View Full Version : Autocomplete IE6 (W2K)
ESA77
10-29-2002, 11:37 AM
Dear People,
After deleting:
- all cookies
- temp.internet files
- history
There is still one URL which appears when i type the first charcter of this URL.
It only appears in one profile.
Who knows a solution for this?
I already tried Adaware scans, TWEAKUI and so on..
Regedit?
PLEASE HELP ME.. I AM GETTING CRAZY.. :0(
Best regards,
Erwin
ESA77,
Could you please tell us what URL it is? It can make a big difference.
Now I'll leave this question to my fellow members with far more experiece than I.
Nana /images/forums/icons/smile.gif
ESA77,
Have you cleraed Autocomplete/Web Addresses on the Content Tab of Internet Options?
Nana /images/forums/icons/smile.gif
ESA77
10-30-2002, 11:25 AM
I deleted the files at the content tab of the internet options, but also I have deleted all files with the windows explorer in the folder temporary inetnetfiles and history. The URL is http://www.sexspot.nl/hetesletjes/page2/index.html
Do you have more suggestions!?
Best regards,
Erwin (From Holland)
TonyKlein
10-30-2002, 11:30 AM
Erwin,
Hoi! :)
I'd like you to do two things:
Would you please go to <a target="_blank" href=http://www.spywareinfo.com/downloads.html>http://www.spywareinfo.com/downloads.html</a> , and download both 'Hijack This' (in the "Detection and Removal" section), and 'Startuplist' (in "Startup Program Management").
Run both, and post the results here.
ESA77,
My advice to you is to follow Tony's instructions. You're in much more capable hands with him.
Good luck getting rid of the problem.
Nana /images/forums/icons/smile.gif
homeflash
10-31-2002, 06:12 PM
I have the same problem...
I did all three adaware, hjackthis, and startuplist, still no good... help is Needed!!!!!
Paul S
11-01-2002, 05:06 AM
Hi,
Why not delete the user profile this is happening under and then let windows recreate it or have you already tried this?
Regards,
<font color=green>Paul</font color=green>
<font color=blue>mailto:paul@winguides.com (paul@winguides.com)</font color=blue>
ESA77
11-04-2002, 01:21 PM
Hi Tony, (Hoi!)
I run both, Hijack and Startuplist. Here are the results of the Dutch jury!
HiJack:
Logfile of HijackThis v1.71.0
Scan saved at 8:40:48, on 4-11-2002
Platform: Windows NT 5.00.2195
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.alltonet.com/search/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.ilse.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.alltonet.com/search/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
List (start up)
StartupList report, 4-11-2002, 8:41:33
StartupList version: 1.34.0
Started from : C:\Erwin's data\hijack\StartupList.EXE
Detected: Windows 2000 SP1 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avsynmgr.exe
C:\WINNT\System32\NTME\METHWNT.EXE
C:\WINNT\System32\NTME\brad32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME\Tmesrv.exe
C:\WINNT\system32\usrbridg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VsStat.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Vshwin32.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avconsol.exe
C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.ex e
C:\WINNT\Explorer.exe
C:\WINNT\System32\TPWRTRAY.EXE
C:\WINNT\System32\S3tray.exe
TonyKlein
11-04-2002, 02:51 PM
Hoi! :)
You forgot 90% of your startup list.
I can only see running process there. Please post the entire log.
As for Hijack This, it looks fine, providing
www.alltonet.com is your preferred Start Page.
Cheers, Tony
ESA77
11-06-2002, 01:06 PM
Hoi Tony,
Hier is de héle file..
Here is the complete file!
By the way, I do not know www.alltonet.com at all !?
StartupList report, 4-11-2002, 8:41:33
StartupList version: 1.34.0
Started from : C:\Erwin's data\hijack\StartupList.EXE
Detected: Windows 2000 SP1 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avsynmgr.exe
C:\WINNT\System32\NTME\METHWNT.EXE
C:\WINNT\System32\NTME\brad32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME\Tmesrv.exe
C:\WINNT\system32\usrbridg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VsStat.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Vshwin32.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avconsol.exe
C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.ex e
C:\WINNT\Explorer.exe
C:\WINNT\System32\TPWRTRAY.EXE
C:\WINNT\System32\S3tray.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\Tdevdetect.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINNT\System32\Tfunckey.exe
C:\WINNT\System32\Tpwricon.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Erwin's data\hijack\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
TMExLogon.lnk = C:\Program Files\TOSHIBA\TME\TMESRV.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager = mobsync.exe /logon
Tpwrtray = TPWRTRAY.EXE
S3TRAY = S3tray.exe
Nokia Connection Monitor = "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = ctfmon.exe
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINNT\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
End of report, 5.074 bytes
Report generated in 2,193 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
TonyKlein
11-06-2002, 01:35 PM
About Alltonet, I meant your Search page.
So let HijackThis "fix" this item:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.alltonet.com/search/ie/
As for the Startuplist, I can't see anything wrong with it.
Sometimes those last few autocomplete entries do appear to seem hard to remove at times.
Powered by vBulletin™ Version 4.1.0 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.