|
|
#1
June 2nd, 2003, 11:19 AM
|
|||
|
|||
hijack and slotch.com for Pieter
Pieter: Thank you.
here is the log.Logfile of HijackThis v1.94.0 Scan saved at 10:00:20 AM, on 6/2/03 Platform: Windows 98 Gold (Win9x 4.10.199  MSIE: Internet Explorer v6.00 (6.00.2600.0000) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.martfinder.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=129176 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=129176 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=+s R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=129176 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=+s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=+s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=+s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=+s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.hotfreebies.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.hotfreebies.com/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by @Home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=+s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\SYSTEM\AHIEHELP.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\startpage guard\spguard.exe /s /r O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Ad-aware] C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE +c O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - Startup: Status Monitor XE.lnk = C:\Program Files\XEROX_XE\engss.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: @Home (HKCU) O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw1fd.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab O16 - DPF: Win32 Classes (HeartbeatCtl Class) - file://c:\windows\Java\classes\win32ie4.cab O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37614.5992592593 O16 - DPF: {99E79790-2B09-11D6-8C73-0800460222F0} (DialerCon Class) - http://www.accessplugin.com/plug/install.cab |
|
#2
June 2nd, 2003, 11:49 AM
|
||||
|
||||
|
Re:hijack and slotch.com for Pieter
Hi scollins4,
Check the following items in HijackThis. Close all IE, OE and explorer Windows, and click Fix checked. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.martfinder.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=129176 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=129176 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=+s R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=129176 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=+s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=+s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=+s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=+s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.hotfreebies.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.hotfreebies.com/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=+s O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Reboot after doing so, preferably into safe mode and delete this folder: c:\program files\rb32 and this file: C:\Program Files\ISTsvc That should do it. Regards, Pieter
__________________
Regards, Pieter It´s nice to be important, but it´s more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
