Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trouble with Homepage on IE - mike_jones


  • This topic is locked This topic is locked

#1
mike_jones

mike_jones

    Member

  • Member
  • PipPip
  • 13 posts
Hello

My problem is that anytime I open up Internet Explorer, 3 pop-ups come up and ask me to install some sort of advanced browsing technology, I just close them when they come up. My homepage is this blank white screen after I close the pop-ups the website address is this: C:\WINDOWS\system32\msblank.html
I would really appreciate it if you can help me out, and thanks in advance.

I ran spybot, ad-aware, and panda active scan, and the first set of results are activescan's. The second set of data is my new hijackthis log file after running those 3 programs.

Incident Status Location

Adware:Adware/MediaTickets No disinfected C:\cool.exe
Adware:Adware/Alexa-Toolbar No disinfected C:\Documents and Settings\Rizwan Shaikh\Application Data\Mozilla\Profiles\Usman Shaikh\3fudepa8.slt\Cache\C4170A32d01
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-3c936701-3aa3aa1a.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-5aa0b436-3902590e.zip[InstallerApplet.class]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\1114766_2448_1592_2612_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\1180302_2448_1592_2596_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\132186_2448_1592_2932_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\1508324_3956_1684_3464_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\197634_2448_1592_384_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\198048_4024_1592_3968_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\198060_1188_1432_2768_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\198210_4024_1592_3040_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\263526_1188_1432_2992_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\328628_2448_1592_2108_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\393482_1300_1592_1436_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\394080_2448_1592_860_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\4391890_1600_1432_3556_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\459374_1300_1592_1336_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\459612_2448_1592_2892_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\4850318_1300_1592_2404_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\525726_4024_1592_1600_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\591328_4024_1592_3952_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\655860_1300_1592_1632_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\656152_2448_1592_768_66.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\918114_1936_1432_780_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\919084_4024_1592_2364_66.41.tmp
Dialerialer.CZF No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\bkdflhnd.exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\Del126.tmp
Dialerialer.CZF No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\eokpgnmd.exe
Dialerialer.CZF No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\fefclpmd.exe
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\iinstall.exe
Adware:Adware/IST.YourSiteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\mY1SwJ.exe
Dialerialer.CZF No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\nhonfkmd.exe
Dialerialer.CZF No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\oanmjdmd.exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\optimize.exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\res127.tmp
Adware:Adware/IST.YourSiteBar No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\sBlZ5c.exe
Dialerialer.CZF No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\stealth.yopt
Dialerialer.NO No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\temp.fr9B1C
Dialerialer.BEW No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temp\Temporary Internet Files\Content.IE5\7AEROGOX\s8[1].htm
Dialerialer.BEW No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temporary Internet Files\Content.IE5\00WN6SBR\s8[1].htm
Dialerialer.BEW No disinfected C:\Documents and Settings\Rizwan Shaikh\Local Settings\Temporary Internet Files\Content.IE5\8XAR01YV\connect[1].htm
Adware:Adware/SpySheriff No disinfected C:\install.exe
Adware:adware/cws.searchmeup No disinfected C:\new.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Uxyn\Wzoqu.exe

Logfile of HijackThis v1.99.1
Scan saved at 3:09:40 PM, on 10/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Uxyn\Wzoqu.exe
C:\WINDOWS\System32\m00.exe
C:\WINDOWS\System32\popcorn320.exe
C:\WINDOWS\etb\pokapoka73.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\WINDOWS\System32\maxd1.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searc...ore.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.24-7searc...ore.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.24-7searc...ore.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.24-7searc...ore.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\svc.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.ca"); (C:\Program Files\Netscape\Users\usman_shaikh\prefs.js)
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [PCI TV Card Remote Control Applet] C:\WINDOWS\713xRMT.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Ercpkv] C:\Program Files\Uxyn\Wzoqu.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelCheck] C:\WINDOWS\System32\m00.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn320.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKLM\..\Run: [System service72] C:\WINDOWS\\\etb\\pokapoka72.exe
O4 - HKLM\..\Run: [System service73] C:\WINDOWS\etb\pokapoka73.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [KernelCheck] C:\WINDOWS\System32\m00.exe
O4 - Startup: Athan.lnk = C:\Program Files\Athan\Athan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {5071F29E-AFC7-4217-975B-436C74D8D875} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5071F29E-AFC7-4217-975B-436C74D8D875} - (no file) (HKCU)
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O13 - WWW. Prefix: http://
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://quartz.atkins...orku.ca/qp2.cab
O16 - DPF: {11111111-1111-1111-1111-111111111111} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://sympatico.zon...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Rizwan Shaikh\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Thanks
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

Please download LQfix.exe from one of the following locations:
  • http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe

  • Save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Then do a scan with HiJackThis and post a new log by using Add Reply
  • 0

#3
mike_jones

mike_jones

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello

I wanted to tell you that the problem has been fixed. I got one of my uncles who's a computer tech person and he helped me out. Thanks for everything though, I really appreciate it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP