let me be more specific:
start > run >cmd
netstat -o
find what pid is running on port 7212
do a :
tasklist /svc
and match up pid 7212 with a exeecutable
Printable View
let me be more specific:
start > run >cmd
netstat -o
find what pid is running on port 7212
do a :
tasklist /svc
and match up pid 7212 with a exeecutable
Soooo what exactly is netstat?
Oh, and let me say thanks cause you've been really helpful
netstat is a command that comes with windows that shows processes listening for connections on your machine. You have it already. Follow the steps above.
ok, did that.....7212 does not even show up on there
are you sure? try a netstat -a -o
it should be on the left side of the screen and say
YOURCOMPUTERNAME:8080
or YOURCOMPUTERNAME:7212
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: (no name) - {C18A70F9-6155-4670-BB6F-3BBAB02EF91D} - C:\WINDOWS\System32\gfb.dll
Check and fix the above using Hijackthis. Then in safe mode delete the file: C:\WINDOWS\System32\IETie.dll
I'd get rid of wild tangent and weather bug and ghost surf if i where you also.
I had problems with the same thing basically except my homepage was always hijacked and redireced to coolwebsearch or something like that. It was called the Homesearch bug or something like that. Just find somebody that can help u a little more in depth on what to remove using hijack this, run adaware, spybot, make sure they are updated. Not gonna lie to you, it took my like six hours of going around finding somebody to help me and figuring out what to do exactly but I finally got rid of it. I'm guessing that because you wiped harddrive that you got rid of it but perhaps u went back to the same site and got it again? Use firefox, not too many people writing exploit code for that.
I believe that about:blank is a vatiety of CoolWebSearch.
You might have to format.
Here is a link to the new CWShredder that Intermute now owns>>
CWShredder
This might help.
I downloaded cwshredder and ran it. It came up saying that there were not probs. I am currently running my ad-aware again and so far there are some issues showing up. Here is a question though.....several people have told me to ditch ghostsurf. Why is that? I mean, I can see that the spy ware seems to be getting through....but I thought ghostsurf was suppose to stop it from getting through. When I bring up the log it is showing me all the stuff that it blocked.....so is it just some kind of huge scam or something? If so what CAN I do to try and keep this crap out of my system?
I just finished running ad-aware and what it mostly had on it was coolwebsearch, it also had something called tracking...., something called possible..., and mru list (?) I had no clue what any of those are.