Topic: searchpage help!
View Single Post
  #6  
Old May 22nd, 2004, 09:07 PM
don77 don77 is offline
CTH Subscriber
  
Join Date: Mar 2004
Location: Mass. USA
Age: 46
Posts: 3,037
Hi again, Please create a new folder on C: drive nad name it HJT and move HJT into it, HJT will create backup so we don't want it in a temp folder.
Next
Please restart HJT put a check next to the following, close all open windows and click fix.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂȘnculos
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
O1 - Hosts: 69.50.136.245 www.bunnyteens.com <http://www.bunnyteens.com> bunnyteens.com www.amateurcurves.com <http://www.amateurcurves.com> amateurcurves.com www.pichunter.com <http://www.pichunter.com> pichunter.com www.88by88.com <http://www.88by88.com> 88by88.com www.rubias19.com <http://www.rubias19.com> rubias19.com
O1 - Hosts: 69.50.136.245 www.slickgalleries.com <http://www.slickgalleries.com> 10****.com www.10****.com <http://www.10****.com> smashingthumbs.com puppykibble.com www.puppykibble.com <http://www.puppykibble.com> www.thumbnailseries.com <http://www.thumbnailseries.com> thumbnailseries.com goatlist.com www.goatlist.com <http://www.goatlist.com>
O1 - Hosts: 69.50.136.245 dianapost.com www.dianapost.com <http://www.dianapost.com> www.zadina.com <http://www.zadina.com> zadina.com www.frogsex.com <http://www.frogsex.com> frogsex.com teenagesecrets.biz www.teenagesecrets.biz <http://www.teenagesecrets.biz> ratemycameltoe.com www.mature-post.com <http://www.mature-post.com> mature-post.com www.call-kelly.com <http://www.call-kelly.com>
O1 - Hosts: 69.50.136.245 elreyano.com www.elreyano.com <http://www.elreyano.com> purextc.com www.purextc.com <http://www.purextc.com> officespy.com www.officespy.com <http://www.officespy.com> www.secretarygalleries.com <http://www.secretarygalleries.com> www.gigagalleries.com <http://www.gigagalleries.com> www.croseries.com <http://www.croseries.com> croseries.com www.top-galleries.com <http://www.top-galleries.com> top-galleries.com
O1 - Hosts: 69.50.136.245 pussy.org www.pussy.org <http://www.pussy.org> freesmutseries.net www.freesmutseries.net <http://www.freesmutseries.net> porno-pics-free.com www.porno-pics-free.com <http://www.porno-pics-free.com> catlist.com www.smashingthumbs.com <http://www.smashingthumbs.com> call-kelly.com www.boneme.com <http://www.boneme.com> boneme.com www.series-xxx.com <http://www.series-xxx.com> series-xxx.com
O1 - Hosts: 69.50.136.245 sexyfotky.cz www.sexyfotky.cz <http://www.sexyfotky.cz> hammervideo.com www.hammervideo.com <http://www.hammervideo.com> rawpussy.com www.rawpussy.com <http://www.rawpussy.com> teeniesxxx.com www.teeniesxxx.com <http://www.teeniesxxx.com> porn-view.com www.porn-view.com <http://www.porn-view.com>
O1 - Hosts: 69.50.136.245 pornstarfinder.net www.pornstarfinder.net <http://www.pornstarfinder.net> jennysbookmarks.com www.jennysbookmarks.com <http://www.jennysbookmarks.com> babes4free.com www.babes4free.com <http://www.babes4free.com> 3pic.com www.3pic.com <http://www.3pic.com>
O1 - Hosts: 69.50.136.245 searchgals.com www.searchgals.com <http://www.searchgals.com> picsmonster.com www.picsmonster.com <http://www.picsmonster.com> sublimepie.com www.sublimepie.com <http://www.sublimepie.com> pornhelious.com www.pornhelious.com <http://www.pornhelious.com>
O4 - HKLM\..\Run: [FCEGXYC3] C:\WINDOWS\TEMP\FCEGXYC3.EXE
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - <http://www.sponsoradulto.com/es/SysWebTelecom.cab>

Reboot to safe mode ( by tapping the F8 key on start up ) make sure you can view all hidden folders/files <http://www.xtra.co.nz/help/0,,4155-1916458,00.html> search for and delete the following in BOLD


FCEGXYC3.EXE


Restart your computer, restart HJT and post back a fresh log.

Don
Reply With Quote