"http://rl.webtracer.cc" start page, unable to remove

Your OS and IE versions are way out of date. After we fix your current problems, you MUST get updated.

Please unzip and run the RegSrchTool
Please make sure that your Anti-Virus app does not have Script Blocking enabled. If so, disable it to allow the tool to run.

Please enter the following into the Search Box: stsheets

Please save the results of this search and attach them.


Then, please unzip and run the Locate.zip Tool
DoubleClick on the locate.bat to run it and attach that log.

Post the two logs as attachments!

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixsts.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixsts.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now un HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
O19 - User stylesheet: C:\WINDOWS\stsheets.dat

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\stsheets.dat
C:\WINDOWS\SYSTEM32\DRIVERS\VDMINDVG.SYS


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

That looks good. The only thing you should do is fix the two below lines:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

They are remants of running HSremove (which you did not need to run). Set your home page to what your prefer.

Now complete ALL the steps in the below link. The step in that link is Windows update:

How to Protect yourself from malware!

If you do not want to go to Win XP SP2 right now, you should select Custom Install at Windows Update and do all the other Updates except SP2. If you do go to SP2, make sure you disable its built-in firewall after installing on of the ones recommended in the How to Protect link. The Windows XP SP2 firewall is enabled by default and it does not provide the level of protection that the third party ones offer.

 

You're welcome! I would love to visit Australia! But this is about as close as I will get! So tell me how's the weather?