Solve : Hijick Log file? – InterviewSolution

InterviewSolution

1.	Solve : Hijick Log file?
Answer» Hi guys. This URL "http://newsearch.org/hp/index3.html" keeps loading when I start my internet explorer, even though it is not set as my home page. I have run a number of different spyware programs, and anti-virus but it still happens. Here is my log FILE from "hijack this": Logfile of HijackThis v1.99.1 Scan saved at 20:30:43, on 09/03/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WinAbring.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\blueyonder IST\bin\mpbtn.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Paul\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.blueyonder.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {26816C40-2FF3-4F01-AAA3-8627A35B741A} - C:\WINDOWS\System32\t.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu ITEM: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe Any help would be gratefully received!! Thanks.kop442000.......Ok , here's what I would do .... First .... open hijackthis ..... and click System scan & save logfile. next ...click on config button.......when config window opens ...in the 4 URL boxes ....... type in ...... http://www.google.com ( in all 4 boxes ) next click Back ........ Next mark for removal: ALL R0 entries ALL R1 entries O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe Next click ......Fix checked ...... There I think that should do it ......now reboot and see how things are ....... The other thing you should do is go to Windows update and D/L SP2 and any other items there . That will get you up to date with the latest things ......SP2 is a important update and you should have it . LET us know dl65 Thanks very much for your reply. I have done as you said, and it has certainly helped. But still occasionally, another window opens with that old hijack url on it. It rarely happens, but it worries me that it is still there. I am just running all the spyware stuff again to see if that helps, what do you think? With regards to SP2, I did download it, but my broadband modem stopped working properly, so my provider advised me to do a system RESTORE, and it worked ok again. I think I might try it again though... I would really like SP2 on there. Thanks again for your help!info>>http://www.theeldergeek.com/slipstreamed_xpsp2_cd.htm try a download of spysweeper..........from webroot .com..... and to sweep properly.......disable from the netand disable system restore..another tip.....do you have remote assistaince.....enabled....on your pc.....disable that also...no need unless you are going to help someone!kop442000......Here's another thing to try .....go to ... http://www.microsoft.com/athome/security/spyware/software/default.mspx download and run Antispyware Beta it is very good . It may also find that ELUSIVE link that is appearing from time to time . Make sure you turn on the auto up date feature in Antisptware ..... dl65

Discussion

No Comment Found

Related InterviewSolutions