Browser Hijacked about blank?? / Still no Internet connection

Re: Browser Hijacked about blank??

First, please run as much of the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal as you can and run them in the order indicated. If you still have a problem, after that, follow the guidelines below and post your HJT log.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Nope! Not yet. Are you clicking upload? What file name did you use? Watch for error messages in the Manage Attachments window.

 

That log looks like it is from a safe mode boot. HJT logs must be from normal boot mode.

 

Also note: You must only run one software firewall. You are running at leasts two and possibly three. You have Sgate and Norton's. Did you disable the WinXP SP2 firewall?

You must pick which one you want from Norton and Sgate and uninstall the other. Do not use the one from Windows. It is not good enough.

 

Did you see my message about the firewalls? That could be your problems with not being able to connect.

 

You're moving a little too slow!

I have to get some sleep now! It's 3:42 am here! We'll have to continue later.

Make sure you read my message about the firewalls and take care of that.

 

You still have both firewalls installed! I repeat you MUST remove one!
And did you disable the WinXP SP2 built-in firewall?

 

Okay after Sygate is removed and WinXP SP2 firewall is disabled. Reboot and let me know where things stand.

 

Have HJT fix the O9 line with (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


This next line I would bet is not needed and is a waste of system resources:
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"


Questions:

Do you know What the below are for?
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\QicSetup.exe" /AfterReboot
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {56281C46-2A92-45F1-863D-E214733EB2D6} - http://www.cursorzone.com/cursors/cross_setup_td035.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab

 

You're welcome. I would recommend running HJT again and fixing any of those O16 lines that you do not recognize. If they really are valid and required but a website you use, they will redownload the next time you connect to them anyway.