Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

about:blank


  • Please log in to reply

#1
Erbie23

Erbie23

    New Member

  • Member
  • Pip
  • 6 posts
I have tried everything that I can think of and I can not get rid of the stinking about:blank hijacker. I read through what I need to do to get rid of this through your advise and it still hasn't worked.

Can someone please help?!

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:29 PM, on 3/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\WINNT\Explorer.Exe
C:\WINNT\winll.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\FileNET\IDM\fnsysmgr.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\6in1 Driver\shwicon.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINNT\system32\winnn.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\uswrte42\Local Settings\Temporary Internet Files\Content.IE5\NERVIBFX\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ntngy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ntngy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\ntngy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ntngy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ntngy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\ntngy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = EGhost_Reg_Fail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=C:\WINNT\Explorer.Exe,
O2 - BHO: (no name) - {BFCC5487-4B10-FC8D-DEFC-18A15DD56877} - C:\WINNT\system32\iemx32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [0FileNET System Manager] C:\Program Files\FileNET\IDM\fnsysmgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [0FileNET IDM Upgrade] C:\Program Files\FileNET\IDM\fnupgrade.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ShowIcon_AboCom Systems, Inc._6in1 Card Reader's Driver v1.15e005] "C:\Program Files\6in1 Driver\shwicon.exe" -t"AboCom Systems, Inc.\6in1 Card Reader's Driver v1.15e005"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [lcfep] "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
O4 - HKLM\..\Run: [FNLocalDB] cmd /c del "C:\Program Files\FileNet\IDM\LocalDB\fnlocaldb.fnldb"
O4 - HKLM\..\Run: [3rdparty] "C:\WINNT\system32\cmd.exe" /c copy "C:\WINNT\system32\3rdparty.ini" "C:\Program Files\Xactware\Xactimate\XCentral\3rdparty.ini"
O4 - HKLM\..\Run: [FIG_ExtAssignment] regedit.exe /s "C:\WINNT\system32\Xact_2002_CRN.reg"
O4 - HKLM\..\Run: [CacheFix] regedit.exe /s "C:\WINNT\maxcache.reg"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINNT\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [CRN4.30.04] C:\Program Files\CRN\Setup\crn_4.30.04_production.exe /s
O4 - HKLM\..\Run: [atlab32.exe] C:\WINNT\system32\atlab32.exe
O4 - HKLM\..\Run: [crad32.exe] C:\WINNT\system32\crad32.exe
O4 - HKLM\..\Run: [nethb.exe] C:\WINNT\system32\nethb.exe
O4 - HKLM\..\Run: [winnn.exe] C:\WINNT\system32\winnn.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Asset Insight Client (AICLIENT) - Tangram® Enterprise Solutions, Inc - C:\INSIGHT\TOOLS\Aiclient.EXE
O23 - Service: Local Client Administrator (APS) - Unknown owner - C:\WINNT\System32\APSSRV.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ErrorSocketService - Farmers Insurance Group - C:\Program Files\CRN\Common\Bin\Errorsockservice.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: Tardis time service (Tardis) - Unknown owner - C:\WINNT\System32\tardisnt.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: VitalAgent - Lucent Technologies, VitalSoft division - C:\PROGRA~1\INS\VitalAgent\Program\VtlAgent.exe
O23 - Service: VNC Server (winvnc) - Tridia Corporation - C:\Program Files\ORL\VNC\WinVNC.exe
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I see you have guardian installed to monitor keystrokes. I'm not sure if that will interfere with the fix, but I know working on a friend's computer, it caused some problems. You might disable it for now.

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ntngy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ntngy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\ntngy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ntngy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ntngy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\ntngy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = EGhost_Reg_Fail

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {BFCC5487-4B10-FC8D-DEFC-18A15DD56877} - C:\WINNT\system32\iemx32.dll

O4 - HKLM\..\Run: [lcfep] "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
O4 - HKLM\..\Run: [FNLocalDB] cmd /c del "C:\Program Files\FileNet\IDM\LocalDB\fnlocaldb.fnldb"
O4 - HKLM\..\Run: [3rdparty] "C:\WINNT\system32\cmd.exe" /c copy "C:\WINNT\system32\3rdparty.ini" "C:\Program Files\Xactware\Xactimate\XCentral\3rdparty.ini"

O4 - HKLM\..\Run: [FIG_ExtAssignment] regedit.exe /s "C:\WINNT\system32\Xact_2002_CRN.reg"
O4 - HKLM\..\Run: [CRN4.30.04] C:\Program Files\CRN\Setup\crn_4.30.04_production.exe /s

(right-click on these and see if it is something you use. If not, check it)


O4 - HKLM\..\Run: [atlab32.exe] C:\WINNT\system32\atlab32.exe
O4 - HKLM\..\Run: [crad32.exe] C:\WINNT\system32\crad32.exe
O4 - HKLM\..\Run: [nethb.exe] C:\WINNT\system32\nethb.exe
O4 - HKLM\..\Run: [winnn.exe] C:\WINNT\system32\winnn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<<resource hog


O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe


Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):


C:\WINNT\system32\winnn.exe
C:\WINNT\system32\atlab32.exe
C:\WINNT\system32\crad32.exe
C:\WINNT\system32\nethb.exe

Please scan your system with Ad-aware:
Ad-aware SE - Download - Home Page
  • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  • Once the definitions have been updated:
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

If you would please, rescan with HijackThis and post a fresh log in this same topic.
  • 0

#3
window-washer

window-washer

    Member

  • Member
  • PipPip
  • 11 posts
AdAware can't remove a locked file...
  • 0

#4
Erbie23

Erbie23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for the response!

I had to do these steps several times, and I did not get the about:blank page when I opened IE, so this is a good sign.

