Windows XP disk? If you have IMO it would be better backing up your data and reformatting (it should be quicker than me trying to clean up your computer IMO). Tell me if you want to try and fix it or to reformat it. If you choose to try and fix it then continue with my previous instructions with AVG antispyware.

Is there anything from the Add/Remove programs that you do not remember installing? I can't see anything related to quicksearch from your logs.... Do this for now.. see if AVGAS finds quicksearch... Download AVG Anti-Spyware from HERE and save that file to your desktop. [*:120tot30]Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. [*:120tot30]Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. [*:120tot30]On the main screen select the icon "Update" then select the "Update now" link. [*:120tot30]Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*:120tot30]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. [*:120tot30]Once in the Settings screen click on "Recommended actions" and then select "Quarantine". [*:120tot30]Under "Reports" [*:120tot30]Select "Automatically generate report after every scan" [*:120tot30]Un-Select "Only if threats were found" Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. [*:120tot30]Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: [*:120tot30]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. [*:120tot30]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". [*:120tot30]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: [*:120tot30]If you have any infections you will prompted, then select "Apply all actions" [*:120tot30]Next select the "Reports" icon at the top. [*:120tot30]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). [*:120tot30]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Spysweeper is an antispyware... My list... 1) Kaspersky 2) Eset / Nod32 3) McAfee Eset is fast and uses less resources on my computer but Kaspersky did detect things that Nod missed so that's why KAV is at the top.

Hello again, You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. ==== Step 1 ==== Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. Re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file) O2 - BHO: IExpress - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINDOWS\system32\iexpress.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. ==== Step 2 ==== Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Show hidden files and folders * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Under the Hidden files and folders heading SELECT Show hidden files and folders. * UNCHECK the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present): C:\WINDOWS\system32\iexpress.dll Re-hide hidden files and folders * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Under the Hidden files and folders heading UNSELECT Show hidden files and folders. * CHECK the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. After that, Reboot and post a new HJT log. ====================== There are things which I am not 100% sure about - that's why I want to see the uninstall list before I fix any more stuff.

Hi, Can you do a scan with Hijackthis 1.99.1 please. Then someone (or I) will tell you what you need to fix. Notice the HJT 2 is still in BETA and BETA software usually has bugs which could break your computer.

Woops been to Madrid for a week... It looks like you've got vundo in there but can you give us a new log from HijackThis 1.99.1 - the old version. (notice the version you have now is BETA) Thanks.

Reboot your computer in Safe Mode by doing the following : [*:3892fov7] When the machine starts again, just before the Windows icon appears, tap the F8 key; [*:3892fov7] Instead of Windows loading as normal, a menu with options should appear; [*:3892fov7] Select the first option to run Windows in Safe Mode with your keyboard arrows, then press "Enter". [*:3892fov7] Choose your usual account.Once in Safe Mode run your antivirus / antispyware programs and see if they find anything. Then reboot into normal mode...

If you can do a scan with etrust in safemode (f8 while booting up). If it doesn't solve the problem then do the following (I am not responsible if you break your computer, I did recommend safemode first). =========== Show hidden files: [*:3p6h7jar] Click Start. [*:3p6h7jar] Open My Computer. [*:3p6h7jar] Select the Tools menu and click Folder Options. [*:3p6h7jar] Select the View Tab. [*:3p6h7jar] Under the Hidden files and folders heading select Show hidden files and folders. [*:3p6h7jar] Uncheck the Hide protected operating system files (recommended) option. [*:3p6h7jar] Click Yes to confirm. [*:3p6h7jar] Click OK. Browse to C:\Windows\System32 Find the following files and press delete unsvchosts[Caution: ExecutableFile] svchosts[Caution: ExecutableFile] <<< Notice it's plural. Do NOT delete svchost[Caution: ExecutableFile] which is legit. Rehide hidden files. [*:3p6h7jar] Click Start. [*:3p6h7jar] Open My Computer. [*:3p6h7jar] Select the Tools menu and click Folder Options. [*:3p6h7jar] Select the View Tab. [*:3p6h7jar] Under the Hidden files and folders heading unselect Show hidden files and folders. [*:3p6h7jar] Check the Hide protected operating system files (recommended) option. [*:3p6h7jar] Click Yes to confirm. [*:3p6h7jar] Click OK.

Name of virus? Location of it? Tried scanning in safemode? Name of antivirus you scanned with? Windows OS? We need information. Without it your not going to get any help.