My eraser program ( Blackout ) suddenly refuses to erase my cookies . I removed the program and reinstalled it but still no luck . I went to the help site for Blackout but they have gone out of business and the site is closed .

Is there anything in this HJL that could be inhibiting the eraser .


Logfile of HijackThis v1.99.1
Scan saved at 4:29:58 PM, on 2/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ktdata\sysmon32.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\ktdata\datx32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 41 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=bowed2go&login=47feb65b97e84723340a21d90b009b42/bowed2go:netzero.net/1131079040/30/sss.4.91105/&ts=436ae580&A=0&B=1120892400000&C=1120892400000&D=1127113200000&I=7.NQ3&N=PL&O=I&UT=companion
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windows update.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosi te.com;*.dir.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sysmon] c:\ktdata\sysmon32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136310300859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FBBD83D-26E4-490C-8B83-DE36B8B22C1A}: NameServer = 64.136.28.120 64.136.20.120
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I see nothing in that list that should cause anything like that to happen. In fact, there's not a lick of spyware in there, really.

Well all of a sudden the full blackout program is working again . Strange , but no stranger than some of the other things the computer has been doing like jumping a page all by itself or even more unusual other sites that I go to think I'm in another location . I live in Phoenix and some sites address offers like get tickets in Phoenix or get this or that in Phoenix but for a few weeks now all the offers have me located in Washington D.C. ????:confused: ???? I use AVG and run it constantly and it tells me I am clean but I still wonder about that . If another computer was using mine or redirecting mine is there some way I can detect that ? How can you know things like that ? Thanks for your patience .



.

Well, that's a loaded question...

There are so many technical reasons that you'd show up as being from Washington and they mostly revolve around your ISP - maybe your ISP just picked up a new netrange (bundle of IP addresses) which were previously registered as being in Washington...and they transferred them to Arizona or something, but it took a few days for ARIN (the master keeper of all US IP addresses) to update their records. Let me show you something...

www.whois.sc

Type an IP address into that search feature, then click SUBMIT. Here are a few sample IP's you can use:

209.208.45.98
64.12.12.8
24.36.87.94

You see, you can trace each one to a location. All ISP's are assigned IP addresses in big blocks - so when you go to a website, they look to see what your IP address is. They can then do a "reverse lookup" on your IP addresses to see who your ISP is and find out what location of that ISP you are using, which therein tells them where you are from. Chances are your ISP either borrowed or took over a block of IP addresses from someone in Washington DC, which just so happens to be the largest internet hubs in the world (pretty sure it's still the largest).

So, this hopefully explains that ... I can't explain how it's jumping a page by itself...but I can tell you this - you can hunt to see if maybe you have a "rootkit" installed on your system which would allow someone to have "backdoor" access to control your system.

http://www.sysinternals.com/Utilities/RootkitRevealer.html

There is a download link at the bottom of that page (second to the last link). Download it, scan with it, then post a picture of the results in here for me to review. It will find anything "odd" or hidden on your system. Some things like cookies and other small items will show up as "hidden", so it's not a BAD thing to have a few items in the list.

If nothing else, you can try to scan with a program called "UnHackMe", which you can find using Google, it's made by a company called Greatis Software. It will detect most hidden software that spyware and antivirus programs cannot find.

Hope this helps answer some things. If you have any more questions, feel free to ask. I want to make sure you're not walking outta here with more questions than you walked in with.

Thanks for the very informative answer with instructions . I am learning quite a bit from this .


This is the scan OFFLINE with rootkit revealer

D: 0 bytes Error mounting volume


---------------------------------------------------------------------------------------


Doing the scan ON LINE there were 47 hits but If I read everything right this is an off line scan .



I will check the other program this weekend , Thanks.





.




.

The curiosities continue .

(1 ) Blackout stopped working completely and I had to reinstall it . the add & remove program tells me it is a rarely used program even though I use it almost daily .

( 2 ) I use AVG every day but the add & remove tells me it is occasionally used and the last time used according to the program was 11 / 15 / 2005 .

( 3 ) Websites are still telling me my location is across the country in Washington D.C. and that has been going on for about a month now.

( 4 ) Still jumping pages and other funny stuff.



Something got to be wrong here somewhere .:confused:




.





.

Something very weird going on for sure? I have never heard of a group of symptoms like what you have.

It is normal for AVG to show that in the control panel, mine is the same. Mine lists the install date as the "last used" date for some reason. In fact, many of my programs show the incorrect date - this could be a problem w/the manufacture of the program itself.

The only other thing I would recommend is locking down your computer to make sure something screwy isn't happening. If you are not currently using an aftermarket firewall software, I would go install Kerio Personal Firewall here:

http://www.sunbelt-software.com/Kerio-Download.cfm

It will at least start watching your incoming AND outgoing traffic for anything weird...and if somoene is hijacking your computer (or has backdoor access) it should put a stop to it.

I still concede that the reasoning behind the "showing up in DC" thing could be due to your ISP. I believe it is unrelated unless you're using a proxy server or something.

Can you go into more detail about the "page jumping" thing? Also, what kind of mouse do you have?

When was the last time you scanned your disks for errors? (right-click the hard drive and choose Properties, then click the Tools tab).

QUOTE [ Can you go into more detail about the "page jumping" thing? Also, what kind of mouse do you have?

When was the last time you scanned your disks for errors? ]




Hi Shifty . I am using an optical mouse . The page jumping is mostly when I click on a site ( like here ) and the screen jumps to the netzero home page . I used the disc scan and it did not show any report in the 4 phases of test so I guess that was OK .


I installed the fire wall but I must have done something wrong because I got a stop window and the computer shut down and restarted by itself and then it showed a Kerio crash report window . I deleted the firewall but will try it again this weekend , like I said it was probably something I did . I reformatted a while back after I hit a trojan and had problems that would not go away so maybe that did something to the hard drive . Hey thanks and have a good weekend .




.

I doubt you could do something to the hard drive that would cause this.

Do you have a different mouse you can try out? I would like to weed out these errors one by one. I would like to see if this problem continues when you completely disconnect the optical mouse. Sometimes they will jump like you say.

I found some time this morning so I reinstalled the firewall again and got the same result . When I was entering net zero and clicking the accept or deny options the computer suddenly displayed a stop screen which had a lot of info like it was dumping memory and stuff like that , then the computer shut down and restarted and then displayed a Kerio crash report form just like the first time . I think I will just lay off for awhile and see what else happens . I will be going to a big electroincs super store this weekend and while there I will pick up a new mouse . Thanks .


.

Sorry , I was tied up and just got back on here with the new mouse installed . So far so good it has not jumped any pages tonight . I have not tried to reinstall the firewall since the two previous failures last week . thanks



.

Two days and no page jumping , you fixed it . Thanks .


.

I didn't fix it, you bought the mouse. So what's left - still showing up as though you're from DC?

I didn't fix it, you bought the mouse. So what's left - still showing up as though you're from DC?


But I did not know enough to replace the mouse without someone telling me to do it :D and yes is still showing my location being D.C. and now also different points in the Maryland area just outside of D.C. . The list is growing :)


.

That's very strange. You're not a dialup user are you? Sorry if this info is above, I just didn't see it.

That's very strange. You're not a dialup user are you? Sorry if this info is above, I just didn't see it.


Yes dialup . My computer uses the house telephone line to dial Netzero but It has always located me correctly until a few weeks ago :confused: Maybe the government is tapping me after wondering why someone who lives near the border owns so many trucks and guns * :lol: :lol: :lol:







.

So whatcha thinking about the D.C. thing ? Still stick'en to your guns that it's a glitch with my provider ? Some careful counting puts it at about a month and a half now . Thanks for the link you gave me in my other post , because I am deleteing norton on my wifes new computer and installing AVG .



BTW I read your post on the implants . About 8 years age I was losing my sight and had about the same vision you described ( I could see 3 fingers only , if you stuck them in my face ) I had operations on both eyes and they replaced my natural lenses with man made ones and they have worked out excellent . I agree with your choice but If I can make a suggestion , have them done one at a time if you can and not together. This will give you a buffer in case there are uncommon problems that come up with you . You might have to cover the weak eye between operations ( because of balance ) but I did it and it wasn't that bad .


.

I'm forced to do them at diff't times - doctor's orders.

I'm still thinking it's something specific to your ISP. Do this for me:

Connect to the dialup.
Go to www.whatismyip.com and get your IP address.
Save it somewhere safe.
Disconnect.

Repeat this four times and get a list of the IP addresses you get and *PM* them to me. I want to see what you got going on.

P.M. sent