MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Help please, IE6 about:blank problem
June 07, 2020, 07:23:38 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 07, 2020, 07:23:38 AM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Help please, IE6 about:blank problem  (Read 13120 times)
Becca
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« on: August 24, 2004, 06:34:39 PM »

Hi, I'm running Win XP home and my browser home page has been changed to about:blank and theses popups keep appearing whenever I start a new browser.  spybot search and destroy keeps alerting me that registry entry changes are being attempted that I keep denying but still I keep getting the popups that say my computer has been infected with a virus.  Here's the output from HijackThis,  please help...

Logfile of HijackThis v1.97.7
Scan saved at 1:34:32 PM, on 8/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\n_vmycsd.dat:jlhzq
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\addvi.exe
C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\Program Files\FlexiSIGN-PRO 6.6\Program\App.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tom\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ctzsh.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mngdf.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ctzsh.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mngdf.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ctzsh.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F99DA94E-8003-7D47-5B90-44A2088F5120} - C:\WINDOWS\system32\apiwv32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [addvi.exe] C:\WINDOWS\system32\addvi.exe
O4 - HKLM\..\Run: [Settings] svchosd.exe
O4 - HKLM\..\Run: [Updates] svchosd.exe
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [javacb.exe] C:\WINDOWS\javacb.exe
O4 - HKLM\..\RunOnce: [netsv.exe] C:\WINDOWS\netsv.exe
O4 - HKLM\..\RunOnce: [winsq.exe] C:\WINDOWS\winsq.exe
O4 - HKLM\..\RunOnce: [addcq.exe] C:\WINDOWS\addcq.exe
O4 - HKLM\..\RunOnce: [mfcxq.exe] C:\WINDOWS\system32\mfcxq.exe
O4 - HKLM\..\RunOnce: [msmd32.exe] C:\WINDOWS\system32\msmd32.exe
O4 - HKLM\..\RunOnce: [winnk.exe] C:\WINDOWS\system32\winnk.exe
O4 - HKLM\..\RunOnce: [d3de.exe] C:\WINDOWS\system32\d3de.exe
O4 - HKLM\..\RunOnce: [atlaj32.exe] C:\WINDOWS\atlaj32.exe
O4 - HKLM\..\RunOnce: [crwo.exe] C:\WINDOWS\crwo.exe
O4 - HKLM\..\RunOnce: [mfclb.exe] C:\WINDOWS\mfclb.exe
O4 - HKLM\..\RunOnce: [apivb.exe] C:\WINDOWS\apivb.exe
O4 - HKLM\..\RunOnce: [netya32.exe] C:\WINDOWS\system32\netya32.exe
O4 - HKLM\..\RunOnce: [sysun.exe] C:\WINDOWS\system32\sysun.exe
O4 - HKLM\..\RunOnce: [ntia.exe] C:\WINDOWS\system32\ntia.exe
O4 - HKLM\..\RunOnce: [sdkta32.exe] C:\WINDOWS\system32\sdkta32.exe
O4 - HKLM\..\RunOnce: [javads32.exe] C:\WINDOWS\javads32.exe
O4 - HKLM\..\RunOnce: [atlrf32.exe] C:\WINDOWS\atlrf32.exe
O4 - HKLM\..\RunOnce: [crdi.exe] C:\WINDOWS\system32\crdi.exe
O4 - HKLM\..\RunOnce: [appjo32.exe] C:\WINDOWS\system32\appjo32.exe
O4 - HKLM\..\RunOnce: [iebr32.exe] C:\WINDOWS\system32\iebr32.exe
O4 - HKLM\..\RunOnce: [ippe32.exe] C:\WINDOWS\system32\ippe32.exe
O4 - HKLM\..\RunOnce: [winlj.exe] C:\WINDOWS\system32\winlj.exe
O4 - HKLM\..\RunOnce: [crnq32.exe] C:\WINDOWS\system32\crnq32.exe
O4 - HKLM\..\RunOnce: [iprf.exe] C:\WINDOWS\system32\iprf.exe
O4 - HKLM\..\RunOnce: [cruv32.exe] C:\WINDOWS\cruv32.exe
O4 - HKLM\..\RunOnce: [atlii.exe] C:\WINDOWS\atlii.exe
O4 - HKLM\..\RunOnce: [ipte.exe] C:\WINDOWS\system32\ipte.exe
O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\mssv32.exe
O4 - HKLM\..\RunOnce: [mfcxt32.exe] C:\WINDOWS\mfcxt32.exe
O4 - HKLM\..\RunOnce: [mfcbp.exe] C:\WINDOWS\system32\mfcbp.exe
O4 - HKLM\..\RunOnce: [appki.exe] C:\WINDOWS\appki.exe
O4 - HKLM\..\RunOnce: [nethz.exe] C:\WINDOWS\system32\nethz.exe
O4 - HKLM\..\RunOnce: [sysem32.exe] C:\WINDOWS\system32\sysem32.exe
O4 - HKLM\..\RunOnce: [iebt.exe] C:\WINDOWS\system32\iebt.exe
O4 - HKLM\..\RunOnce: [mfcdg32.exe] C:\WINDOWS\system32\mfcdg32.exe
O4 - HKLM\..\RunOnce: [d3so.exe] C:\WINDOWS\d3so.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:C:\wmexsp.chm::/on-line.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Logged

