Jump to content
GreaseSpot Cafe

PC with popups and a "replacement" IExplorer


Kit Sober
 Share

Recommended Posts

I hope this helps:

- try these steps

Down load and run Spybot and adaware- both have free versions

Spybot Search and destroy- http://www.safer-networking.org/en/index.html

Adaware- http://www.lavasoftusa.com/software/adaware/

Popup prevention- switch to Mozilla or Firefox from

Mozzilla- http://www.mozilla.org/

(Also free)

There are several threads in this section of GS on Mozilla and Fire Fox

Link to comment
Share on other sites

Homepage hijackers are often spyware, so Spybot-S&D should tackle it.

Remember to UPDATE your AdAware and Spybot-S&D.

Also, Spybot's shareware-it's nice to send them a few bucks if they save

your machine.

Also also, Spybot has an "Immunization" function. Switch that mutha on.

Yes, using Mozilla, Opera or FireFox as your browser sidesteps most of those.

I just keep IE around as a backup, and use FireFox. Its user interface is VERY

similar to IE. FireFox 0.92 is the latest iteration, I hear.

The Registry Keys thread has some links, including at least one link to an

online virus scanner/remover. Give your system the once-over at least monthly,

even if you ARE running an antivirus program.

Link to comment
Share on other sites

Kit,

I have had success with a program called, HIJACKTHIS.EXE Check on Google for download sites. Run it in the safe mode and it clears much of the hijacked browser problems.

If that doesn't work, there is another program called ABOUTBUSTER that is great. I will look that up for you in the morning. There is also a forum that helps you with the problem.. I just don't have the info at hand right now, but will post it all tomorrow.

Link to comment
Share on other sites

Thanks. I turned on my pc, went to page, wrote down the download page address, turned off my pc, turned on fred's pc, typed in address, and it took me to page.

Such a deal, but spyware from download.com is running.

What's the difference between the four places you can download from?

kit

Link to comment
Share on other sites

ran spybot (122 files deleted) and spydoctor 2.1 (12 more deleted) and hijack.exe.

Here is the log:

Logfile of HijackThis v1.98.1

Scan saved at 9:24:07 AM, on 8/6/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:WINDOWSSYSTEMKERNEL32.DLL

C:WINDOWSSYSTEMMSGSRV32.EXE

C:WINDOWSSYSTEMmmtask.tsk

C:WINDOWSSYSTEMMPREXE.EXE

C:WINDOWSSYSTEMMSTASK.EXE

C:WINDOWSSYSTEMSSDPSRV.EXE

C:WINDOWSSYSTEMMDM.EXE

C:PROGRAM FILESCOMMON FILESAOLACSACSD.EXE

C:WINDOWSEXPLORER.EXE

C:WINDOWSSYSTEMRESTORESTMGR.EXE

C:WINDOWSTASKMON.EXE

C:WINDOWSSYSTEMSYSTRAY.EXE

C:PROGRAM FILESROXIOEASY CD CREATOR 6DRAGTODISCDRGTODSC.EXE

C:PROGRAM FILESTHUNK DATE WINTONSMEMO.EXE

C:WINDOWSSYSTEMWMIEXE.EXE

C:PROGRAM FILESAMERICA ONLINE 9.0AOLTRAY.EXE

C:PROGRAM FILESAOL COMPANIONCOMPANION.EXE

C:WINDOWSSYSTEMSPOOL32.EXE

C:WINDOWSSYSTEMTAPISRV.EXE

C:WINDOWSSYSTEMDDHELP.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCIOMON.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCPFW.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYTMPROXY.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCLIENT.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCGUIDE.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYTMOAGENT.EXE

C:PROGRAM FILESAMERICA ONLINE 9.0WAOL.EXE

C:PROGRAM FILESAMERICA ONLINE 9.0SHELLMON.EXE

C:PROGRAM FILESAMERICA ONLINE 9.0AOLWBSPD.EXE

C:WINDOWSSYSTEMRNAAPP.EXE

C:WINDOWSRUNDLL32.EXE

C:WINDOWSTEMPORARY INTERNET FILESCONTENT.IE5GHAJ0LQVHIJACKTHIS[1]HIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://look-today.com/searchbar.html

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://look-today.com/searchbar.html

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://look-today.com/searchbar.html

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://look-today.com/searchbar.html

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://look-today.com/searchbar.html

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://look-today.com/searchbar.html

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank

O2 - BHO: (no name) - {89B28CC7-CCEC-4A0A-9F21-F555DC7C42CD} - (no file)

O2 - BHO: Windows OleServer - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:WINDOWSSYSTEMMSMK.DLL (file missing)

O2 - BHO: (no name) - {4BCF322B-9621-4e90-9678-F1424EB7584E} - C:WINDOWSUDPMOD.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM FILESADOBEACROBAT 6.0READERACTIVEXACROIEHELPER.DLL

