Jump to content


Photo

about:blank, pop-ups, freezing, etc.


  • Please log in to reply
3 replies to this topic

#1 Joanne

Joanne

    Member

  • New Member
  • Pip
  • 4 posts

Posted 29 June 2004 - 01:28 PM

First, I must warn that I am a bit ignorant when it comes to computers, so PLEASE be aware. :) I have read your FAQ and attempted to perform all recommendations; however, my husband's PC has more problems than I can name. Here are the major issues (I'll attempt to use proper terminology:

1) Homepage HiJacked to about:blank
2) Pop-Up's galore, even when AdAware and SpyBot are running
3) He get's 2 or 3 error messages with start-up
4) He previously downloaded HiJack This, however I can't find it so am attempting to download again from TomCoyote's Forum. This computer freezes.
5) At this point, I have ran AdAware and Spybot multiple times, back-to-back, and continously find 12-36 problems with each time.
6) After rebooting, I enabled everything in 'startup' from msconfig and rebooted again in order to run HiJackThis. I can't get it downloaded...I'm frozen and the hourglass will not go away!

Is there anything I can do to clean this up in order to get this computer to move forward?

Thanks so much.
jt

#2 Joanne

Joanne

    Member

  • New Member
  • Pip
  • 4 posts

Posted 29 June 2004 - 01:33 PM

I can't even get a 2nd explorer window to appear.

BTW, I having to send this via my laptop. :(

#3 Joanne

Joanne

    Member

  • New Member
  • Pip
  • 4 posts

Posted 29 June 2004 - 03:46 PM

I've been working on that computer all afternoon and finally have the HiJackThis Log!

Logfile of HijackThis v1.97.7

Scan saved at 3:34:45 PM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe

C:\WINDOWS\system32\msCMTSrvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\WFXSVC.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Symantec\WinFax\WFXMOD32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Trenton\Local Settings\Temporary Internet Files\Content.IE5\4P6VS12V\HijackThis[1].exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=2c02&lc=0409

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.coolsearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://store.presari...&c=2c02&lc=0409

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

N2 - Netscape 6: user_pref("browser.startup.homepage", "allaboutsearching.com");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Trenton\Application Data\Mozilla\Profiles\default\rvw6w6tx.slt\prefs.js)

O1 - Hosts: J__J__?___?_________ ___ ____________________________________________________________
_________ ___?___?_________ ___ ____________________________________________________________
_________

O1 - Hosts: ?_________ ___ ___________________________________________________(W__(W_____
_________

O1 - Hosts: 207.36.196.189 #eautosearch

O1 - Hosts: 69.20.16.183 #eautosearch

O1 - Hosts: 69.20.16.183 #eautosearch

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Locks Support Extra - {D31D9F65-6D11-6C83-1FED-3ECE884C93B4} - C:\PROGRA~1\COALFI~1\proxy logo.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v43/yacscom.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab

O16 - DPF: {EBC448F6-3C86-4689-8F5A-088B87E5C725} (Wonderhorse Listener ActiveX Control 1.2) - http://talkradio.alt.../whlisten12.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.over...com/WildApp.cab

#4 Joanne

Joanne

    Member

  • New Member
  • Pip
  • 4 posts

Posted 29 June 2004 - 06:01 PM

OK, if this is a stupid question, please forgive me, but...

Since we switched browsers to from Internet Explorer to Mozilla, everything seems to be 100% better. My question is...what about all that stuff reported on the HiJackThis log? Don't we still need to clean-up the computer?

(I tried to warn you about my limited PC knowledge!) :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button