 
Becca
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #1 on: August 24, 2004, 07:19:19 PM »

I have some new info...  Adaware se says i have a problem with "CoolWebSearch" and Norton antivirus says I have a problems with "Bloodhound.Exploit.6" and it is unable to repair the problem.  Help...
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #2 on: August 25, 2004, 12:52:51 AM »

You have a few problems in your log, unfortunately your running an out of
date version of Hijackthis
Delete your copy
Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT
OR create a folder as C:\HJT---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE

Let's try the following before you post back a fresh hijackthis log
Make a folder on your desktop, name it Aboutbuster
Download About:Buster
by Rubber Ducky
Unzip it to that folder

Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it says it found an update hit Download Updates. If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot
Run about:buster one more time when you have restarted


Post back with an updated hijackthis log and about:buster logs

Couly you also do another reply and post this information
I'm uploading a file called GetServices.vbs
Save the zip file to your desktop and unzip to the desktop
Double click to run it,
If you have script blocking installed, you will get a warning when you try to run the script. Please allow it to run. It is only collecting information

Could you post the Active.txt it produces in a seperate reply, thanks

Download Attachment: GetServices.zip 1.13 KB
Right click and select Save Target As... then rename the file as shown here and save.
Logged

 
Becca
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #3 on: August 25, 2004, 03:24:01 AM »

ok, i ran aboutbuster a couple of times rebooting between each run and this is the latest log file:

Scanned at: 9:43:48 PM   on: 8/24/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 5 Random Key Entries
Deleted 1 Service Keys Successfully!



Error Removing! : C:\WINDOWS\n_tectul.dat



Error Removing! : C:\WINDOWS\winle.exe





Scanned at: 9:55:18 PM   on: 8/24/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 10 Random Key Entries
Deleted 2 Service Keys Successfully!
Removed! : C:\WINDOWS\n_tectul.dat
Removed! : C:\WINDOWS\winle.exe
Removed! : C:\WINDOWS\System32\jakey.dat
Error Removing! : C:\WINDOWS\System32\sysne32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 8 Random Key Entries
Error Removing! : C:\WINDOWS\System32\sysne32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!






Scanned at: 9:59:50 PM   on: 8/24/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 10 Random Key Entries
Deleted 2 Service Keys Successfully!
Removed! : C:\WINDOWS\n_tectul.dat
Removed! : C:\WINDOWS\winle.exe
Removed! : C:\WINDOWS\System32\jakey.dat
Error Removing! : C:\WINDOWS\System32\sysne32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 8 Random Key Entries
Error Removing! : C:\WINDOWS\System32\sysne32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 3 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 8 Random Key Entries
Error Removing! : C:\WINDOWS\System32\sysne32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!






