Home > Hijack This > Hijack This Log.coolwebsearcher?

Hijack This Log.coolwebsearcher?

Virus cleanup? it has a what looks like a very angry blue crab icon and says it is a realtek audio event monitor that was created sep 7, 04. And when updated, use them all from Safe Mode. You'll be prompted to reboot, do so. this contact form

thought i had everything locked up pretty tight, but it is probably time to have another 'come to jesus' talk with the wife and varmints about safe surfing. _________________ 0 Kudos here is my new hijack this log Logfile of HijackThis v1.99.0 Scan saved at 5:31:55 PM, on 1/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running When you're back in windows, please run the latest version of cwshredder. Back to top #7 Daemon Daemon Retired Staff-Malware Expert Authentic Member 3,521 posts Posted 22 May 2004 - 04:21 AM Glad we could help As this problem has been resolved the http://www.bleepingcomputer.com/forums/t/288202/hijackthis-log-coolwebsearch/

I think that ALCXWDM is ALCXWDM.sys which is a sound card driver. Much much thanks for taking the time to look at this, as I'm at my wits end. cant thank you enough for all the help. I have run all these programs to diagnose and fix it, but nothing changed - Adaware, spybot, cws shredder, microsoft antispyware beta, spyware sweeper, spyware blaster, and many many others.

One additional suspect file is indicated by the FindIt log. Username Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy How Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html It will be much easier than telling you to get rid of certain things that the other programs will do on their own.

Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' Already have an account? Try What the Tech -- It's free! What the Tech → Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal Javascript Disabled Detected You currently have javascript disabled.

Treat with extreme care.O22 - SharedTaskSchedulerWhat it looks like: O22 - SharedTaskScheduler: (no name) - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - c:\windows\system32\mtwirl32.dll What to do:This is an undocumented autorun for Windows NT/2000/XP only, which is Result: PROBLEM SOLVED. Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! W2K should have SP4 installed.

I don't know the details but apparently it wont. look at this site Hijackthis Log For Searchx.cc Coolwebsearch Hijack Started by delradie , May 11 2004 12:00 PM This topic is locked 6 replies to this topic #1 delradie delradie New Member New Member What should I do? · actions · 2005-Mar-29 11:35 am · John2gQui Tacet ConsentitPremium Memberjoin:2001-08-10England John2g to VivaLaSwain Premium Member 2005-Mar-29 11:45 am to VivaLaSwainYes, you have a CoolWebSearch infection. Search your entire system and see if it > can come up with that .DLL > ("vv3izbnft7npt61.dll.dll").

Don't kill 'em (YET), but send us a list if you can. weblink C:\WINDOWS\system32\sfarkxt.dll Check the date on this file and determine what company created it (Right-click on it, bring up its "Properties" > "Version"). 5. Just search for the letters "vv3". Join 91131 other members!

O15 - Unwanted sites in Trusted ZoneWhat it looks like: O15 - Trusted Zone: http://free.aol.comO15 - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.msn.comWhat to do:Most of the time only AOL and Windows has a valid program named "winlogon.exe". Do not remove anything unless you are sure you know what you're doing. http://pcialliance.org/hijack-this/hijack-this-log-can-someone-have-a-look-please.html Article Which Apps Will Help Keep Your Personal Computer Safe?

Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! You can always have HijackThis fix these, unless you knowingly put those lines in your Hosts file.The last item sometimes occurs on Windows 2000/XP with a Coolwebsearch infection. I don't know the details but apparently it wont. · actions · 2005-Mar-30 3:56 am · John2gQui Tacet ConsentitPremium Memberjoin:2001-08-10England

John2g Premium Member 2005-Mar-30 4:35 am said by VivaLaSwain:I was told

Please send me a private message.

Back to top #3 delradie delradie New Member New Member 3 posts Posted 21 May 2004 - 04:43 AM Here's the log as requested. I also saw that forum post. regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Yes, my password is: Forgot your password?

Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If It will run for a minute or two, then produce a log (ignore any "File Not Found" messages on the screen, it should continue anyway). 4. here is the latest findit log Warning! his comment is here b.

Topics that are not replied within 5 days will be close. Find.bat is running from: C:\Documents and Settings\Owner\My Documents\security\findit\Find It NT-2K-XP ------- System Files in System32 Directory ------- Volume in drive C is PRESARIO Volume Serial Number is C052-63FF Directory of C:\WINDOWS\System32 Which was last October or something. Everyone else with similar problems, please start a new topic.

It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. Several trojan hijackers use a homemade service in adittion to other startups to reinstall themselves. Which was last October or something. It's 100% free.

The time now is 06:08 PM. Here is my new log. Always fix this item, or have CWShredder repair it automatically.O2 - Browser Helper ObjectsWhat it looks like:O2 - BHO: Yahoo! It is not rocket science, but you should definitely not do it without some expert guidance unless you really know what you are doing.Once you install HijackThis and run it to

Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads Be sure you do not remove > that.) > > c. The command prompt will open. Make sure your able to "view system and hidden files/ folders:" files...

Be sure to use "Add Reply" to append it here.