e2e01
asked on
Resetting of page in Browser preventing access to Internet
Please could you look at the log for HijackThis below. There is an entry:
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.ntlworld.com/webmail/?page_zone=219.4.1
which I believe to be a problem.
When I attempt to fix the problem in HijackThis, I check the box next to it, click the "Fix" button, the screen goes blank,, I do "Scan" again and the R0 item is still there. Clearly there must be another way to remove the offending item
Full HijackThis Log is below:
Logfile of HijackThis v1.97.7
Scan saved at 12:41:22, on 29/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\WINDOWS\system32\LEXBCE S.EXE
C:\WINDOWS\system32\LEXPPS .EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd. exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_03\bin \jusched.e xe
C:\Program Files\CyberLink\PowerDVD\D VDLauncher .exe
C:\Program Files\Real\RealPlayer\Real Play.exe
C:\WINDOWS\system32\dla\tf swctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexpl ore.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\PAStiS vc.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\iPod\bin\iPodService .exe
C:\PROGRA~1\COMMON~1\SYMAN T~1\SECURI ~1\NSCSRVC E.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTO N~1\navw32 .exe
A:\HijackThis.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.ntlworld.com/webmail/?page_zone=219.4.1
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.dell.co.uk/myway
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-4 74BF36AF6E 4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en -xu\stmain .dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-2 98DDF1699E 1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-7 31BB6995FD D} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-6 4B5B4FF55D 0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en -us\msntb. dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A 37C9A5676A 7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-2 0066696354 B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd. exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin \jusched.e xe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D VDLauncher .exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real Play.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PER SON~1\MpfT ray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [msqsrc] c:\program files\common files\system\msqsrc.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump rep 0 -k
O4 - HKLM\..\Run: [LoadInsideRdrGlue] C:\Documents and Settings\All Users\Application Data\boneblehloadinside\AR MY THIRD.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [pop browse] C:\DOCUME~1\adrienne\APPLI C~1\2MEAL~ 1\64grim.e xe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex e" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4 4455354000 0} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-4 94B6333150 B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2 D05CB95953 7} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-5 7810F1CA97 B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4 DFAD1796A8 D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A 7BEF759B23 6} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5 95F0A5519F F} (MsnMessengerSetupDownload Control Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Regards,
Eliot Minn
R0 - HKCU\Software\Microsoft\In
which I believe to be a problem.
When I attempt to fix the problem in HijackThis, I check the box next to it, click the "Fix" button, the screen goes blank,, I do "Scan" again and the R0 item is still there. Clearly there must be another way to remove the offending item
Full HijackThis Log is below:
Logfile of HijackThis v1.97.7
Scan saved at 12:41:22, on 29/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\system32\LEXBCE
C:\WINDOWS\system32\LEXPPS
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_03\bin
C:\Program Files\CyberLink\PowerDVD\D
C:\Program Files\Real\RealPlayer\Real
C:\WINDOWS\system32\dla\tf
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.ex
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexpl
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\PAStiS
C:\WINDOWS\system32\svchos
C:\Program Files\iPod\bin\iPodService
C:\PROGRA~1\COMMON~1\SYMAN
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTO
A:\HijackThis.exe
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-4
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-7
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-9
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-2
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [msqsrc] c:\program files\common files\system\msqsrc.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKLM\..\Run: [LoadInsideRdrGlue] C:\Documents and Settings\All Users\Application Data\boneblehloadinside\AR
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [pop browse] C:\DOCUME~1\adrienne\APPLI
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {2917297F-F02B-4B9D-81DF-4
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-5
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
Regards,
Eliot Minn
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>Clearly there must be another way to remove the offending item<<
Yes there is, (2 ways actually) but that entry is not your main problem. If you want to remove it manually then do this:
1. Click Start > Run > type in;
regedit
press Enter
navigate to this registry subkey:
HKEY_CURRENT_USER\Software
on the righthand side, delete the value of "Start Page"
2. Or use this regfile to delete it instead of editing your registry.
Copy and paste the bolded text into Notepad.
Save this text as "Delete.reg" Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
Double-click on the "Delete.reg" file and when it asks you to merge the information to the registry click Yes.
REGEDIT4
[HKEY_CURRENT_USER\Softwar
"Start Page"=-
Your hijackthis log is showing a Lop infection, lop comes installed with a host program(most commonly Messenger Plus 3 if you installed it along with its sponsors. You need to uninstall Messenger Plus completely, you can then reinstall it but say NO to installing sponsors.
Or, you could use lop.com uninstaller:
http://lop.com/new_uninstall.exe
Fix these entries in Hijackthis:( these entries will no longer be present after you run the Lop uninstaller.
O4 - HKLM\..\Run: [msqsrc] c:\program files\common files\system\msqsrc.exe /install
O4 - HKLM\..\Run: [LoadInsideRdrGlue] C:\Documents and Settings\All Users\Application Data\boneblehloadinside\AR
O4 - HKCU\..\Run: [pop browse] C:\DOCUME~1\adrienne\APPLI
You're using an older version of hijackthis and a lot of entries that should be there are not there, entries go up to 023.
here is the latest version --> http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Run the latest version of hijackthis and paste the log to either of these sites and post link to your topic.
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:
Or paste the log at --> http://www.hijackthis.de/
and click "Analyse", click "Save". Post the link to the saved list here.