Scanned at: 10:19:20 PM   on: 8/24/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 9 Random Key Entries
Deleted 1 Service Keys Successfully!
Removed! : C:\WINDOWS\System32\sysne32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 8 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 3 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 8 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 4 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 8 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

i got the latest hijackthis and this is the log from it:

Logfile of HijackThis v1.98.2
Scan saved at 10:20:30 PM, on 8/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\d3so.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\addvi.exe
C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\Documents and Settings\Tom\Desktop\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tcsad.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tcsad.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tcsad.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {2F9C1677-CBB2-408D-EA04-2413263F52A9} - C:\WINDOWS\netdd32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [addvi.exe] C:\WINDOWS\system32\addvi.exe
O4 - HKLM\..\Run: [Settings] svchosd.exe
O4 - HKLM\..\Run: [Updates] svchosd.exe
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:C:\wmexsp.chm::/on-line.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O21 - SSODL: System - {004CF5B9-2272-453E-8DE6-C2DD144F245D} - (no file)

and the active.txt from getservices is:

These are the Current Active Services:

 WINDOWS AUDIO: AudioSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

 BACKGROUND INTELLIGENT TRANSFER SERVICE: BITS
C:\WINDOWS\System32\svchost.exe -k netsvcs

 COMPUTER BROWSER: Browser
C:\WINDOWS\System32\svchost.exe -k netsvcs

 CRYPTOGRAPHIC SERVICES: CryptSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs

 DHCP CLIENT: Dhcp
C:\WINDOWS\System32\svchost.exe -k netsvcs

 ERROR REPORTING SERVICE: ERSvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

 COM+ EVENT SYSTEM: EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs

 FAST USER SWITCHING COMPATIBILITY: FastUserSwitchingCompatibility
C:\WINDOWS\System32\svchost.exe -k netsvcs

 HELP AND SUPPORT: helpsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SERVER: lanmanserver
C:\WINDOWS\System32\svchost.exe -k netsvcs

 WORKSTATION: lanmanworkstation
C:\WINDOWS\System32\svchost.exe -k netsvcs

 NETWORK CONNECTIONS: Netman
C:\WINDOWS\System32\svchost.exe -k netsvcs

 NETWORK LOCATION AWARENESS (NLA): Nla
C:\WINDOWS\System32\svchost.exe -k netsvcs

 REMOTE ACCESS CONNECTION MANAGER: RasMan
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TASK SCHEDULER: Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SECONDARY LOGON: seclogon
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SYSTEM EVENT NOTIFICATION: SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs

 SHELL HARDWARE DETECTION: ShellHWDetection
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TELEPHONY: TapiSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TERMINAL SERVICES: TermService
C:\WINDOWS\System32\svchost.exe -k netsvcs

 THEMES: Themes
C:\WINDOWS\System32\svchost.exe -k netsvcs

 DISTRIBUTED LINK TRACKING CLIENT: TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs

 UPLOAD MANAGER: uploadmgr
C:\WINDOWS\System32\svchost.exe -k netsvcs

 WINDOWS TIME: w32time
C:\WINDOWS\system32\svchost.exe -k netsvcs

 WINDOWS MANAGEMENT INSTRUMENTATION: winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs

 AUTOMATIC UPDATES: wuauserv
C:\WINDOWS\system32\svchost.exe -k netsvcs

 WIRELESS ZERO CONFIGURATION: WZCSVC
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SYMANTEC EVENT MANAGER: ccEvtMgr
"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

 DISKEEPER: Diskeeper
C:\Program Files\Executive Software\Diskeeper\DkService.exe

 DNS CLIENT: Dnscache
C:\WINDOWS\System32\svchost.exe -k NetworkService

 EVENT LOG: Eventlog
C:\WINDOWS\system32\services.exe

 PLUG AND PLAY: PlugPlay
C:\WINDOWS\system32\services.exe

 TCP/IP NETBIOS HELPER: LmHosts
C:\WINDOWS\System32\svchost.exe -k LocalService

 SSDP DISCOVERY SERVICE: SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalService

