PPRuNe Forums - View Single Post - Help with HiJackThis Report and possible hijacks!!!
Thread: Help with HiJackThis Report and possible hijacks!!!
View Single Post
Old 23rd January 2005 | 10:44
  #4 (permalink)  
E-Liam
 
Joined: Jan 2004
Posts: 357
Likes: 0
From: Bracknell UK
Hi Sky Captain,

The dreaded CoolWebSeach no less. Lets go the automatic route first..

Please and download, unzip and then open CoolWebShredder. Then click on the Updates button and follow the prompts. Next, run the program by clicking on the Fix-> button.

Once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

Then, once you’ve done that, please post a new log, and we'll see what's left, including the first part of the log with your OS etc.

Cheers

Liam

==============================================

Sorry, it seems to have merged the posts.. EVO, could you sort please.. :)

The merging is a 'feature' when you post twice in a row on a thread. Short of cutting and pasting your second post into one of my own I can't do much about it. Binos will figure it out :-) Evo.

Hi Binos,

The first comment I must make is how strange that you have double slashes everywhere.. is that as a result of switching off the smilies?? :confused: :)

I'd also recommend most highly that you get SP2 loaded as soon as possible.

Anyway, onwards.. Please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven\'t missed any. Next, close all browser windows and click the Fix checked button…

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL

O4 - HKLM..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe

O4 - HKLM..\Run: [bixuh] C:\WINDOWS\bixuh.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/C...bridge-c356.cab

Next, please double click on the My Computer icon on the desktop. Go to Tools | Folder Options, click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files. Now click Apply to all folders, then click Apply then OK.

Then boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\\Windows\\Temp folder, but not the folder itself. Next please find and delete the following bolded file...

C:\WINDOWS\bixuh.exe

..and these folders..

C:\PROGRA~1\SEARCH~1 (May also appear as a folder called SearchRelevancy)

C:\Program Files\DeskAd Service

Next, download and run CCleaner. If you have certain cookies you want to retain, then click on the Options button before running.

Once done, please post a new log for a once over.

Cheers

Liam
Last edited by Evo; 23rd January 2005 at 11:30.
E-Liam is offline