Jump to content


Photo

Can't get rid of it...


  • Please log in to reply
3 replies to this topic

#1 poiuy_qwert

poiuy_qwert

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 July 2004 - 01:39 PM

Well ive done all of the methods i could find. The http://res fix doesn't find anything even tho i followed the instructions. SpyBotSnD doesn't find it, AVG-Anti virus doesn't fix it. The Registrar Lite way, there is no Appl_dll or whatever in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\... And anyother way i've missed has not worked...

Here is my Hijack This Log:

Logfile of HijackThis v1.97.7
Scan saved at 2:37:22 PM, on 07/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\windows\System32\devldr32.exe
C:\DOCUME~1\Zach\Desktop\HIJACK~1\AVG\avgupsvc.exe
C:\DOCUME~1\Zach\Desktop\HIJACK~1\AVG\avgamsvr.exe
C:\Documents and Settings\Zach\Desktop\Hijacker!\AVG\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Zach\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Zach\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Zach\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Zach\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Zach\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Zach\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {38FEEE1B-F86B-4716-AF8F-601743C5AA79} - C:\windows\System32\acbpgaa.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\DOCUME~1\Zach\Desktop\HIJACK~1\AVG\avgcc.exe /STARTUP
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8112.8080439815
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBBADDD3-9542-4968-A281-5E0D187ACAD8}: NameServer = 209.226.175.224 198.235.216.110


(everything bold is fine on my comp)

Thank you in advance for any help.

#2 poiuy_qwert

poiuy_qwert

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 July 2004 - 05:29 PM

Anyone know a way that i havn't stated above that should work?

#3 poiuy_qwert

poiuy_qwert

    Member

  • New Member
  • Pip
  • 4 posts

Posted 08 July 2004 - 07:22 PM

Bump. Comon guys i need help...

#4 poiuy_qwert

poiuy_qwert

    Member

  • New Member
  • Pip
  • 4 posts

Posted 11 July 2004 - 04:50 PM

good help this forum is...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button