O2 - BHO: (no name) - {64818568-29E0-487B-8355-352595A9919A} - C:WINDOWSSYSTEMKIKFAD.DLL

O2 - BHO: holejoybase - {A0315BB8-C7F3-5DCF-35D6-668B0E65AF11} - C:PROGRAM FILESFAST THEGRIMERROR.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX

O3 - Toolbar: DentMeet - {9423BB96-BEB0-4960-9066-CE077B7382A1} - C:PROGRAM FILESFAST THEGRIMERROR.DLL

O4 - HKLM..Run: [scanRegistry] C:WINDOWSscanregw.exe /autorun

O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe

O4 - HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe -s

O4 - HKLM..Run: [systemTray] SysTray.Exe

O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..Run: [projselector] "C:Program FilesCommon FilesRoxio SharedProject Selectorprojselector.exe" -r

O4 - HKLM..Run: [RoxioEngineUtility] "C:Program FilesCommon FilesRoxio SharedSystemEngUtil.exe"

O4 - HKLM..Run: [RoxioDragToDisc] "C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe"

O4 - HKLM..Run: [RoxioAudioCentral] "C:Program FilesRoxioEasy CD Creator 6AudioCentralRxMon.exe"

O4 - HKLM..Run: [Type readme] C:PROGRA~1THUNKD~1Tonsmemo.exe

O4 - HKLM..Run: [pccguide.exe] "C:Program FilesTrend MicroInternet Securitypccguide.exe"

O4 - HKLM..Run: [PCCIOMON.exe] "C:Program FilesTrend MicroInternet SecurityPCCIOMON.exe"

O4 - HKLM..Run: [PCClient.exe] "C:Program FilesTrend MicroInternet SecurityPCClient.exe"

O4 - HKLM..Run: [TM Outbreak Agent] "C:Program FilesTrend MicroInternet SecurityTMOAgent.exe" /run

O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..RunServices: [*StateMgr] C:WINDOWSSystemRestoreStateMgr.exe

O4 - HKLM..RunServices: [sSDPSRV] C:WINDOWSSYSTEMssdpsrv.exe

O4 - HKLM..RunServices: [Machine Debug Manager] C:WINDOWSSYSTEMMDM.EXE

O4 - HKLM..RunServices: [AolAcsDaemon1] "C:PROGRAM FILESCOMMON FILESAOLACSACSD.EXE"

O4 - HKLM..RunServices: [PCCIOMON.exe] "C:Program FilesTrend MicroInternet SecurityPCCIOMON.exe"

O4 - HKLM..RunServices: [PccPfw] C:Program FilesTrend MicroInternet SecurityPccPfw.exe

O4 - HKLM..RunServices: [tmproxy] C:Program FilesTrend MicroInternet Securitytmproxy.exe

O4 - Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe

O4 - Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSYSTEMShdocvw.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://d.dialer2004.com//tv/main.chm::/load.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O17 - HKLMSystemCCSServicesVxDMSTCP: Domain = aoldsl.net

O18 - Filter: text/html - {EDD4D320-8415-40CF-A658-781F63120D95} - C:WINDOWSSYSTEMKIKFAD.DLL

O18 - Filter: text/plain - {EDD4D320-8415-40CF-A658-781F63120D95} - C:WINDOWSSYSTEMKIKFAD.DLL

And the Windows explorer page is still the page that with address "about.blank" and it keeps coming back, even if I type another address.

Link to comment
Share on other sites

quote:
Originally posted by Kit Sober:

What's the difference between the four places you can download from?


I normally prefer to use less popular sites other than Download.com

if there's alternatives, since that one's bound to have more

traffic.

In the case of the URL I gave you, it has a shorter URL, so I spent

the least time typing. icon_biggrin.gif:D-->

Link to comment
Share on other sites

Here's something else.

You don't need the internet connection open for this.

Open IE.

Hit "tools" "internet options" "general" and read the homepage

address. If it's not the one you want, try typing the homepage

manually there.

================

While working this one out, I recommend the following step.

Download FireFox and use that until you have IE cleaned out.

http://ftp.mozilla.org/pub/mozilla.org/fir...Setup-0.9.2.exe

Its nearly identical to IE in terms of commands, and can

carry your over your favourites in one command.

That's the latest version as of today.

Then you can use the internet fine while you work on this

problem. icon_smile.gif:)-->

In fact, you'll probably want to clean up IE and retain it as a

backup program, and use FireFox as your primary program.

Link to comment
Share on other sites

Kit,

If you are getting About:blank, that is a good thing.

If you go to the TOOLS menu and then internet options. In the top box (Home Page) you can type in what you want as a home page.