A couple of things:
I was not able to boot into safe mode for some reason. It could be that this is a company computer and I don't have admin rights, but I did delete those .exe's

Also, I uninstalled and re-installed Adaware. It found several things that it could not get rid of and it said it would remove on re-boot. When I rebooted, Adaware did not run byitself. Is it supposed to automatically run after rebooting?

Is there anything I can do to prevent this from happening again?

Here is the last hijack log file:
Logfile of HijackThis v1.99.1
Scan saved at 1:58:12 PM, on 3/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\WINNT\Explorer.Exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\FileNET\IDM\fnsysmgr.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\6in1 Driver\shwicon.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Apoint\Apntex.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=C:\WINNT\Explorer.Exe,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [0FileNET System Manager] C:\Program Files\FileNET\IDM\fnsysmgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [0FileNET IDM Upgrade] C:\Program Files\FileNET\IDM\fnupgrade.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ShowIcon_AboCom Systems, Inc._6in1 Card Reader's Driver v1.15e005] "C:\Program Files\6in1 Driver\shwicon.exe" -t"AboCom Systems, Inc.\6in1 Card Reader's Driver v1.15e005"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [lcfep] "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
O4 - HKLM\..\Run: [FNLocalDB] cmd /c del "C:\Program Files\FileNet\IDM\LocalDB\fnlocaldb.fnldb"
O4 - HKLM\..\Run: [3rdparty] "C:\WINNT\system32\cmd.exe" /c copy "C:\WINNT\system32\3rdparty.ini" "C:\Program Files\Xactware\Xactimate\XCentral\3rdparty.ini"
O4 - HKLM\..\Run: [FIG_ExtAssignment] regedit.exe /s "C:\WINNT\system32\Xact_2002_CRN.reg"
O4 - HKLM\..\Run: [CacheFix] regedit.exe /s "C:\WINNT\maxcache.reg"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINNT\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [CRN4.30.04] C:\Program Files\CRN\Setup\crn_4.30.04_production.exe /s
O4 - HKLM\..\Run: [addzg32.exe] C:\WINNT\system32\addzg32.exe
O4 - HKLM\..\Run: [appkp32.exe] C:\WINNT\system32\appkp32.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Asset Insight Client (AICLIENT) - Tangram® Enterprise Solutions, Inc - C:\INSIGHT\TOOLS\Aiclient.EXE
O23 - Service: Local Client Administrator (APS) - Unknown owner - C:\WINNT\System32\APSSRV.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ErrorSocketService - Farmers Insurance Group - C:\Program Files\CRN\Common\Bin\Errorsockservice.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: Tardis time service (Tardis) - Unknown owner - C:\WINNT\System32\tardisnt.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: VitalAgent - Lucent Technologies, VitalSoft division - C:\PROGRA~1\INS\VitalAgent\Program\VtlAgent.exe
O23 - Service: VNC Server (winvnc) - Tridia Corporation - C:\Program Files\ORL\VNC\WinVNC.exe


Thanks again!
  • 0

#5
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You do not have the latest version of Internet Explorer. Please update it.

I was researching your log for about 20 minutes trying to fix it when I saw that you have an open topic with the same problem on another forum.

I will let them handle it for you. :tazz:

http://forums.techgu...796#post2460796
  • 0

#6
Erbie23

Erbie23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I guess I will have to admit that I am an amature when it comes to all this stuff and when I started to look into getting help, I didn't know that I was not supposed to post in more than one forum. I posted on 2 forums, and this is the only one to help so far. I didn't note where I posted the other log, so I am glad that you sent me the link.

It appears that no one has looked at that log. I hope that I am not viewed as someone that is trying to take advantage of this and would be willing to donate if that is possible. I know that you all are working hard to help others, and I am just looking for that help. I appreciate your time working on this, and it has been a great help.

If you want to still check into my latest reply and see if there is anything else I need to do that would be awesome, but if you don't want to help anymore I understand.

P.S. I am not able to get the latest IE because I don't have admin rights to install it.
  • 0

#7
Erbie23

Erbie23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I added a note on the other forum that I already received help.

Sorry about any confusion.
  • 0

#8
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi Erbie. I will look at your log a little later this morning. :tazz:
  • 0

#9
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
It appears that you log in to work via a VPN. Is that correct? I know the settings are touchy, so I hesitate cleaning up some items until we get them sorted out. ;)

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

F2 - REG:system.ini: Shell=C:\WINNT\Explorer.Exe,

O4 - HKLM\..\Run: [addzg32.exe] C:\WINNT\system32\addzg32.exe
O4 - HKLM\..\Run: [appkp32.exe] C:\WINNT\system32\appkp32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<<resource hog


Can you tell me what the following items are used for?

O4 - HKLM\..\Run: [3rdparty] "C:\WINNT\system32\cmd.exe" /c copy "C:\WINNT\system32\3rdparty.ini" "C:\Program Files\Xactware\Xactimate\XCentral\3rdparty.ini"
O4 - HKLM\..\Run: [FIG_ExtAssignment] regedit.exe /s "C:\WINNT\system32\Xact_2002_CRN.reg"
O4 - HKLM\..\Run: [CacheFix] regedit.exe /s "C:\WINNT\maxcache.reg"
O4 - HKLM\..\Run: [CRN4.30.04] C:\Program Files\CRN\Setup\crn_4.30.04_production.exe /s


Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINNT\system32\addzg32.exe
C:\WINNT\system32\appkp32.exe


Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Reboot and post a new log and let us know how it's working. :tazz:
  • 0

#10
Erbie23

Erbie23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry about the delay in getting my latest log in here as I have been extremely busy with work this week.

I will have my latest log posted on Saturday.

Thanks again!
  • 0

#11
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
No problem. Have a blessed Easter weekend. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP