Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
Add/Remove Programs
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
Need2Find Bar
HijackThis!
Open Hijack This and click on Scan. Check the following entries
(make sure you do not miss any)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O4 - HKLM\..\Run: [ibv347e4] RUNDLL32.EXE w066b4a9.dll,n 002347e20000000a066b4a9
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/5fc8...b4d2dd3_35.exe
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\IYX32d56.dll (file missing)
O20 - Winlogon Notify: RunServicesOnce - C:\WINDOWS\system32\fxlemgmt.dll (file missing)
Please remember to close all other windows, including browsers then click Fix checked.
File and Folder Deletions
Delete the following Files indicated in
RED and Folders indicated in
BLUE if they still exist.
c:\windows\system32\cnins.txt
c:\program files\common files\Slmss
c:\program files\Network Monitor
C:\Documents and Settings\Dr Damdam\Favorites\Fun & Games
Reboot to normal mode
Post a new Hijackthis log here. How is the PC running now?