|
Internet / Browsers Use this board for problem solving and the discussion of Internet and Browser issues |
|
Topic Tools |
#1
|
|||
|
|||
Must get tired of this but anyways.........
Heres my Hijack log, internets doing stupid stuff. i run adaware and shredder but it keeps coming back
Logfile of HijackThis v1.97.7 Scan saved at 4:42:55 PM, on 13/04/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\JONBAR~1\LOCALS~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ggnh.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ggnh.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ggnh.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ggnh.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ggnh.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ggnh.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {81E106F5-FBD9-4363-93C3-9518D531C746} - C:\WINDOWS\System32\ggnh.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E2FF6EEA-FE6B-4674-B128-356C7FB537D4}: NameServer = 206.47.244.112 206.47.244.12 |
#2
|
|||
|
|||
Hi Jony
These can certainly be fixed in Hijack This: Quote:
Quote:
|
#3
|
|||
|
|||
well....
My home page is always cool search or watever, even when i am not connected to the internet and all Tempory Internet Files were are deleted, i click on explorer and cool search is there, so from what i can tell its on my computer and it always comes back. And after i delete all the internet files 2 sites are always left behind, like a porn site and wallpaper site or something. Guees my brother wont be using my computer anymore.... anyway thanks for the help n' all, its greatly regonized.
|
#4
|
|||
|
|||
Hi jony_05
It is a Cool Web Search hijack. And the file queried by Steven.Bentley is part of it. Can you download the latest CWShredder from: http://209.133.47.200/~merijn/files/CWShredder.exe Open CWShredder and click on the Scan and copy / paste the results back to this thread ,please. Then click on the Fix button to find and fix any problems. How to stop CWS infection...read the information when you click "Next" at the end of running CWShredder.......Or you will be reinfected Reboot Computer Post back a new HijackThis log as soon as it reappears, please. It may be a hard one to remove. Cheers |
#5
|
|||
|
|||
Thanks Mike
|
#6
|
|||
|
|||
here the shredder thingy
Hosts file not present
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe, Registry value: DefaultPrefix (should be http://) [] http:// Registry value: WWW Prefix (should be http://) [www] http:// Registry value: Mosaic Prefix (should be http://) [mosaic] http:// Registry value: Home Prefix (should be http://) [home] http:// Found Win.ini file: C:\WINDOWS\win.ini (786 bytes, A) Found System.ini file: C:\WINDOWS\system.ini (250 bytes, A) - END OF REPORT - |
#7
|
|||
|
|||
and here the hijack this
Logfile of HijackThis v1.97.7
Scan saved at 5:02:10 PM, on 15/04/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\JONBAR~1\LOCALS~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab things are workin better but those 2 websites still come up, but the coolsearch is done for. Thanks for the help, and if you have any idea how to get those web sites permenetly deleted that'd be excellent. thanks agin |
#8
|
|||
|
|||
Hi jony_05,
Close all browser windows and have HujackThis FIX the below: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank Reboot computer. re:"but those 2 websites still come up," If you mean files in Favorites folder wont delete,.......try Right-clicking the Fav`s folder and remove "Read-only",...then try a delete OR navigate to Fav`s folder via command prompt and delete fitles . Cheers |
#9
|
|||
|
|||
Thank-yee
Thanks for all the help everybody, it helped me alot.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Getting tired of it | baniju8v | Gaming | 3 | May 30th, 2020 05:53 AM |
tired of being stupid please help | nursey196 | Windows 98 | 5 | June 25th, 2006 11:51 PM |
tired of scheduling | r0ck3r | Linux | 4 | June 22nd, 2006 03:54 PM |
Please help...I'm tired of looking! | mizred@cox.net | Applications | 1 | September 27th, 2004 09:39 PM |
All times are GMT +1. The time now is 11:17 AM.