 WEBCLIENT: WebClient
C:\WINDOWS\System32\svchost.exe -k LocalService

 NORTON ANTIVIRUS AUTO PROTECT SERVICE: navapsvc
"C:\Program Files\Norton AntiVirus\navapsvc.exe"

 NICSER_WMP11: NICSer_WMP11
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe

 NSENGINE: NsEngine
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe

 NVIDIA DRIVER HELPER SERVICE: NVSvc
C:\WINDOWS\System32\nvsvc32.exe

 IPSEC SERVICES: PolicyAgent
C:\WINDOWS\System32\lsass.exe

 PROTECTED STORAGE: ProtectedStorage
C:\WINDOWS\system32\lsass.exe

 SECURITY ACCOUNTS MANAGER: SamSs
C:\WINDOWS\system32\lsass.exe

 REMOTE PROCEDURE CALL (RPC): RpcSs
C:\WINDOWS\system32\svchost -k rpcss

 PRINT SPOOLER: Spooler
C:\WINDOWS\system32\spoolsv.exe

 NETWORK SECURITY SERVICE (NSS):
« Last Edit: August 25, 2004, 03:55:27 AM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: August 25, 2004, 04:13:39 AM »

Delete the Active.txt we made on the desktop earlier
You may want to print this out, I need you to start in safe mode

RESTART your Computer in SAFE MODE
Set Windows to Show Hidden Files and Folders

Go to START>>>>RUN>>>type in "services.msc" without quotes
In the New Window on the Right hand side look for these service(s)
NETWORK SECURITY SERVICE
NETWORK SECURITY SERVICE (NSS)
there may be just one listed
Double click on it>>>Stop the service>>>Set the drop down menu to Disabled

In Safe Mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tcsad.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tcsad.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tcsad.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2F9C1677-CBB2-408D-EA04-2413263F52A9} - C:\WINDOWS\netdd32.dll

O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
O4 - HKLM\..\Run: [addvi.exe] C:\WINDOWS\system32\addvi.exe
O4 - HKLM\..\Run: [Settings] svchosd.exe
O4 - HKLM\..\Run: [Updates] svchosd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:C:\wmexsp.chm::/on-line.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab

O21 - SSODL: System - {004CF5B9-2272-453E-8DE6-C2DD144F245D} - (no file)

After you have fix checked close hijackthis

Find and delete these files if they exist
C:\WINDOWS\d3so.exe <--file
C:\WINDOWS\javatr.exe <-file
C:\WINDOWS\system32\addvi.exe <--file
C:\WINDOWS\netdd32.dll <--file
svchosd.exe <--this file, NOTICE the spelling, DO NOT DELETE svchost.exe

While still in safe mode do another Scan with About:buster

RESTART back in Normal Mode
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back with a Fresh hijackthis log, about:buster log
Could you also generate a new Active.txt log and post it, thanks
Logged

 
Becca
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 4


Bookmark and Share

View Profile
« Reply #5 on: August 25, 2004, 08:04:48 PM »

I've done as you suggested and it appears as if you've solved my problem!  No more annoying popups and my home page is still google after opening several IE sessions.  I will let you know if it stays this way.

Here is my hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 2:34:10 PM, on 8/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Here is my aboutbuster log:

Scanned at: 2:37:28 PM   on: 8/25/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!


And here is my active.txt:

These are the Current Active Services:

 WINDOWS AUDIO: AudioSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

 BACKGROUND INTELLIGENT TRANSFER SERVICE: BITS
C:\WINDOWS\System32\svchost.exe -k netsvcs

 COMPUTER BROWSER: Browser
C:\WINDOWS\System32\svchost.exe -k netsvcs

 CRYPTOGRAPHIC SERVICES: CryptSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs

 DHCP CLIENT: Dhcp
C:\WINDOWS\System32\svchost.exe -k netsvcs

 ERROR REPORTING SERVICE: ERSvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

 COM+ EVENT SYSTEM: EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs

 FAST USER SWITCHING COMPATIBILITY: FastUserSwitchingCompatibility
C:\WINDOWS\System32\svchost.exe -k netsvcs

