Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Needed - Hijack Log enclosed


  • This topic is locked This topic is locked
3 replies to this topic

#1 Musical_Companion

Musical_Companion

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 29 July 2004 - 02:17 PM

Hi,

Hi can't seem to get rid of this sucker. Everytime I log on to Internet, go.targetsearch.info is my startpage and it ads Absoluagency, Adoultsearch, and Reasearch to my favourites. I clean my computer unsing Hijack This and Adaware 6, and yet it shows up again when I restart my computer. If any kind soul would be able to help me out I'd be very grateful!!

Logfile of HijackThis v1.97.7
Scan saved at 21:14:19, on 2004-07-29
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\ICQLite\ICQLite.exe
C:\WINNT\System32\internat.exe
C:\Program\a2 free\a2start.exe
C:\Program\a2 free\a2scan.exe
C:\Documents and Settings\Fredrik Rydell\Skrivbord\HijackThis.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINNT\sllights.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://go.targetsearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://targetsearch.info/left.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://targetsearch.info/left.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.targetsearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://targetsearch.info/left.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://go.targetsearch.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.targetsearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://targetsearch.info/left.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://targetsearch.info/left.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://targetsearch.info/left.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://targetsearch.info/left.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [li-speed00314] c:\program files\Webdialer\li-speed00314.exe -m
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart16.exe
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1276113f3b2f05...ip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab


Peace,
/Fredrik

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:40 PM

Posted 29 July 2004 - 06:44 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows


Please make sure all windows and folders are closed down and run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://go.targetsearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://targetsearch.info/left.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://targetsearch.info/left.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.targetsearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://targetsearch.info/left.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://go.targetsearch.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.targetsearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://targetsearch.info/left.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://targetsearch.info/left.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://targetsearch.info/left.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://targetsearch.info/left.php
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run: [li-speed00314] c:\program files\Webdialer\li-speed00314.exe -m
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1276113f3b2f05...ip/RdxIE601.cab


Reboot your computer into Safe Mode and delete the following files:

Then delete these files or directories (Do not be concerned if they do not exist)
C:\WINNT\system32\rundll32.vbe
c:\program files\Webdialer\


Reboot your computer to go back to normal mode and post a new log.

#3 Musical_Companion

Musical_Companion
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 30 July 2004 - 03:19 AM

Thanks for the help brother!!!

Take Care,
/Fredrik

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:40 PM

Posted 30 July 2004 - 09:11 AM

Pleas epost a last log so I can can give it the final ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users