If the computer is rebooting and About:Blank is coming up, then you may have gotten rid of the monster. I will look at the Hijackthis printout and let you know which ones to delete, if any.

Put in a web site, like Google and then reboot and see if it comes back as your home page after you reboot.

Link to comment
Share on other sites

Thank you most kind Pawtucket.

about.blank doesn't even wait until reboot to come back.

Even if I put in a most wonderful place like GSCAFE.com, it comes back with this "about.blank" which isn't about.blank, but about blankety-blank in about 10 seconds.

Link to comment
Share on other sites

quote:
Originally posted by WordWolf:

When you try to manually change the homepage,

what's the URL that is in the space for the homepage?


So, what is the URL that is displayed in that line when you open the

homepage address as specified above in a previous post?

We ARE trying to figure out how to help you. I understand you're

frustrated, but getting evasive will get you no closer to a solution.

I still say download FireFox while trying to work this out.

================

There's other things you can do, but I don't want to just start shouting

ideas randomly.

Link to comment
Share on other sites

Steve! and WW

It comes up About:blank and then automatically loads a few seconds later the other stuff.

Kit:

Run Hijack this again and take out the files that I put an X next to.

C:WINDOWSSYSTEMKERNEL32.DLL

C:WINDOWSSYSTEMMSGSRV32.EXE

C:WINDOWSSYSTEMmmtask.tsk

C:WINDOWSSYSTEMMPREXE.EXE

C:WINDOWSSYSTEMMSTASK.EXE

C:WINDOWSSYSTEMSSDPSRV.EXE

C:WINDOWSSYSTEMMDM.EXE

C:PROGRAM FILESCOMMON FILESAOLACSACSD.EXE

C:WINDOWSEXPLORER.EXE

C:WINDOWSSYSTEMRESTORESTMGR.EXE

C:WINDOWSTASKMON.EXE

C:WINDOWSSYSTEMSYSTRAY.EXE

C:PROGRAM FILESROXIOEASY CD CREATOR 6DRAGTODISCDRGTODSC.EXE

C:PROGRAM FILESTHUNK DATE WINTONSMEMO.EXE

C:WINDOWSSYSTEMWMIEXE.EXE

C:PROGRAM FILESAMERICA ONLINE 9.0AOLTRAY.EXE

C:PROGRAM FILESAOL COMPANIONCOMPANION.EXE

C:WINDOWSSYSTEMSPOOL32.EXE

C:WINDOWSSYSTEMTAPISRV.EXE

C:WINDOWSSYSTEMDDHELP.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCIOMON.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCPFW.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYTMPROXY.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCLIENT.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCGUIDE.EXE

C:PROGRAM FILESTREND MICROINTERNET SECURITYTMOAGENT.EXE

C:PROGRAM FILESAMERICA ONLINE 9.0WAOL.EXE

C:PROGRAM FILESAMERICA ONLINE 9.0SHELLMON.EXE

C:PROGRAM FILESAMERICA ONLINE 9.0AOLWBSPD.EXE

C:WINDOWSSYSTEMRNAAPP.EXE

C:WINDOWSRUNDLL32.EXE

C:WINDOWSTEMPORARY INTERNET FILESCONTENT.IE5GHAJ0LQVHIJACKTHIS[1]HIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = Xhttp://look-today.com/searchbar.html

XR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = Xhttp://look-today.com/searchbar.html

XR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = Xhttp://look-today.com/searchbar.html

XR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = Xhttp://look-today.com/searchbar.html

XR1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = Xhttp://look-today.com/searchbar.html

XR0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = Xhttp://look-today.com/searchbar.html

XR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank

XR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank

XO2 - BHO: (no name) - {89B28CC7-CCEC-4A0A-9F21-F555DC7C42CD} - (no file)

XO2 - BHO: Windows OleServer - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:WINDOWSSYSTEMMSMK.DLL (file missing)

O2 - BHO: (no name) - {4BCF322B-9621-4e90-9678-F1424EB7584E} - C:WINDOWSUDPMOD.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM FILESADOBEACROBAT 6.0READERACTIVEXACROIEHELPER.DLL

O2 - BHO: (no name) - {64818568-29E0-487B-8355-352595A9919A} - C:WINDOWSSYSTEMKIKFAD.DLL

XO2 - BHO: holejoybase - {A0315BB8-C7F3-5DCF-35D6-668B0E65AF11} - C:PROGRAM FILESFAST XTHEGRIMERROR.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX

XO3 - Toolbar: DentMeet - {9423BB96-BEB0-4960-9066-CE077B7382A1} - C:PROGRAM FILESFAST XTHEGRIMERROR.DLL

O4 - HKLM..Run: [scanRegistry] C:WINDOWSscanregw.exe /autorun

O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe

O4 - HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe -s

O4 - HKLM..Run: [systemTray] SysTray.Exe

O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..Run: [projselector] "C:Program FilesCommon FilesRoxio SharedProject Selectorprojselector.exe" -r

