0

I know i am not the only one who had a problem with their home page always returning to the about:blank trusted start page. I have read other posts on this problem but none seemed to help permanently.
I have downloaded ad-aware, spybot search and destroy, cws shredder, about: buster, and hijack this.

I also hav a problem with the freshbar toolbar in ie explorer which i also want gone.

I just need some help to get rid of these problems and any other nasty things u may happen to notice on my system.

Here is my HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 9:39:47 a.m., on 5/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Ecmn\Qxvg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\devldr32.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [Gnldnhdv] C:\Program Files\Ecmn\Qxvg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://*.search-soft.net
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.212/counter/new/x.chm::/update.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

3
Contributors
4
Replies
5
Views
12 Years
Discussion Span
Last Post by crunchie
0

The Freshbar takes a bit of work to get rid of (I know because I recently had it).

Scan with HJT and have it fix all the entries that say about:blank, all the O17 entries, and the O15 entry.

Reboot into Safe Mode

Search for, and delete the following, if found:
Unlodctl.exe
Nlsfuncs.exe
Pentxpl.exe
Openconf.exe
Iecust.exeNlsfuncs.exe
Openconf.exe
Iecust.exe
Msij.dll
Msvw.dll
Spnping.dll
Icust.dll
Dnsauth.dll
Qappsrvc32.exe
Taskopen.exe
Dx9vbc.dll
Mwx.dll
Hdon.dll
Dte.dat
Menu.txt
(Most will probably be in your c:\windows\system32 folder)

Go to
Start, Run, and type in regedit

Go to
HKEY_LOCAL_MACHINE, Software, Microsoft, Windows, CurrentVersion, Run.
Click on Run and look in the right-hand pane for taskopen and hdon
Right-click on these two, if found, and delete them -- and nothing else!
Exit regedit

While still in Safe Mode, do a full system scan with your antivirus program and fix anything it finds, or let us know what you can't fix.

Reboot normally.

Do a full system scan with TrendMicro's free online scan (http://housecall.trendmicro.com/housecall/start_corp.asp)

Again, fix what it finds or let us know what can't be fixed.

Go to Windows Update and get the Critical Updates for your computer. Hold off on SP2, however, until your system is clean.

Close all browser windows, scan with HJT, and post a new log.

0

Another suggestion:
Before posting a new HJT log, go here:
http://forums.skads.org/index.php?showtopic=80, look in Post #3 for the remv3.zip file and click on it to download. Put it in it's own permanent folder (like c:\freshbarfix).

Reboot into Safe Mode

Open the folder that you put remv3 into and double-click on remv3.bat, this will start a scan for all files possibly related to freshbar. Do not delete any files found! Some may be legitimate. In the upper left-hand corner, click on File, Save As, and save it in a folder you will be able to find later (probably the same folder you put remv3 in).

Reboot normally, and post the remv3 log along with a new HJT log.

0

OK, well freshbar is gone, and the about:blank trusted start page was gone after i rebooted but when i started internet explorer for a second time, it had returned.

Here is the new HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 10:41:06 a.m., on 6/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Ecmn\Qxvg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\hijack this\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [Gnldnhdv] C:\Program Files\Ecmn\Qxvg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.212/counter/new/x.chm::/update.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.