Computers| Computers |
|
04-29-2004, 01:19 PM
| #2 (permalink) |
| Super Techie Join Date: Nov 2003
Posts: 270
  |  next time you open IE and change it, hold down shift when you close the window. See if that works.
__________________ New PC (Finished May 4, 2004) Athlon XP 2800+ Soyo Dragon ultra Platinum KT600 1024 MB Kingston Hyper-X 120GB 7200 RPM 8MB 160GB 7200 RPM 2MB GeForce FX5500 256MB 16x DVD 16x52x32x52 DVD/CDRW Combo |
|  |
|
04-29-2004, 01:43 PM
| #3 (permalink) |
| Ultra Techie Join Date: Apr 2004
Posts: 617
| Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to its own folder (not temporary files or the desktop). Close all open windows and open HIJACK THIS. Click Scan. When the scan is finished (it only takes a second), the scan button will change to Save Log. Click on Save Log and save it to NotePad. Copy the entire log and paste it here. DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.
__________________ AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster | How did I get infected in the first place By Tony Klein If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD  |
|
| |
|
05-02-2004, 07:10 PM
| #5 (permalink) |
| True Techie Join Date: May 2003
Posts: 221
| About blank is a cws hijacker so : Download CW Shredder: http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip, run and hit the ->fix tab to fix all found problems CW Shredder takes advantage of security holes in windows so you should install all critical as well as hot fixes available from windows update. |
|
| |
|
05-04-2004, 02:50 PM
| #7 (permalink) |
| Ultra Techie Join Date: Apr 2004
Posts: 617
| Also try spyware guard and spyware blaster www.javacoolsoftware.com spyware blaster will block spyware from comming in when you surf the net(compatible with IE, mozilla and firefox) and spyware guard is a resident scaner.
__________________ AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster | How did I get infected in the first place By Tony Klein If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD |
|
| |
|
05-05-2004, 07:19 AM
| #9 (permalink) |
| Super Techie Join Date: Apr 2004
Posts: 283
| for information on spyware, www.doxdesk.com taught me what i know |
|
| |
|
06-06-2004, 06:30 PM
| #10 (permalink) |
| Newb Techie Join Date: Jun 2004
Posts: 3
| i followed your instructions with the HijackThis and this is what i got... Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\GEARSEC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\obxtanpv.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Internet Optimizer\optimize.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Optimizer\actalert.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bkkdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bkkdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bkkdb.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bkkdb.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bkkdb.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bkkdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.newyorkislanders.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: (no name) - {71BA61DB-6980-F2AA-9EF1-DC74A6305CCC} - C:\WINDOWS\system32\fbxouzgq.dll O2 - BHO: (no name) - {84EDE8EB-76F0-4149-A3DD-79D732B08A4A} - C:\WINDOWS\System32\bkkdb.dll O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe O4 - HKLM\..\Run: [cvvndywd] C:\WINDOWS\obxtanpv.exe O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\System32\SSUpdate.exe O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: PartyPoker.com (HKLM) O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0960e370...p/RdxIE601.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...866.4399884259 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab thanks for your help |
|
| |
Linear Mode
