Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Logs and Analysis


  • Please log in to reply
1 reply to this topic

#1 valesspot

valesspot

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 20 April 2005 - 04:32 PM

PLEASE HELP I CAN NOT CHANGE MY HOME PAGE FROM A-SEARCH.BIZ. I HAVE TRYED ANTI-SPY AND SO MANY OTHER AD WARE REMOVERS AND NOTHING HAPPENS TO WORK . PLEASE POST BACK / THANK YOU IN ADVANCE.

MY LOG

Logfile of HijackThis v1.99.1
Scan saved at 3:18:30 PM, on 4/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\d3dim.exe
C:\HijackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p....0&plcid=0x0409
F2 - REG:system.ini: UserInit=Userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.platinumtel.com/agent/"); (C:\Documents and Settings\phone\Application Data\Mozilla\Profiles\default\4amj24zt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\phone\Application Data\Mozilla\Profiles\default\4amj24zt.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [,+44}5RC:\Program Files\ISTsvc\istsvc.exe] w̫Xw)<zV]Be9K]/wX8yK##:ap Dt.+~'9B&j33(fƉۓ!>r
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Yahoo!\YPSR\ppclean.exe" "clean" "cws" "2"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [d3dim] C:\WINDOWS\System32\d3dim.exe
O4 - Global Startup: winlogin.exe
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {518419D1-F74F-48E5-9D98-599EC0DAFBEA} (MpiPlugin Class) - https://kspay.ksnet.to/ksmpi/KSNetMPI.cab
O20 - AppInit_DLLs: 2g58czzg5j577bll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:21 AM

Posted 20 April 2005 - 04:49 PM

Have you run ad-aware against this?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users