1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

can't choose home page/ad aware freezes

Discussion in 'Windows XP' started by thePhoenix, Jul 6, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. thePhoenix

    thePhoenix Thread Starter

    Joined:
    Jul 6, 2004
    Messages:
    7
    Ad aware keeps freezing and won't delete things. I know I hvae apps running in the background which shouldn't, but not sure which ones. Please look over the log file and help me solve this problem. I am getting atleast 20 pop ups while surfing the internet.

    Logfile of HijackThis v1.98.0
    Scan saved at 11:56:20 PM, on 7/5/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\2Wire\HomePortal\2PortalMon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D0501FF6-D499-48F0-A9CF-916D2BD33ACE} - C:\WINDOWS\System32\oonpc.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\HomePortal\2PortalMon.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/GlobalMap/GM2400_140/isetup.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Filter: text/html - {53E2ABBC-29F4-4B07-B0E6-695566ED7DC1} - C:\WINDOWS\System32\oonpc.dll
    O18 - Filter: text/plain - {53E2ABBC-29F4-4B07-B0E6-695566ED7DC1} - C:\WINDOWS\System32\oonpc.dll
     
  2. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    I dont know how much you value Weatherbug,but it is known to have connections to Spyware,if you dont use it often it would be wise to delete it .......
    Tick these and have hijack fix them
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    The main problem is about blank....try this,download Spywareblaster from here http://www.javacoolsoftware.com/spywareblaster.html run it and then click tools...about blank will appear and substitute that with the home page you want and it should then be ok
     
  3. thePhoenix

    thePhoenix Thread Starter

    Joined:
    Jul 6, 2004
    Messages:
    7
    Well, it's my dads computer and he doesn't know about this and ad-aware, or even spyware for that matter. So I am trying to recover his PC without having to reformat. As soon as he turns on the computer there are about 5 pop-ups saying stuff about spyware detected etc. Then when he runs internet explorer the homepage is the about blank page which can't be changed followed with another pop-up. Then when generally surfing the internet there are about 3 pop ups each time a page is loaded. Adaware found around 360 things. The computer is running really sluggish as to what it should be and the pop ups are really annoying. I dl'ed a pop up manager, but it shouldn't have to be used as much as it is. I really thought there would be more things than that to remove. Are there any programs besides weatherbug that are running that shouldn't?
     
  4. thePhoenix

    thePhoenix Thread Starter

    Joined:
    Jul 6, 2004
    Messages:
    7
    By the way, thank you for the help, it's appriciated.
     
  5. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    Go here and scan your computer with one of the virus scanners.

    http://forums.techguy.org/t110854.html

    Download Spybot Search & Destroy.

    Install the program and launch it.

    Before scanning press Online and Search for Updates .

    Put a check mark at and install all updates.

    Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

    Restart your computer, post another Hijack This log.

    And at this point, you've reached my limits...you may need to download CWShredder but I don't have the link for that one. I can't find it. Liz
     
  6. Jammless

    Jammless

    Joined:
    Jun 1, 2004
    Messages:
    222
  7. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    Thanks, Jammless. Liz
     
  8. thePhoenix

    thePhoenix Thread Starter

    Joined:
    Jul 6, 2004
    Messages:
    7
    Well I scanned for viruses with panda and it found 3.

    All were Virus:Tri/StartPage.FH

    one was located in the operating system, one in the temporary internet files and the other in the windows system system 32. The first 2 were disinfected and it said the 3rd was renamed.

    I ran spybot search and destroy it found stuff as well which I cleared. I also edited the Registery because of the home page problem. I will run CWshredder here soon as well, hopefully this will solve everything. Thanks for you the help you guys.
     
  9. thePhoenix

    thePhoenix Thread Starter

    Joined:
    Jul 6, 2004
    Messages:
    7
    Well, all the pop ups have pretty much dissappeared, but the about:blank is still reseting itself to the home page. I edited the registery, deleted, and replaced it with the correct values, then shut the PC down, and when booting it up earlier it had reset itself??? When I get on his computer at the house I will post another HiJack This Log....this is soo annoying.....
     
  10. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
  11. thePhoenix

    thePhoenix Thread Starter

    Joined:
    Jul 6, 2004
    Messages:
    7
    Spybot finds nothing, adaware finds 8 altercations to the registery. I delete them, then open internet explorer and it takes me to the correct home page. When I open internet explorer it will then take me to about blank. I then scan with adaware again and the same 8 registry edits appear again. I tried deleting them, then restarting my computer. Same thing still happens.
     
  12. rtty

    rtty

    Joined:
    May 11, 2003
    Messages:
    294
    First, please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop the Temp or the Temporary Internet file folder. We suggest you use C:\Program Files\HijackThis but feel free to use any name or folder you like. Unzip HijackThis again and save the contents (Hijackthis.exe) to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if needed.


    Download FindnFix at the following link and extract it (it should autoextract to C:\FindnFix when you double click it) http://downloads.subratam.org/FINDnFIX.exe

    Go to the C:\FindnFix folder and doubleclick on !LOG!.BAT and let it run. It will generate a log.txt file. Copy and paste log.txt back here in your next reply.
     
  13. thePhoenix

    thePhoenix Thread Starter

    Joined:
    Jul 6, 2004
    Messages:
    7
    that link doesn't work and I can't find that program. I searched all about this on the internet and the name of the hidden .dll file is called winh.dll or so my registery program says, but I can't find that file anywhere in the system32 folder to delete.....
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - can't choose home
  1. Doogler
    Replies:
    2
    Views:
    357
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/246954

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice