| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 43236 | 2004-03-07 23:46:00 | HIJACKED BROWSER | Kiniwe (5371) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 220994 | 2004-03-08 06:49:00 | About.blank made itself my home page yesterday (just reformatted & hadn't installed browser blaster) Just made my home page Paradise.net.nz, clicked on apply, and all was well. Not sure how it got there as my son was on the comp at the time. From memory he had only gone to Hotmail. Bye |
Peter H (220) | ||
| 220995 | 2004-03-08 07:02:00 | Okay. Have now seemed to got my default home page (www.arai.co.nz) working whenever I start IE. However, it never quite gets there as it slows right down and a message comes up "Connecting to 66.79.170.10". This page never quite loads either and the IE "page not available" page comes up. Any ideas out there please? I ran HijackThis and got the following: Logfile of HijackThis v1.97.5 Scan saved at 7:27:59 p.m., on 8/03/2004 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\COMPAQ\ACLIENT\ACLIENT.exe C:\WINNT\SYSTEM32\Brmfrmps.exe C:\WINNT\system32\BrmfRsmg.exe C:\WINNT\System32\cisvc.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\WINNT\Cpqdiag\Cpqdfwag.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE C:\WINNT\System32\NMSSvc.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\wm.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\NOVELL\ZENRC\WUOLService.exe C:\NOVELL\ZENRC\wuser32.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINNT\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINNT\system32\PROMon.exe C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE C:\WINNT\System32\igfxtray.exe C:\WINNT\System32\hkcmd.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINNT\system32\NWTRAY.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\WINNT\SYSTEM32\SW.EXE C:\WINNT\System32\dpmw32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\system32\internat.exe C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Scansoft\PaperPort\PPLinks.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\System32\cidaemon.exe C:\Documents and Settings\Administrator\My Documents\Computer Stuff\downloads\Security\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = aifind.inf R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = aifind.inf R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = aifind.inf R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arai.co.nz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = aifind.inf R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arai.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = go.compaq.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = webproxy.twoa.ac.nz:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 172.26.*.*;<local> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.arai.co.nz/ R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini" O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [acromedM] C:\WINNT\System32\acromedM.exe O4 - HKLM\..\Run: [Scanreg] C:\WINNT\SYSTEM32\SW.EXE O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - office.microsoft.com O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - fdl.msn.com O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - |
Kiniwe (5371) | ||
| 220996 | 2004-03-08 07:07:00 | First time that I know of that CWShredder couldn't demolish it. You may have to download hijackthis (www.spywareinfo.com) and see if there are instances of coolweb listed. You can post your list here (www.spywareinfo.com) where they will tell you what to mark for removal. It lists everything, good or bad, if unsure..leave it. It may be vital. |
Pheonix (280) | ||
| 220997 | 2004-03-08 07:18:00 | Yes well you can tick (to fix) those items with aifind.inf for a start. | Pheonix (280) | ||
| 220998 | 2004-03-08 07:39:00 | Problem seems to be fixed although not clear what did this (fixed before the removal of the "aifind" items) ao this thread can end. Sorry for not providing a clear pathway to fix the problem for others searching answers. Thanks to all the above posters who provided answers so promptly. Really appreciate your help. Kiniwe |
Kiniwe (5371) | ||
| 220999 | 2004-03-08 07:42:00 | Problem seems to be fixed although not clear what did this (fixed before the removal of the "aifind" items) ao this thread can end. Sorry for not providing a clear pathway to fix the problem for others searching answers. Thanks to all the above posters who provided answers so promptly. Really appreciate your help. Kiniwe |
Kiniwe (5371) | ||
| 1 2 | |||||