 HELP AND SUPPORT: helpsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SERVER: lanmanserver
C:\WINDOWS\System32\svchost.exe -k netsvcs

 WORKSTATION: lanmanworkstation
C:\WINDOWS\System32\svchost.exe -k netsvcs

 NETWORK CONNECTIONS: Netman
C:\WINDOWS\System32\svchost.exe -k netsvcs

 NETWORK LOCATION AWARENESS (NLA): Nla
C:\WINDOWS\System32\svchost.exe -k netsvcs

 REMOTE ACCESS CONNECTION MANAGER: RasMan
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TASK SCHEDULER: Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SECONDARY LOGON: seclogon
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SYSTEM EVENT NOTIFICATION: SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs

 SHELL HARDWARE DETECTION: ShellHWDetection
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TELEPHONY: TapiSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TERMINAL SERVICES: TermService
C:\WINDOWS\System32\svchost.exe -k netsvcs

 THEMES: Themes
C:\WINDOWS\System32\svchost.exe -k netsvcs

 DISTRIBUTED LINK TRACKING CLIENT: TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs

 UPLOAD MANAGER: uploadmgr
C:\WINDOWS\System32\svchost.exe -k netsvcs

 WINDOWS TIME: w32time
C:\WINDOWS\system32\svchost.exe -k netsvcs

 WINDOWS MANAGEMENT INSTRUMENTATION: winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs

 AUTOMATIC UPDATES: wuauserv
C:\WINDOWS\system32\svchost.exe -k netsvcs

 WIRELESS ZERO CONFIGURATION: WZCSVC
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SYMANTEC EVENT MANAGER: ccEvtMgr
"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

 DISKEEPER: Diskeeper
C:\Program Files\Executive Software\Diskeeper\DkService.exe

 DNS CLIENT: Dnscache
C:\WINDOWS\System32\svchost.exe -k NetworkService

 EVENT LOG: Eventlog
C:\WINDOWS\system32\services.exe

 PLUG AND PLAY: PlugPlay
C:\WINDOWS\system32\services.exe

 TCP/IP NETBIOS HELPER: LmHosts
C:\WINDOWS\System32\svchost.exe -k LocalService

 SSDP DISCOVERY SERVICE: SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalService

 WEBCLIENT: WebClient
C:\WINDOWS\System32\svchost.exe -k LocalService

 NORTON ANTIVIRUS AUTO PROTECT SERVICE: navapsvc
"C:\Program Files\Norton AntiVirus\navapsvc.exe"

 NICSER_WMP11: NICSer_WMP11
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe

 NSENGINE: NsEngine
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe

 NVIDIA DRIVER HELPER SERVICE: NVSvc
C:\WINDOWS\System32\nvsvc32.exe

 IPSEC SERVICES: PolicyAgent
C:\WINDOWS\System32\lsass.exe

 PROTECTED STORAGE: ProtectedStorage
C:\WINDOWS\system32\lsass.exe

 SECURITY ACCOUNTS MANAGER: SamSs
C:\WINDOWS\system32\lsass.exe

 REMOTE PROCEDURE CALL (RPC): RpcSs
C:\WINDOWS\system32\svchost -k rpcss

 PRINT SPOOLER: Spooler
C:\WINDOWS\system32\spoolsv.exe


Again, thank you so much...
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: August 25, 2004, 09:39:21 PM »

You look good to go Becca

You can have hijackthis fix these next ones, they are optional, up to you
There not needed on startup, check it here
http://www.sysinfo.org/startuplist.php

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

RESTART and navigate to this file
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RENAME realsched.exe>>>>realsched.old

You should install these 2 apps., they add extra security while
silently protecting you, without running in the background
 
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

With both---Check for updates every couple of weeks
Don't forget that Spybot has an immunization feature
Click Immunize>>>OK>>>>Immunize at the top

I'll lock this topic in a day or so, if you need it reopened please
PM a MOD--supply a link to this thread
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 11, 2018, 09:32:08 AM