|
| ||
| About;Blank Please Help, Hijack Log File Hello, Sorry, Im absolutely new to this. I know this is common. But I have the dreaded about;blank homepage problem. SpybotSD, CWShredder and AdAware seem to be giving me clean bills of health. My Hijack this log file is as follows... Logfile of HijackThis v1.99.0 Scan saved at 5:23:12 PM, on 12/20/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\TASKMAN.EXE:vutzr C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\QuickTime\qttask.exe C:\DOCUME~1\Bradley\LOCALS~1\Temp\2.tmp.exe C:\WINDOWS\system32\iptw32.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe C:\WINDOWS\System32\ctfmon.exe C:\Desktop Works\Dock\YzDock.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE F:\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4800B849-7D6B-9DD6-3EB8-C3C489A5C0DC} - C:\WINDOWS\system32\javaaz32.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [2.tmp] C:\DOCUME~1\Bradley\LOCALS~1\Temp\2.tmp.exe 0 10001 O4 - HKLM\..\Run: [iptw32.exe] C:\WINDOWS\system32\iptw32.exe O4 - HKLM\..\Run: [2.tmp.exe] C:\DOCUME~1\Bradley\LOCALS~1\Temp\2.tmp.exe 0 10001 O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Startup: Shortcut to YzDock.lnk = C:\Desktop Works\Dock\YzDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093326107653 O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: X10 Device Network Service - Unknown - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Please Help Me! And please use elementary language as I am a computer idiot. thanks |
| ||
| Re: About;Blank Please Help, Hijack Log File Download and run killbox. http://www.downloads.subratam.org/KillBox.exe Stay offline when doing the following fix. Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eojjf.dll/sp.html#12345 R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [2.tmp] C:\DOCUME~1\Bradley\LOCALS~1\Temp\2.tmp.exe 0 10001 O4 - HKLM\..\Run: [2.tmp.exe] C:\DOCUME~1\Bradley\LOCALS~1\Temp\2.tmp.exe 0 10001 Open killbox and paste in C:\WINDOWS\TASKMAN.EXE With the full path to the file name in the topmost textbox, click the option *replace on reboot* and *Use Dummy* which will create a numbered dummy file instantly for you. Click the Red X ...and for the confirmation message that will appear, you will need to click Yes A second message will ask to Reboot now? you will need to click No (since you are not finished adding all related files in yet) Repeat the above for each of these; C:\WINDOWS\system32\iptw32.exe C:\WINDOWS\eojjf.dll C:\WINDOWS\system32\javaaz32.dll C:\DOCUME~1\Bradley\LOCALS~1\Temp\2.tmp.exe 0 10001 On that last file, close all programs and Reboot your computer. Post another hijackthis log please. |
| ||
| Re: About;Blank Please Help, Hijack Log File Here is my new Hijack Log: I did all that you said, and when I rebooted the computer, a message came up saying something about the "C:\Windows\system32\iptw32.exe performing an illegal operation" I clicked "Close" to terminate the problem. Is this bad? Logfile of HijackThis v1.99.0 Scan saved at 11:21:38 PM, on 12/20/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\Desktop Works\Dock\YzDock.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\TASKMAN.EXE:vutzr C:\WINDOWS\System32\wuauclt.exe F:\Downloads\hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {77CD9B7C-6604-FD84-83FE-47AE9E1477C2} - C:\WINDOWS\system32\mspd32.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iptw32.exe] C:\WINDOWS\system32\iptw32.exe O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Startup: Shortcut to YzDock.lnk = C:\Desktop Works\Dock\YzDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093326107653 O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: X10 Device Network Service - Unknown - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) |
| ||
| Re: About;Blank Please Help, Hijack Log File Message should go once you are clean. Download Registrar Lite from here: http://www.resplendence.com/download/reglite.exe Put it in its own folder. You may want to keep this program. It is an excellent free, registry editor. Install, run, copy and paste this line to reglite's address bar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs and hit the "go" tab. Find: "Appinit_Dlls" value on the right side panel, DoubleClick, copy and post here the information in the 'Value' field. Download http://www.downloads.subratam.org/DllCompare.exe Run Dllcompare, by clicking the "Run Locate.com" then click Compare button... when done post that log here. |
| ||
| Re: About;Blank Please Help, Hijack Log File I downloaded and ran Registrar Lite, and went to the address you said to go to, but there was no "Appinit_Dlls" on the right hand pane. It has: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\(default) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\DeviceNotSelectedTimeout HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\GDIProcessHandleQuota HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Spooler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\swapdisk HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\TransmissionRetryTimeout HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\USERProcessHandleQuota So I dont know what to do. |
| ||
| Re: About;Blank Please Help, Hijack Log File OK Just do the dllcompare log please. |
| ||
| Re: About;Blank Please Help, Hijack Log File * DLLCompare Log version(1.0.0.127) Files Found that Windows does not See or cannot Access *Not everything listed here means you are infected! ________________________________________________ C:\WINDOWS\SYSTEM32\jbzsg.dll Fri Nov 26 2004 7:22:40a A.SH. 56,320 55.00 K C:\WINDOWS\SYSTEM32\pjxht.dll Tue Nov 9 2004 12:00:40p A.SH. 56,320 55.00 K ________________________________________________ 1,212 items found: 1,212 files (2 H/S), 0 directories. Total of file sizes: 235,479,440 bytes 224.57 M Administrator Account = True --------------------End log--------------------- |
| ||
| Re: About;Blank Please Help, Hijack Log File Stay offline when doing the following fix. Open killbox and paste in C:\WINDOWS\SYSTEM32\jbzsg.dll With the full path to the file name in the topmost textbox, click the option *replace on reboot* and *Use Dummy* which will create a numbered dummy file instantly for you. Click the Red X ...and for the confirmation message that will appear, you will need to click Yes A second message will ask to Reboot now? you will need to click No (since you are not finished adding all related files in yet) Repeat the above for each of these; C:\WINDOWS\SYSTEM32\pjxht.dll C:\WINDOWS\system32\mspd32.dll C:\WINDOWS\TASKMAN.EXE:vutzr On that last file, close all programs and Reboot your computer. Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {77CD9B7C-6604-FD84-83FE-47AE9E1477C2} - C:\WINDOWS\system32\mspd32.dll O4 - HKLM\..\Run: [iptw32.exe] C:\WINDOWS\system32\iptw32.exe Reboot and post another log please (hijackthis) |
| ||
| Re: About;Blank Please Help, Hijack Log File Download FxAgentB.exe from here and save it to your desktop. After downloading, double-click the FxAgentB file to run it and the program will scan your entire hard drive - this may take a while. When it is done, it will generate a log file called FxAgentB.log - save that information as you will need to paste it here later. Reboot when done. Next click here to download CWShredder by Merijn Bellekom and run it, hit 'fix' as opposed to 'scan only'. If you already have CWShredder, click 'Check for update' and make sure you are running version 1.59.1. Reboot when done. Then click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Click "Start", select "Perform Full System scan" and "Next" to start the scan. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?". Reboot when done, rescan with HijackThis and post a new log here, together with the FxAgentB log and a new DllCompare log. |
| ||
| Re: About;Blank Please Help, Hijack Log File I didn't spend much time looking at the HijackThis log, so there may be more than what I point out. What jumped out at me is all the 'R1' listings. I think you should delete them (or as HijackThis says 'fix them'). From there, look into your Norton antivirus, looks like it is partially disabled. See when the last full scan was. You can do an online scan (the words 'online scan' with google will get a lot of choices, personally I go with 'housecall' by Trend Micro). I'd say the path to go into the registry and repair the homepage, but a mistake could be fatal. Instead (if you want), open Notepad and save the created page to your desktop with a .reg extension (you can name the first bit whatever you like, but might as well call it homepage.reg), after you copy the following text into it. Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.yahoo.com" Normally I have my homepage set to google, but to be on the safe side I made this with the page set to yahoo and ran it to make sure it works. The www ---.com you can put whatever page you want. After saving it, double click on it, choose 'yes' and then you are safe to delete it. |
| All times are GMT -4. The time now is 9:37 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC