|
| ||
| About:Blank HijackThis from JaqJaq Here is my HijackThis logfile. Thank you for your help. Logfile of HijackThis v1.97.7 Scan saved at 1:13:25 PM, on 6/22/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\regsvc.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\system32\MSTask.exe C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SymTray.exe C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\Program Files\Outlook Express\MSIMN.EXE C:\WINDOWS\system32\wisptis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O4 - HKCU\..\Run: [WCPI] C:\WINDOWS\system32\wintsvit.exe O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Dell Home (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/del/d_a_loader.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...17/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C868E040-49D6-4230-B9A4-668045F64E56}: Domain = pacbell.net |
| ||
| Re: About:Blank HijackThis from JaqJaq Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O4 - HKCU\..\Run: [WCPI] C:\WINDOWS\system32\wintsvit.exe O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/del/d_a_loader.cab Reboot into safe mode following the instructions here & navigate to & delete the following if found: C:\WINDOWS\system32\wintsvit.exe< file Reboot normally. Launch Notepad, and copy/paste the bold below into a new text file. Save it as URLRepair.reg (Change the 'Save As Type' to 'All Files'). Save it in C:\ REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="" Locate it (in C:\) and double-click on it (launch it). You'll recieve a prompt similar to: "Do you wish to merge the information into the registry?". Answer yes and wait for a message to appear similar to "Merged Successfully". Post a new log plz. |
| ||
| Re: About:Blank HijackThis from JaqJaq I did everything you suggested. Here is the new log: Logfile of HijackThis v1.97.7 Scan saved at 12:41:27 PM, on 6/23/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\regsvc.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\system32\MSTask.exe C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SymTray.exe C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe |
| ||
| Re: About:Blank HijackThis from JaqJaq Sorry. Here is the entire Log. Logfile of HijackThis v1.97.7 Scan saved at 12:41:27 PM, on 6/23/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\regsvc.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\system32\MSTask.exe C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SymTray.exe C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/ F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Dell Home (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...17/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C868E040-49D6-4230-B9A4-668045F64E56}: Domain = pacbell.net |
| ||
| Re: About:Blank HijackThis from JaqJaq Looking good. |
| ||
| Re: About:Blank HijackThis from JaqJaq Thank you very much. However, I think I am still infected! I have downloaded popup stopper, and it does a good job of stopping popups. But every time it tries to do so, the words About:Blank appears in the pop up that is being closed. I therefore think that it problem remains somewhere on my computer. Any thoughts? ;) |
| ||
| Re: About:Blank HijackThis from JaqJaq I Was Right. The Problem Is Back. This Time I Get A Pop Up Every Few Minutes, And The Pop Up Stopper Does Not Work. Please Help. |
| ||
| Re: About:Blank HijackThis from JaqJaq Quote:
http://www2.palsol.com/spyrem_offer/...tml?hop=extron The home page is not about:balnk. it is: "res://bibtf.dll/index.html#26643" and the page provides: "Home Search" I did everthing that i could think of and could find on the various related threads but to no avail. here is my most up to date log: Logfile of HijackThis v1.97.7 Scan saved at 5:18:52 PM, on 6/28/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SymTray.exe C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\WINDOWS\apixg32.exe C:\WINDOWS\mfceb.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bibtf.dll/sp.html#26643 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://bibtf.dll/index.html#26643 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://bibtf.dll/index.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bibtf.dll/sp.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://bibtf.dll/index.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bibtf.dll/sp.html#26643 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {73A2EFBB-38ED-18F3-2B78-49EE04A5FEAB} - C:\WINDOWS\iekv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [sdker.exe] C:\WINDOWS\system32\sdker.exe O4 - HKLM\..\Run: [mfceb.exe] C:\WINDOWS\mfceb.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Dell Home (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...17/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C868E040-49D6-4230-B9A4-668045F64E56}: Domain = pacbell.net |
| ||
| Re: About:Blank HijackThis from JaqJaq Please download this tool called About Buster from: http://www.atribune.org/downloads/AboutBuster.zip Created by RubberDucky Unzip it to your desktop but don't run it yet. Now start Hijackthis and tick the boxes next to these items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bibtf.dll/sp.html#26643 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://bibtf.dll/index.html#26643 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://bibtf.dll/index.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bibtf.dll/sp.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://bibtf.dll/index.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bibtf.dll/sp.html#26643 O2 - BHO: (no name) - {73A2EFBB-38ED-18F3-2B78-49EE04A5FEAB} - C:\WINDOWS\iekv.dll Now close ALL Internet Explorer windows and hit fix checked. Do not open internet explorer to come back here until after running the tool. Double click Aboutbuster.exe, click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Once the tool is done scanning, copy the log and paste it into your thread. with a new Hijack this log. |
| ||
| Re: About:Blank HijackThis from JaqJaq Thank you, but totally useless. I did what you instructed. and even ran the scan twice. Then I opened an Internet Explorer window to get to this site, and the entire thing returned. I did what you suggested one more time, and this time I even exited msn messenger before. Nothing! Here are the results after the first two scans. About:Buster Version 1.22 Removed! : C:\WINDOWS\apixg32.exe Removed! : C:\WINDOWS\jzrxq.dat Removed! : C:\WINDOWS\gdtyt.dat Removed! : C:\WINDOWS\System32\bibtf.dll Removed! : C:\WINDOWS\System32\ygfwx.dll Attempted Clean Of Temp folder. Removed LEGACY___NS_Service_3 Key Removed __NS_Service_3 Key Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! About:Buster Version 1.22 Removed! : C:\WINDOWS\bwems.dat Removed! : C:\WINDOWS\System32\d3vq32.exe Attempted Clean Of Temp folder. Removed LEGACY___NS_Service_3 Key Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! Here is the result after the last scan: About:Buster Version 1.22 Removed! : C:\WINDOWS\bwems.dat Error Removing! : C:\WINDOWS\System32\ieid32.exe Removed! : C:\WINDOWS\System32\ygfwx.dll Removed! : C:\WINDOWS\System32\liwud.dll Removed! : C:\WINDOWS\System32\xbmet.dll Removed! : C:\WINDOWS\System32\jeywg.dat Removed! : C:\WINDOWS\System32\vfofw.dat Attempted Clean Of Temp folder. Removed LEGACY___NS_Service_3 Key Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! Here is my most recent log: Logfile of HijackThis v1.97.7 Scan saved at 12:21:25 PM, on 6/29/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SymTray.exe C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\WINDOWS\mfceb.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\WINDOWS\system32\ieid32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\unzipped\hijackthis\HijackThis.exe C:\Program Files\Outlook Express\msimn.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xbmet.dll/sp.html#26643 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xbmet.dll/index.html#26643 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xbmet.dll/index.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xbmet.dll/sp.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xbmet.dll/index.html#26643 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xbmet.dll/sp.html#26643 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {AC8DF552-D849-591F-A401-E899DA8F72AA} - C:\WINDOWS\system32\ntmw.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [sdker.exe] C:\WINDOWS\system32\sdker.exe O4 - HKLM\..\Run: [mfceb.exe] C:\WINDOWS\mfceb.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe O4 - HKLM\..\RunOnce: [ieid32.exe] C:\WINDOWS\system32\ieid32.exe O4 - HKLM\..\RunOnce: [winqj.exe] C:\WINDOWS\winqj.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Dell Home (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...17/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C868E040-49D6-4230-B9A4-668045F64E56}: Domain = pacbell.net |
| All times are GMT -4. The time now is 12:52 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC