Re: Help please! Stop Error

nybarton wrote:

Look at these lines from my HJT log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.msn.com/?page=2&refresh=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=566...p://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) -
_{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)

Very interesting.

I'm not sure there's anything suspicious about the R0 or R1 entries, but
the R3 entry could be what's screwing things up. See:

http://www.castlecops.com/tk31896-QaBar_dll.html

Which leads to:

http://www.symantec.com/security_response/writeup.jsp?docid=2003-112612-1627-99
(updated link)

You really should get rid of this registry entry (even if it isn't the
cause of your current problem)!

Also http://www.bleepingcomputer.com/tutorials/tutorial42.html has
information on R3/URL Search Hooks. Yours looks suspicious because of
the (no name) and (no file) designation as well as the underscore.
Removal instructions (in case HijackThis can't remove it) can be found
at:

http://www.symantec.com/security_response/writeup.jsp?docid=2003-112612-1627-99&tabid=3

I have no idea what the Wrtmon.exe file is and apparently not many
people do. I ran a search on it and at the moment it appears, as you
say, to be merely "suspicious". It may be the culprit or there may
be something in the Registry that's killing the scans and causing the
Page Fault. The only new programs installed on my computer as of late
are McAfee and the software to run my new Canon Multifunction Printer
(with all its ancillary features).

Can you pinpoint as precisely as possible when this problem started? I
had assumed it was with the McAfee install. Might it have been at the
time Canon was installed?

Other ideas:

1. I forget... had you ever tried a System Restore to a time before this
problem?

2. Have you scanned for viruses *and* spyware in Safe Mode?

3. Have you tried a Clean Boot Troubleshoot? If not, see:

http://support.microsoft.com/kb/316434

I wouldn't do the last idea until you've done the other things.

Backing up the registry is always a good idea. For this, I would suggest
ERUNT:

http://www.larshederer.homepage.t-online.de/erunt/

Oh, and I still think you'd be better off without McAfee. :-)
(Remember AVG, Avast, Antivir, Kaspersky, NOD32...)

Good luck, nybarton/Legality!


.