1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Another new HT lof 4 ya

Discussion in 'Virus & Other Malware Removal' started by abbyk, Sep 28, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Hello again guys

    I got a new hijack log to check.
    Done AVG, Spybot & adaware. Will run spyblaster after this ht log clean, & i know it does need a final tidy.

    Btw, cntl-alt-del doesnt work - ie bring up the task manager ( the keyboard's ok cos it works in dos )- any ideas ?

    Logfile of HijackThis v1.96.4
    Scan saved at 23:21:38, on 28/09/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R3 - URLSearchHook: (no name) - _{765E6B09-6832-4738-BDBE-25F226BA2AB0} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Web Entry (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: Win32 Classes -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B} - http://www.netbroadcaster.com/player/MovieNetworks1.exe
    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/17556c498cc1d995e606/netzip/RdxIE6.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
    O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://www.affiliatetarget.com/webtwo/download.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37881.4990509259
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} - http://www.jambalala.com/movies.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.microsoft.com/typography/clearadj.cab
    O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} (EGStripDownload Class) - http://usa-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab
    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab

    Thanks for your help:p
    abbyk
     
  2. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Hi guys

    I dont mean to hassle you but a quick reply would be REALLY appreciated.
    I want to finish on this pc and go home !

    Thanks & sorry if im being cheeky
    abbyk
     
  3. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Hi guys :)

    OK - no rush now, but pls dont leave my post ananswered :rolleyes:

    thanks
    abbyk
     
  4. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    Firstly, you need to goto http://tomcoyote.org/hjt/
    Your version is out of date.
    Post a new log up when you've done this.
     
  5. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    hey thanks Topkat

    I'll try & do that tomorrow

    abbyk
     
  6. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Hello again
    sorry about posting from an old HT :eek:

    This is now up to date i believe

    Logfile of HijackThis v1.97.2
    Scan saved at 20:08:32, on 30/09/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Documents and Settings\Noor\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    C:\WINDOWS\SYSTEM\blank.htm
    R3 - URLSearchHook: (no name) - _{765E6B09-6832-4738-BDBE-25F226BA2AB0} -
    (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
    FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
    /background
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    present
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Web Entry (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O12 - Plugin for .mid: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .wav: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: Win32 Classes -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B} -
    http://www.netbroadcaster.com/player/MovieNetworks1.exe
    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} -
    http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} -
    http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://207.188.7.150/17556c498cc1d995e606/netzip/RdxIE6.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
    O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} -
    http://www.affiliatetarget.com/webtwo/download.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37881.4990509259
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
    http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -
    http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} -
    http://www.jambalala.com/movies.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) -
    http://www.microsoft.com/typography/clearadj.cab
    O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} (EGStripDownload Class) -
    http://usa-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab
    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class)
    - http://download.paltalk.com/webregtest/RegDload.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
    http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) -
    http://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab

    Thank you in advance - U guys are great

    abbyk:)
     
  7. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} -
    http://akamai.downloadv3.com/binari.../EGDHTML_XP.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} -
    http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    http://floridakeysmedia.tv/axiscam/...sCamControl.ocx
    O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} -
    http://www.affiliatetarget.com/webtwo/download.exe
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
    http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} -
    http://www.jambalala.com/movies.exe
    O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} (EGStripDownload Class) -
    http://usa-download.strip-player.co...tup_minsize.cab

    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class)
    - http://download.paltalk.com/webregtest/RegDload.CAB

    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) -
    http://www.wildtangent.com/insta

    Hope this helps, post back in this thread if problems persist.

    :D
     
  8. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Topkat - you're a top man, i mean kat, wells thanks anyway:cool:

    I'll get my friend to do as you suggested - probably some time tomorrow.

    Any ideas on cntrl-alt-del not working within xp ?

    Also i just thought - its obvious my friend likes to visit pRon sites.
    I remember the 1st few weeks i was on the net thats about all i did !:D . With that catagory & warez ( which i also looked at - not any more tho - learnt my lesson early ) they seem full of evil Bas$$rds who r intent on doin u in with viruses, hijacked browsers, etc or rippin people off with secret premium diallers.

    Now obviously warez is illegal, but porn is not ( just embaressing & shameful to some folk :eek: ).
    So is there a list of "safe" sites that can help my friend & others view what he wants to without his pc getting mangled ?

    Just a thought:)

    peace out
    abbyk
     
  9. Alfie_UK

    Alfie_UK

    Joined:
    Mar 28, 2003
    Messages:
    1,182
    Hi TopKat,
    Hope you don't mind me asking,would it be advisable to have, HJT fix, R3 - URLSearchHook: (no name) - _{765E6B09-6832-4738-BDBE-25F226BA2AB0} -
    (no file),only I thought you had to fix R3,if there was no URL which is recognised, please correct me if I'm wrong.that way i'll know in the future for when i do my own,HJT Log.
     
  10. gaby38

    gaby38

    Joined:
    Jul 19, 2003
    Messages:
    88
    yeah, I would like to ask the same question about the R3, if you don't mind.

    What about these other ones?

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    Thanks for your patience, just trying to learn and help back :)
     
  11. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Hi all,

    glad to see so many having a look through these logs. (y)

    You can fix the R3, plus all that Gaby has picked out. TopKat's goes without saying.. :)

    If it helps, any (no name) *************(no file) entry can be fixed. These usually occur when Spybot, or any one of a number of cleaning programs, has cleaned up toolbars and BHOs; so you'll see them fairly often. It just denotes an orphan registry entry.

    Cheers

    Liam
     
  12. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Hey thanks guys

    i hear all of you and i'm learning too

    abby

    ps still no ideas on the cntl-alt-del ?
     
  13. Alfie_UK

    Alfie_UK

    Joined:
    Mar 28, 2003
    Messages:
    1,182
    Hi e-Liam,
    Thanks for explaing about the R3 entries,I'm also so looking and learning every day,been reading,Tony Kleins and,Brendans.Tutorials every opportunity i can get.keep up the good work you guys do (y)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168135

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice