 |  |  |  |  |  |  |  |
IE6 has been constantly hijacked by ....
 |
IE6 has been constantly hijacked ;
this damn site :
http://www.lookfor.cc/index.php?p=37049 , replaces the start page , obliging me to edit the register HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\start page ;
It has happened almost every night since the 1st time a week ago ;
An updated Spybot search and destroy has scanned the system and some cookies have been cleared up but it has not solved the annoying problem ;
Is there something else I can do to eliminate whatever is in the system ?
I am very very fed up with that ******* www.lookfor...
Thank you so much
RW
this damn site :
http://www.lookfor.cc/index.php?p=37049 , replaces the start page , obliging me to edit the register HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\start page ;
It has happened almost every night since the 1st time a week ago ;
An updated Spybot search and destroy has scanned the system and some cookies have been cleared up but it has not solved the annoying problem ;
Is there something else I can do to eliminate whatever is in the system ?
I am very very fed up with that ******* www.lookfor...
Thank you so much
RW
•
•
Join Date: Aug 2003
Posts: 9,457
Reputation: 
Solved Threads: 477
Check this site ,download hijackthis,follw along the left you will find all the help you need,and other programs to help stop spyware
http://mjc1.com/mirror/hjt/
http://mjc1.com/mirror/hjt/
•
•
Join Date: Oct 2003
Posts: 73
Reputation:
Solved Threads: 1
Junior Poster in Training
Hi Ron Wolpa
caperjack if I may butt in and expand on your post....
Please Download hijackthis from
http://www.merijn.org/files/hijackthis.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
After the scan has finished the "scan" button will turn into a "save log" button
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
steam
caperjack if I may butt in and expand on your post....
Please Download hijackthis from
http://www.merijn.org/files/hijackthis.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
After the scan has finished the "scan" button will turn into a "save log" button
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
steam
•
•
Join Date: Aug 2003
Posts: 9,457
Reputation:
Solved Threads: 477
no problem butt in any time.I was just getting them started till you came along ,I read and read about hijackthis logs and how to decifer them but can't remember what i read ,I think it's that over 50 thing .LOL
Last edited by caperjack; Dec 25th, 2003 at 5:24 pm.
Hi Guys !
Following your advice I downloaded hijackthis , runned and found
a very large list of .exe files and register entries ; basic what this program does is to seek for suspicious entries that autoload when
the op. system starts up ; alright so Hijackthis supposedly found some entries on my register :
1- H_key_currentuser/software/Microsoft/internet/SearchUrl/http...
the url of a porno site ;
2-H_key_currentuser/software/Microsoft/internet/Main/ .....
search and start page , both www.lookfor....
Before to click hijackthis to do anything I opened the register and
have not found such entries in the way it stated it was ;
I had edited minutes before the start page (because it had happened again , start page was changed ) and deleted the entry H_key_currentuser/software/Microsoft/internet/Main/ search
which was pointing to the lookfor , once again ;
This hold me back in relation to hijackthis , I am not confident itīs
realiable , as it found items it was no longer there ;
I thank you anyway for your attetion ;
Ron Wolpa
Following your advice I downloaded hijackthis , runned and found
a very large list of .exe files and register entries ; basic what this program does is to seek for suspicious entries that autoload when
the op. system starts up ; alright so Hijackthis supposedly found some entries on my register :
1- H_key_currentuser/software/Microsoft/internet/SearchUrl/http...
the url of a porno site ;
2-H_key_currentuser/software/Microsoft/internet/Main/ .....
search and start page , both www.lookfor....
Before to click hijackthis to do anything I opened the register and
have not found such entries in the way it stated it was ;
I had edited minutes before the start page (because it had happened again , start page was changed ) and deleted the entry H_key_currentuser/software/Microsoft/internet/Main/ search
which was pointing to the lookfor , once again ;
This hold me back in relation to hijackthis , I am not confident itīs
realiable , as it found items it was no longer there ;
I thank you anyway for your attetion ;
Ron Wolpa
•
•
Join Date: May 2003
Posts: 865
Reputation:
Solved Threads: 43
Practically a Posting Shark
•
•
•
•
Originally Posted by Ron Wolpa
This hold me back in relation to hijackthis , I am not confident it's realiable , as it found items it was no longer there.I thank you anyway for your attention.
-- Michael RudasHow To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.
•
•
Join Date: Oct 2003
Posts: 73
Reputation:
Solved Threads: 1
Junior Poster in Training
Hi Ron Wolpa
If I may point out my earlier post......
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
We can then tell you what to fix
steam
If I may point out my earlier post......
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
We can then tell you what to fix
steam
Not only have I had problems with changing start page but with weird pop up screens coming up with ads of skunk marijuana,
bogus universities degrees , pornography , mp3 songs for free , etc , etc ...
I think for some people it would be funny to open the page of a serious company like Boeing and get a pop up ad of marijuana ;
disgusting ;
Below I paste the log of hijackthis:
Logfile of HijackThis v1.97.7
Scan saved at 02:24:56, on 30/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSINFO.EXE
C:\ARQUIVOS DE PROGRAMAS\MYVITALAGENT8\VITALAGENT\PROGRAM\VTLAGENT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\ICQ\ICQ.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
D:\!DOWNLOAD\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.theadultgate.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.........../
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookfor.cc/index.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lookfor.cc/sp.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lookfor.cc/index.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.lookfor.cc/sp.php?p=37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ron Wolpa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://........../
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\IEFEATSL.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\MSIESH.DLL
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\PROGRAM FILES\SUBMIT\SUBMITHOOK.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1046,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [sysinfo] C:\WINDOWS\sysinfo.exe
O4 - HKCU\..\RunServices: [sysinfo] C:\WINDOWS\sysinfo.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\ARQUIVOS DE PROGRAMAS\ICQ\ICQ.EXE -trayboot
O4 - Startup: MyVitalAgent.lnk = C:\Arquivos de programas\myvitalagent8\VitalAgent\Program\VtlAgent.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Arquivos de programas\getright502\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Arquivos de programas\getright502\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ComVC (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
I have gotten tired of removing this from register :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.theadultgate.com/find/
and this one .....
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookfor.cc/index.php?p=37049
and that one as well....
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lookfor.cc/index.php?p=37049
The most interesting one is :
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\IEFEATSL.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\MSIESH.DLL
Iīve gotten at every boot an error message "svcinit.exe not found on your system" ;
IEFEATSL.DLL is on the program unistall list , it simply appeared from nowhere ;
I am feeling tempted to start the cleaning up but will wait for your advice , ;
How can IE 6 security be so frail ??? (stupid microsoft , so mighty so deceivable )
Cheers
RW
ps: Iīve read Microsoft's Really Hidden Files and found it very interesting despite could not duplicate some on the tutorial ;
I think some paths have changed in the IE6 and Outlook express 6 , perhaps just question to insist a bit more and find the new
paths ;
I tried to send a message to the author suggesting an updated , but received back a daemon failure of an invalid e-mail ;
bogus universities degrees , pornography , mp3 songs for free , etc , etc ...
I think for some people it would be funny to open the page of a serious company like Boeing and get a pop up ad of marijuana ;
disgusting ;
Below I paste the log of hijackthis:
Logfile of HijackThis v1.97.7
Scan saved at 02:24:56, on 30/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSINFO.EXE
C:\ARQUIVOS DE PROGRAMAS\MYVITALAGENT8\VITALAGENT\PROGRAM\VTLAGENT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\ICQ\ICQ.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
D:\!DOWNLOAD\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.theadultgate.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.........../
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookfor.cc/index.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lookfor.cc/sp.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lookfor.cc/index.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.lookfor.cc/sp.php?p=37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ron Wolpa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://........../
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\IEFEATSL.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\MSIESH.DLL
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\PROGRAM FILES\SUBMIT\SUBMITHOOK.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1046,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [sysinfo] C:\WINDOWS\sysinfo.exe
O4 - HKCU\..\RunServices: [sysinfo] C:\WINDOWS\sysinfo.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\ARQUIVOS DE PROGRAMAS\ICQ\ICQ.EXE -trayboot
O4 - Startup: MyVitalAgent.lnk = C:\Arquivos de programas\myvitalagent8\VitalAgent\Program\VtlAgent.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Arquivos de programas\getright502\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Arquivos de programas\getright502\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ComVC (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
I have gotten tired of removing this from register :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.theadultgate.com/find/
and this one .....
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookfor.cc/index.php?p=37049
and that one as well....
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lookfor.cc/index.php?p=37049
The most interesting one is :
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\IEFEATSL.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\MSIESH.DLL
Iīve gotten at every boot an error message "svcinit.exe not found on your system" ;
IEFEATSL.DLL is on the program unistall list , it simply appeared from nowhere ;
I am feeling tempted to start the cleaning up but will wait for your advice , ;
How can IE 6 security be so frail ??? (stupid microsoft , so mighty so deceivable )
Cheers
RW
ps: Iīve read Microsoft's Really Hidden Files and found it very interesting despite could not duplicate some on the tutorial ;
I think some paths have changed in the IE6 and Outlook express 6 , perhaps just question to insist a bit more and find the new
paths ;
I tried to send a message to the author suggesting an updated , but received back a daemon failure of an invalid e-mail ;
Last edited by Ron Wolpa; Dec 30th, 2003 at 1:24 am.
•
•
Join Date: Oct 2003
Posts: 73
Reputation:
Solved Threads: 1
Junior Poster in Training
Hi Ron
It's no use taking out the obvious without taking out the actual hijacker that is putting it there.....this should sort you out.
Close all browser windows - run hijackthisand tick to fix :-
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.theadultgate.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.........../
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookfor.cc/index.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lookfor.cc/sp.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lookfor.cc/index.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.lookfor.cc/sp.php?p=37049
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\IEFEATSL.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\MSIESH.DLL
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [sysinfo] C:\WINDOWS\sysinfo.exe
O4 - HKCU\..\RunServices: [sysinfo] C:\WINDOWS\sysinfo.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
REboot then find and delete :-
C:\WINDOWS\svcinit.exe - file
C:\WINDOWS\sysinfo.exe - file
steam
It's no use taking out the obvious without taking out the actual hijacker that is putting it there.....this should sort you out.
Close all browser windows - run hijackthisand tick to fix :-
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.theadultgate.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.........../
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookfor.cc/index.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lookfor.cc/sp.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lookfor.cc/index.php?p=37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.lookfor.cc/sp.php?p=37049
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\IEFEATSL.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\IEFEATSL\MSIESH.DLL
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [sysinfo] C:\WINDOWS\sysinfo.exe
O4 - HKCU\..\RunServices: [sysinfo] C:\WINDOWS\sysinfo.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
REboot then find and delete :-
C:\WINDOWS\svcinit.exe - file
C:\WINDOWS\sysinfo.exe - file
steam
Hi Steam
Itīs done , I ran hijackthis and fixed the entries as per your advice ;
Itīs too early to tell if the start page and weird pop ups problem is fixed , but I suppose so ;
At least the start page dialogue box and buttons at internet options /general / start page is back to normal operation (since the 1st time IE was hijacked they were invalid )
Thank you once again for your support ;
RW
Itīs done , I ran hijackthis and fixed the entries as per your advice ;
Itīs too early to tell if the start page and weird pop ups problem is fixed , but I suppose so ;
At least the start page dialogue box and buttons at internet options /general / start page is back to normal operation (since the 1st time IE was hijacked they were invalid )
Thank you once again for your support ;
RW
|
Similar Threads
- Hijacked browser (Viruses, Spyware and other Nasties)
- IE6 has been constantly hijacked by .... (Viruses, Spyware and other Nasties)
- IE6 has been constantly hijacked by .... (Viruses, Spyware and other Nasties)
- IE6 has been constantly hijacked by .... (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: hijackthis log
- Next Thread: HijackThis log file
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday