New to this

charlie_tn · Cadet Joined: Jun 05, 2004 Posts: 3 Location: USA

My browser is kinda messed up. My browser always trys to open to a different page than I have it set for when I first turn the computer on. The opening page is blank except for this line m/'>here. I can refresh and it goes onto my regular page. When I run spybot s&d it always finds the same adwears running.
I have downloaded HJT but am waiting on someone ready to take a look at the scan for me.

rancid_ilike · Posted: Sat Jun 05, 2004 5:21 pm Post subject:

hi..
i'm suggest that u try another browser like Avant Browser

http://www.avantbrowser.com

helpless · Posted: Sat Jun 05, 2004 6:23 pm Post subject:

make sure your SPYBOT S&D is updated before running,and rebooted afer running it so it can clear the stuff

then also
Download & instal Adaware from http://majorgeeks.com/download.php?det=506
& update it before scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
Remove what it finds by placing a check in the box to the left of the object.
Reboot

then create a new HiJack log and post it here
make sure its in a folder, not your Desktop or the Temp folder,

cu

charlie_tn · Cadet Joined: Jun 05, 2004 Posts: 3 Location: USA

Logfile of HijackThis v1.97.7
Scan saved at 3:05:24 PM, on 6/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Family\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {0320C93D-706C-4B70-81B6-69A947071524} (Downloader.clsDownloader) - http://www.icugames.com/install/downloader.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/...1351736898
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwe....0.0.5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...9334027778
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/cha...vwrctl.cab

I ran adaware and HJT....Still get the m/'>here page on my first bootup

helpless · Posted: Sun Jun 06, 2004 12:26 pm Post subject:

rerun HiJack and mark the below to be fixed :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwe....0.0.5.cab

O16 - DPF: {0320C93D-706C-4B70-81B6-69A947071524} (Downloader.clsDownloader) - http://www.icugames.com/install/downloader.cab

then for the below,

O1 - Hosts: comments (such as these) may be inserted on individual

please lookup your hosts file and check the properties to see when it was last modified , if you did not edit your hosts file at that day then let me know. and check inside, its possible your problem comes from here

CU

charlie_tn · Cadet Joined: Jun 05, 2004 Posts: 3 Location: USA

I did everything you said to do. IE starts with a blank page now.
O1 - Hosts: comments (such as these) may be inserted on individual
I did not modify my host file and I am having a problem with the msn search bar about dns failure.
Service Unavailable - DNS failure
The server is temporarily unable to service your request. Please try again later.

helpless · Posted: Tue Jun 08, 2004 6:23 am Post subject:


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 1043 pages served in previous 5 minutes. Page Rendered: 0.681 seconds.