Hijack fixed

Discussion in 'adware, spyware & hijack cleaning' started by Maxwell, Mar 28, 2004.

Thread Status:
Not open for further replies.
  1. Maxwell

    Maxwell Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    8
    My home page was hijacked recently but I fixed it. I ran HJT just to make sure and it all seems okay. I fixed it by changing my home page back again in Internet Options, clearing out the references to the hijack in sysconfg, and then running spybot S&D.

    Here is my HJT log for reference.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:55:38 PM, on 3/28/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\HPZENG04.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: HPAiODevice(hp psc 900 series) - 1.lnk.disabled
    O4 - Startup: Hewlett-Packard Recorder.lnk.disabled
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38069.5654282407
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
     
    Maxwell, Mar 28, 2004
    #1
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Well done Maxwell :)

    That's a clean log indeed

    Cheers,
     
    Unzy, Mar 28, 2004
    #2
  3. Maxwell

    Maxwell Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    8
    Thanks and it's always nice to have that affirmed by a pro. :) I was a bit worried about the "03- toolbar &radio" entry so I got rid of it without any problems.
     
    Maxwell, Mar 29, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...