Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems With 404ads and Incredifind


  • Please log in to reply

#1
deekster1966

deekster1966

    New Member

  • Member
  • Pip
  • 9 posts
Im having real hassle with some hijacker gremlin.
When loggin into Hotmail or using the net to purchase something, I get redirected to 404ads and then to Incredifind.
Ive tried all the usual stuff as suggested in various forums and still have the problem.
I have used NoAdware and removed all the hits I found and still have the problem.
I have tried the remome tool posted on the Incredifind webpage and it tells me that Incredifind is not recognised on my PC... eh???

As a last resort, here is my log file if anyone can spot the b*****d

Please can anyone help?

Logfile of HijackThis v1.99.0
Scan saved at 18:06:06, on 21/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\MSC\FlexLM\lmgrd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\MSC\FlexLM\Msc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\smartctr\suitest.exe
C:\lotus\register\remind32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~2\WINZIP\winzip32.exe
C:\Documents and Settings\new\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supanet.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
R3 - URLSearchHook: (no name) - {DBD26109-229F-56C6-4D26-44B5EDF1736F} - C:\WINDOWS\Ldlpkqtj.dll
O2 - BHO: (no name) - {0E78D65C-5039-73E8-9D57-D91C9AFEDA1C} - C:\WINDOWS\Ldlpkqtj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Mini Jeeves - {4E7D0B40-F575-4A29-9710-4675EAF4686A} - C:\WINDOWS\SYSTEM32\minijvAB.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {211EFDEE-B082-0A24-7FC1-AF7C7974935A} - C:\WINDOWS\Ldlpkqtj.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lotus SmartCenter 97.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe
O4 - Global Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: StripSaver.lnk = C:\Program Files\StripSaver\StripSaver.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BDEC54D-4962-457A-93EF-4EA5AA2F78BD}: NameServer = 213.40.2.19 213.40.2.20
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXlm License Manager - GLOBEtrotter Software Inc. - C:\MSC\FlexLM\lmgrd.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~2\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks

Deekster1966
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi

(1) Be sure you're able to view hidden files and folders

(2) Click the HijackThis Guide in my signature, and follow the instructions in the guide.

kc :tazz:
  • 0

#3
deekster1966

deekster1966

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the reply,

I have already carried out all the steps (except Windows updates).

I have no spyware/adware on my system at the moment, but continue to be redirected to 404ads then to onto Incredifind.

I have already run my log file through an automatic checker and removed a few lines with no solution to the problem.

www.castlecops.com have a tutorial on the contents of the log file and include a master list of BHO's which you can check against. Two of my BHO's do not come up when searched!!! All the others do which are ligitimate.

Im am not sure wether to remove these and would appreciate a second opinion if someone could look at my file.

Thanks
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi deekster1966

You Have a CoolWebSearch Infection.
Please Download CoolWebShredder, from http://www.geekstogo...=download&id=17 , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.

kc :tazz:
  • 0

#5
deekster1966

deekster1966

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for reply.

I ran CoolWebShredder but CoolWebSearch was not found on my system???

Ive posted a fresh HijackThis log anyway.

Any other ideas would be appreciated.

Thanks

Logfile of HijackThis v1.99.0
Scan saved at 17:18:21, on 22/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\MSC\FlexLM\lmgrd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\smartctr\suitest.exe
C:\lotus\register\remind32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\MSC\FlexLM\Msc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~2\WINZIP\winzip32.exe
C:\Documents and Settings\new\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supanet.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
R3 - URLSearchHook: (no name) - {DBD26109-229F-56C6-4D26-44B5EDF1736F} - C:\WINDOWS\Ldlpkqtj.dll
O2 - BHO: (no name) - {0E78D65C-5039-73E8-9D57-D91C9AFEDA1C} - C:\WINDOWS\Ldlpkqtj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Mini Jeeves - {4E7D0B40-F575-4A29-9710-4675EAF4686A} - C:\WINDOWS\SYSTEM32\minijvAB.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {211EFDEE-B082-0A24-7FC1-AF7C7974935A} - C:\WINDOWS\Ldlpkqtj.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lotus SmartCenter 97.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe
O4 - Global Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: StripSaver.lnk = C:\Program Files\StripSaver\StripSaver.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: Win32 Classes -
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXlm License Manager - GLOBEtrotter Software Inc. - C:\MSC\FlexLM\lmgrd.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~2\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Cheers

Deekster1966
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {DBD26109-229F-56C6-4D26-44B5EDF1736F} - C:\WINDOWS\Ldlpkqtj.dll
O2 - BHO: (no name) - {0E78D65C-5039-73E8-9D57-D91C9AFEDA1C} - C:\WINDOWS\Ldlpkqtj.dll
O3 - Toolbar: Search - {211EFDEE-B082-0A24-7FC1-AF7C7974935A} - C:\WINDOWS\Ldlpkqtj.dll
O4 - Global Startup: PowerReg SchedulerV2.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\Ldlpkqtj.dll

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#7
deekster1966

deekster1966

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks Admin for the quick reply,

I did what you suggested and appear now not to be redirected to 404ads or Incredifind anymore. HOWEVER, I now cannot access Hotmail or the other sites I was having this problem with, and get the "page cannot be displayed window, cannot find server etc etc etc"

Must be close now to fixing this?

Ive attached a fresh logfile for you.

Hope you can help me again.

Thank you very much.

Logfile of HijackThis v1.99.0
Scan saved at 17:18:35, on 23/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\MSC\FlexLM\lmgrd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\smartctr\suitest.exe
C:\lotus\register\remind32.exe
C:\MSC\FlexLM\Msc.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Documents and Settings\new\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supanet.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Mini Jeeves - {4E7D0B40-F575-4A29-9710-4675EAF4686A} - C:\WINDOWS\SYSTEM32\minijvAB.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lotus SmartCenter 97.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe
O4 - Global Startup: StripSaver.lnk = C:\Program Files\StripSaver\StripSaver.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: Win32 Classes -
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXlm License Manager - GLOBEtrotter Software Inc. - C:\MSC\FlexLM\lmgrd.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~2\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Download and run this utility:
http://www.geekstogo...n=download&id=7

Reboot when finished,a nd let us know if it helped.
  • 0

#9
deekster1966

deekster1966

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,

Ran utility but still have problem.

Seems any secure site causes the "page cannot be found" message to appear????

If you know of any other tricks, please let me know.

Have a happy xmas and thanks all for your help so far.

Cheers :tazz:
  • 0

#10
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Did you check your security settings?
  • 0

Advertisements


#11
deekster1966

deekster1966

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Settings have not been touched and are pre infection. Ive had a look anyway and they seem fine.

Thanks for taking time to reply.

Cheers
  • 0

#12
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Did you try reinstalling hotmail?
  • 0

#13
deekster1966

deekster1966

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,

I do not use messenger to access Hotmail. I usually open it direct from the MSN homepage.

This problem only happens with secure sites such as logon to Hotmail, or for example using Amazon for purchases. On Amazon, I get as far as the "go to checkout page" all the time and then "The Page Cannot Be Displayed etc etc etc" appears.

Only happens on these occassions and all other surfing is ok. Very strange.

Any other ideas would be appreciated.

Thanks
  • 0

#14
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Have you updated to sp2? firewall?
  • 0

#15
deekster1966

deekster1966

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
what is sp2?????

I have Norton firewall and anti-virus on my system.

cheers
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP