TechSpot

Correctly posted hijack log

By tjent
Sep 30, 2005
  1. Having serious issues. done everything listed under the usual stuff. What am I missing?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your version of Hijackthis is out of date.

    Go and follow the instructions in this thread exactly.

    Then post a fresh HJT log as an attachment.

    Regards Howard :cool:
     
  3. tjent

    tjent TS Rookie Topic Starter

    that's what I've got

    That is where I got my Hijack about two weeks ago. I have reposted a fresh log that I did while running in regular mode. The last log was run in safe mode
     

    Attached Files:

  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    This is getting farcical.

    http://www.techspot.com/vb/showthread.php?t=34017

    http://www.techspot.com/vb/showthread.php?t=33399

    You have been given advice several times, and have not followed it. Your version of HJT is still out of date.

    The thread I linked to clearly states
    Did you even read it?

    The bottom line is, if you don`t follow the advice given. We can`t help you.

    Regards Howard :rolleyes:
     
  5. tjent

    tjent TS Rookie Topic Starter

    How about this one?

    No need to get snippy...
    I am new to this and it is really frustrating.
    I think I have the right version of everything now and I am posting my new log in .txt form. If it's still wrong just tell me what program to buy to fix it. Norton? McAfee?

    Your help IS appreciated.
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Follow these instructions EXACTLY until you have run CWShredder:
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the process (if there) and click End Process for:
    plook.exe

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\Program Files\PLook\plook.exe

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O4 - HKLM\..\Run: [Plook] C:\Program Files\PLook\plook.exe
    O4 - HKCU\..\Run: [Plook] C:\Program Files\PLook\plook.exe
    Fix ALL O16 - DPF: entries
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINNT\Temp (except files dated from TODAY).
    Boot normal.
     
  7. tjent

    tjent TS Rookie Topic Starter

  8. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...