Thread: Hijack This Help
View Single Post
  #4  
Old 11-22-2004, 06:03 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
A few uninstalls first off. bearshare, wild tangent and Windows AdControl through the control panel and add/remove programs.

Then rescan with hijack, insert a check next to each of the following then close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)

R3 - Default URLSearchHook is missing

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain

O4 - HKLM\..\Run: [caidpwjmkk] C:\WINDOWS\System32\ltsfoedz.exe

O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe

O4 - HKCU\..\Run: [Atoe] C:\Documents and Settings\Michael\Application Data\bcsb.exe

O4 - HKCU\..\Run: [Wlf] C:\WINDOWS\System32\??plorer.exe

O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- (no file)

O13 - WWW. Prefix: http://

Then reboot into safe mode. http://www.spyware911.net/forum/index.php?showtopic=15


Open windows explorer, find then delete:

C:\WINDOWS\dpe.dll - file
C:\Program Files\BearShare - folder
C:\Program Files\WildTangent - folder
C:\WINDOWS\System32\ltsfoedz.exe - file
C:\Program Files\Windows AdControl - folder
C:\Documents and Settings\Michael\Application Data\bcsb.exe - file
C:\WINDOWS\System32\??plorer.exe - file
C:\WINDOWS\System\MSMSGSVC.exe - file


Then reboot, rescan and post a fresh logfile
Reply With Quote