Why us?

My family & I were returning from a trip to the in-laws last night when we stopped for dinner at a place called, Ellen's Dutch Pancake something-or-other in Buellton, CA. It was about 8:30 (they were open until 9) in the evening and it looked like the local hangout. We went in, were seated, and given drinks. After that the service went downhill. The food was okay. My wife had the dutch pancakes, my son, the cheese burger, and I had the chicken fried steak. It was unfortunate they smothered the broccoli in a cheese sauce and left the whole thing to drown in 1/2 inch of water, but otherwise it was okay. The waitress, Joy, never checked up on us for drink refills, except to drop off the bill. "Here you go." Both my wife and I have combined experience of 20 years in the restaurant business and this is by far the worst we've experienced so far. To put insult to injury, Joy was quite nice to the locals that were in there, so it was either (I'm speculating here) since we weren't local we weren't worth the spit in our food, or she wasn't in the mood to clean up after a family had eaten.

IE's about:blank Hijack continued

I did a little more digging and discovered I hadn't run Ad-Aware 1.05 with the latest updates. After doing so (it found close to 100 "critical" entries) it seemed to do the trick and about:blank was truly that. I also discovered that it was probable CoolWebSearch was the culprit in this.

I also learned that for SBC's DSL (in CA) and XP, you don't need their DSL Connection Manager. Instead, I simply used XP's DSL connection, created a shortcut from My Network Connections to the Desktop and it connects faster and gives the user better control to connect and disconnect as needed. Also, the icon changes when the computer is online versus offline.

Finally, I ran into a program called systray.exe in the Process tab, located in Task Manager. Check this out: when I closed the process, it created four more processes! I found it's location in the Windows\System32 folder. After renaming and rebooting I did another search and found my renamed version and a new copy of systray.exe. That's when I pulled out HijackThis 1.99. This was my first experience using it and quickly was able to determine what's supposed to be in the list and what isn't. We removed the suspicious items, rebooted, and systray.exe was no longer a process. It's my suspicion that a corrupt dll was the issue here.

It looks like my final challenge will be to figure out after doing a Google search for something, why a svchost.exe is utilizing 95+% of the CPU for up to 30 seconds before relinquishing control back to me.

New Browser Hijack

I work for a company who consults to homes and small businesses for computer and network repair. Last night I was visiting a client who had a new type of Home Page hijack: This one took the about: blank and actually attached a website to it. The website is not listed in the Address Bar and Viewing Source does not provide too many clues either. No virus present and Spybot couldn't detect it either. This will take a little digging.