O4 - HKLM..Run: [RoxioEngineUtility] "C:Program FilesCommon FilesRoxio SharedSystemEngUtil.exe"

O4 - HKLM..Run: [RoxioDragToDisc] "C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe"

O4 - HKLM..Run: [RoxioAudioCentral] "C:Program FilesRoxioEasy CD Creator 6AudioCentralRxMon.exe"

O4 - HKLM..Run: [Type readme] C:PROGRA~1THUNKD~1Tonsmemo.exe

O4 - HKLM..Run: [pccguide.exe] "C:Program FilesTrend MicroInternet Securitypccguide.exe"

O4 - HKLM..Run: [PCCIOMON.exe] "C:Program FilesTrend MicroInternet SecurityPCCIOMON.exe"

O4 - HKLM..Run: [PCClient.exe] "C:Program FilesTrend MicroInternet SecurityPCClient.exe"

O4 - HKLM..Run: [TM Outbreak Agent] "C:Program FilesTrend MicroInternet SecurityTMOAgent.exe" /run

O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..RunServices: [*StateMgr] C:WINDOWSSystemRestoreStateMgr.exe

O4 - HKLM..RunServices: [sSDPSRV] C:WINDOWSSYSTEMssdpsrv.exe

O4 - HKLM..RunServices: [Machine Debug Manager] C:WINDOWSSYSTEMMDM.EXE

O4 - HKLM..RunServices: [AolAcsDaemon1] "C:PROGRAM FILESCOMMON FILESAOLACSACSD.EXE"

O4 - HKLM..RunServices: [PCCIOMON.exe] "C:Program FilesTrend MicroInternet SecurityPCCIOMON.exe"

O4 - HKLM..RunServices: [PccPfw] C:Program FilesTrend MicroInternet SecurityPccPfw.exe

O4 - HKLM..RunServices: [tmproxy] C:Program FilesTrend MicroInternet Securitytmproxy.exe

O4 - Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe

O4 - Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE

XO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSYSTEMShdocvw.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://d.dialer2004.com//tv/main.chm::/load.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O17 - HKLMSystemCCSServicesVxDMSTCP: Domain = aoldsl.net

O18 - Filter: text/html - {EDD4D320-8415-40CF-A658-781F63120D95} - C:WINDOWSSYSTEMKIKFAD.DLL

O18 - Filter: text/plain - {EDD4D320-8415-40CF-A658-781F63120D95} - C:WINDOWSSYSTEMKIKFAD.DLL

Try those.

Here is the page I promised you. I have already gone ahead and put your hijackthis file up there I should get a response sometime in the next day or so.

http://computercops.biz/forum67.html

When you run hijackthis, run it in safe mode. The way to get to safe mode is to start up the computer and click on F8 every second or so from the initial start up and you will get a screen that will give you some options, pick safe mode at the top (not safe mode with networking and NOT safe mode prompt)

And take two aspirin and let me know what happens icon_smile.gif:)-->

Link to comment
Share on other sites

thanks for your help.

about.blank keeps popping back up, no matter when.

I have put the whole kit-n-kaboodle on hold. I think the hard drive needs to be reformatted.

I'm printing this out if he wants to follow any of your wonderful suggestions.

It's Fred's pc, and I'm letting him fix it.

Thanks, again. Learning is such an exciting adventure, and we sure are learning from this oneanim-smile.gif

Kit

Link to comment
Share on other sites

Paw, you missed this one. Most likely the cause of most of the problems:

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://d.dialer2004.com//tv/main.chm::/load.exe

This one is called "TrojanDownloader/dropper.Win32.Small.cw"

Its whole purpose in life is to retrieve and install additional files, when run. Most will be configured to retrieve files/images from a designated web or FTP site. Notice the "dialer2000" website part of it, probly "adult content" is associated with it. Do you see the /load.exe?

I would suggest checking that O16 entry as well for fixing while in safe mode. If it (the browser hijacking) does not go away, a number of file deletions and registry editing might be in order. This one is probly getting loaded at boot. There are a number of other bed-bugs present as well (such as odd browser helper objects (BHO's)) But will let you drive the bus

Also very very important

C:WINDOWSTEMPORARY INTERNET FILESCONTENT.IE5GHAJ0LQVHIJACKTHIS[1]HIJACKTHIS.EXE

One last thing, never run Hijackthis from a "temp file" always make a folder, preferably on your root directory..(ie c:hijackthis) put the program exe in it and run it from there.

Reason being is that Hijackthis does make a back up should you need to put back what you deleted/fixed. If you run it from a temp file you will lose everything when you reboot.

Now back to your regularly schedualed program....

Edited by kazzoo
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...