all the other removal threads haven't helped me...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

hollyface

Thread Starter
Joined
Aug 30, 2004
Messages
7
okay, i've realized i've got the about:blank hijacker. i've got spybot, adaware, hijack this, and adwareaway on the machine now.

the original symptoms were that nothing explorer related worked, no internet, no windows explorer, nothing.

i've gone through and run adaware, then spy bot, then hijack this for a log (where i found out i had this), then tried the adawareaway removal tool.

i've renamed (i think) the file in regedit.

things are sort of working again, can't get on the internet. i know this means the thing wasn't completely removed.

i can't run the recovery console because Ndetect fails (a problem i've also encountered out in the field but there it comes with a "cannot repair because drive is corrupt" message, more info than you need but an explanation of this would rock)

here's my second log, which one of these things is not like the other??? where's the blue meanie???

and yes, i have sleep issues and play a lot of games online in the middle of the night... ahem...

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Hijack\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O1 - Hosts: 216.93.168.167 auto.search.msn.com
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {F101D8F9-9E90-4401-9FBF-9B515CAA045F} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.8.3.20/s...assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0.18/...assets.cab
O16 - DPF: Bridge by pogo - http://bridge02.pogo.com/applet/bridge/...assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/...assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.2.31...assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.1...assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/...assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cr...assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/ch...assets.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/ch...assets.cab
O16 - DPF: Dominoes by pogo.com - http://temp22.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire32.pogo.com/applet/soli...assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.0...assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenb...assets.cab
O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/greenb...assets.cab
O16 - DPF: Hammerhead Pool by pogo - http://pool30.pogo.com/applet/pool/pool-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.9.2....assets.cab
O16 - DPF: High Stakes Poker by pogo.com - http://temp05.pogo.com/applet/drawpoker...assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.20/p...assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp92.pogo.com/applet/videopoke...assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.0.25/gin/gin-ob-assets.cab
O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.3.2...assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://temp36.pogo.com/applet/freecell/...assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0...assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.0.25...assets.cab
O16 - DPF: Pirate's Gold by pogo - http://broken01.pogo.com/applet-5.8.2.1...assets.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/applet-5.9.2.31/p...assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.3.26/...assets.cab
O16 - DPF: Poppit! TM by pogo.com - http://poppit16.pogo.com/applet/poppit/...assets.cab
O16 - DPF: Ricochet by pogo - http://game5.pogo.com/applet-5.9.0.18/r...assets.cab
O16 - DPF: Sci-Fi Slots by pogo.com - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-5.8.6.20/s...assets.cab
O16 - DPF: Showbiz Slots 2 by pogo.com - http://showbiz2.pogo.com/applet/slots/s...assets.cab
O16 - DPF: Showbiz Slots by pogo.com - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.1...assets.cab
O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/squel...assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet03.pogo.com/applet/sweettoo...assets.cab
O16 - DPF: Sweet Tooth TM by pogo.com - http://sweet05.pogo.com/applet/sweettoo...assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.31...assets.cab
O16 - DPF: The Sims Pinball by pogo.com - http://simball02.pogo.com/applet/simbal...assets.cab
O16 - DPF: Toki Toki Boom - http://yog56.games.scd.yahoo.com/yog/y/vto_x.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.1.18/p...assets.cab
O16 - DPF: Triviatron II by pogo - http://triviatron2.pogo.com/applet/triv...assets.cab
O16 - DPF: Triviatron II by pogo.com - http://triviatron2.pogo.com/applet/triv...assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.3.20/...assets.cab
O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo07.pogo.com/applet-5.8.3.26...assets.cab
O16 - DPF: Turbo 21 TM by pogo.com - http://turbo04.pogo.com/applet/turbo21/...assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/...assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwhomp/...assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.1....assets.cab
O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/whackd...assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldcl...assets.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/c...ltt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Spelldown - http://yog56.games.scd.yahoo.com/yog/y/sdt1_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://support.charter.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o...winrep.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47...ckwerx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/install...nstall.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8DAE7A62-4632-4691-805C-0338A5F26F9D} (Spam Arrest Email Configurator Download) - http://spamarrest.com/xcarab/10013/saclient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v44...rdmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/import/emailimport.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c...mplete.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40...lecity.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/p...der_v5.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi hollyface

Be sure you have the newest version of Hijackthis:

http://tools.radiosplace.com/HijackThis.exe

The top header of your log is not showing, we generally like to see that...can you try again and post the entire log?
Or wouldn't Notepad take it all? :)

tryyyyy try to post again..........
*Don't sound like Sheryl Crow do I...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top