|
| ||
| about:blank.... kill me Can someone please point me in the right direction here? I have run all of the progs adaware/spybot s&d/symantec/CWShredder/APM/Hijack this to no avail. I've gone into and read up on all the solutions for the problem but I still cant get it off this computer. Here is a post of my HJT, Please help me Crunchie. Logfile of HijackThis v1.98.2 Scan saved at 2:24:05 PM, on 8/31/2004 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINNT\System32\CTsvcCDA.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\gearsec.exe C:\WINNT\System32\NMSSvc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\D.P.Technology\ESPRIT\Floating License\lservnt.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\devldr32.exe C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe C:\WINNT\System32\Promon.exe C:\Program Files\ahead\InCD\InCD.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Winamp3\winampa.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINNT\sdkqt32.exe C:\Documents and Settings\Charlie\Application Data\eore.exe C:\WINNT\madise.dll:rpyoj C:\WINNT\System32\nditew.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\ramgr.dll/sp.html#29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\ramgr.dll/sp.html#29126 R3 - Default URLSearchHook is missing F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ O2 - BHO: (no name) - {C8D7AA01-B345-02A6-FA8C-144BE147E411} - C:\WINNT\system32\mfcip.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [sdkqt32.exe] C:\WINNT\sdkqt32.exe O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe O4 - HKCU\..\Run: [Sbao] C:\Documents and Settings\Charlie\Application Data\eore.exe O4 - HKCU\..\Run: [Kxahrg] C:\WINNT\System32\nditew.exe O4 - Startup: E-Term32.lnk = C:\Program Files\DCSi\E-Term32\E-Term32.exe O4 - Startup: Netscape Messenger.lnk = C:\Program Files\Netscape\Communicator\Program\netscape.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmiracle.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/wins...searchie32.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab This is actually my bosses computer at work. I am not the IS manager, but everyone turns to me for answers so any help would be apprectiated. Thanks a lot guys. |
| ||
| Re: about:blank.... kill me Download About:buster from http://malwarebytes.biz/AboutBuster.zip and unzip it to your desktop. Download & instal Adaware from here & update it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.' Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.' Click here for instructions on how to boot into safe mode. Boot up in safe mode. Open Task Manager & end process on the following, if there: sdkqt32.exe nditew.exe Find & delete those two files manually. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked': R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\ramgr.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\ramgr.dll/sp.html#29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\ramgr.dll/sp.html#29126 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {C8D7AA01-B345-02A6-FA8C-144BE147E411} - C:\WINNT\system32\mfcip.dll O4 - HKLM\..\Run: [sdkqt32.exe] C:\WINNT\sdkqt32.exe O4 - HKCU\..\Run: [Kxahrg] C:\WINNT\System32\nditew.exe O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmiracle.com O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/win...nsearchie32.exe -Adult Content Dialer O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8a29296baabe1d6 -Blazefind Windupdates Adware O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - -MagicAds Adware Run About:buster, click OK, Start, and OK again to start the scan. Let it scan and fix everything it finds. Still in safe mode, do a full system scan with Adaware. When the scan is finished select *next* & place a check in the boxes to the left of what is found & click *next* again. Let it delete those entries. Reboot your computer in normal mode. Waht is this:? C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe Please find it and right click on it. Choose Properties. CLick the version tab and get the manufacture and original filename please. Maybe that will give a clue. |
| ||
| Re: about:blank.... kill me k, thanks I will take a shot at that when I can get to his machine. We are both CAD/CAM operators and fairly busy, whenever he gets to a breaking point on one of his jobs I'll try this out for him. Will post new HJT log when completed, thanks. |
| All times are GMT -4. The time now is 9:12 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC