TechSpot

Browser Hijack - Feel like I've tried everything!

By Smell the Glove
Oct 30, 2005
  1. Hello,

    I'm new to all these forums but I'm needing help.

    My homepage browser goes straight to this: res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm (aka www.warningmessage.com)

    I have seen other threads about this whilst searching the net but nothing I try has got rid of it.

    I've rebooted in safe mode and run:
    Spybot
    McAfee Security Suite
    Avast
    Sywareblaster
    Microsoft Antspyware
    Smartkiller
    Aboutbuster
    AVG Free
    Adaware

    And still I can't stop it!

    I really need help but I'm not very PC friendly so I need advice in simple terms.

    Hope you can help.
     

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Aren't you overdoing it a bit? Avast, AVG, McAfee.
    Sooner rather than later they get into each other's hair, and your protection is worth diddly squat!
    UNinstall Avast, it's not running correctly anyway!

    C:\Documents and Settings\Matthew Salmon\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
    put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /R/ unRegister the xxx.DLL in that line
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
    /R/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\sp.dll/sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    /P/ O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\System32\hpA17B.tmp
    /P/ O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
    /P/ O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
    O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
    O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    Unless these IP-numbers are from your ISP, fix this O17
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B957393B-24EE-4298-8BF8-C6D10234850E}: NameServer = 80.225.252.178 80.225.252.186
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    ...................................................................................................
     
  3. Smell the Glove

    Smell the Glove TS Rookie Topic Starter Posts: 35

    Thanks a lot mate, everything seems to working just fine now. :)

    I would just like to say thank you. I don't want to sound like a brown noser but its good to know there are good people on the net besides the *****s creating viruses and trojans etc.

    I owe you a large number of pints of the black stuff! :grinthumb

    PS. I've uninstalled Avast. I was thinking of getting rid of AVG and a few others. What is worth keeping out of this list?

    AVG
    Spybot
    Adaware
    ewido
    Spywareblaster
    Aboutbuster
    CWShredder

    Once again, thanks dude.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Keep them all, but for permanently running, you only need AVG and the Spybot immuniser.
    The other programs will come in handy for a next infection! As long as they don't run, they don't use up memory.
    Make sure you always use the latest versions/definitions before you run them.
    Advisable is a full scan once every week or fortnight, depending on how 'clean' your habits are.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...