alc6379
Cookie... That's it
Team Colleague
2,820 posts since Dec 2003
Reputation Points: 186
Solved Threads: 147
Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
My homepage changes to about:blank.heres my HiJackThis log
Have something to say? Contribute New Article Reply to this Article My homepage changes to about:blank.heres my HiJackThis log
plz help me. for over 2 weeks my homepage has kept reseting to about:blank. i have several programs that i've seen in other instances to fix it. i havent been able to figure out what i need to do. plz help me. heres my HiJackThis log
Logfile of HijackThis v1.97.7
Scan saved at 9:44:19 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Valve\Steam\Steam.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {E1EC2C77-DD85-4264-87BD-EFCF53BD67C5} - C:\WINDOWS\System32\eegndl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab
if you can plz help me.
also whenever i run spybot search and destroy. something comes up named DSO exploit. it always comes up and labeled as a registry change. thank you for listening to my problem
i understand what you mean but i have most of the programs that protect me from this. i've been searching for solutions to this problem. the main problem is HiJackThis logs change from person to person i have some file that i've seen before on a few others that resemblences to mine but not very close. i dont know the exact date the problem occured but i think it may be building up files. i've been wondering if i could be helped in fixing this problem
Understood- HJT logs can be very specific.
If you haven't already, please use Windows' Automatic Update facility to make sure that your system has all of the lastest critical security patches and bug fixes installed; that may very well solve the Data Source Object (DSO) exploit issue.
DMR
Wombat At Large
Team Colleague
7,229 posts since Dec 2003
Reputation Points: 221
Solved Threads: 370
ok well i have all updates except for a few not needed programs. i dont believe that DSO exploit should be to much of a worry. i'm not sure though so. On my other problem i tried a few solutions. like many other people it comes back after rebooting. please help me if you have time to spare to help me. Thank you
I remember reading someplace that when SpyBot barks about DSO exploits, it has to do with your ActiveX settings in the Internet Options cotrol panel being too "loose". However, I've also read that the DSO warning is either a bug in SpyBot itself, or is triggered by some bug in IE and/or Windows code. You can read more about it in this Google searc h .
Have HJT fix the following entries and see what happens:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {E1EC2C77-DD85-4264-87BD-EFCF53BD67C5} - C:\WINDOWS\System32\eegndl.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Acti...iveLauncher.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab
Reboot, and then:
Have the View option in Windows Explorer set to show all hidden and system files
Empty all Tempory Internet folders
Clear your cache and cookies
Find and delete the entire WildTangent folder
Find and delete the C:\install.cab file
Find and delete the C:\WINDOWS\System32\eegndl.dll file
Empty the Recycle Bin
DMR
Wombat At Large
Team Colleague
7,229 posts since Dec 2003
Reputation Points: 221
Solved Threads: 370
earlier before you posted i went to http://forums.spywareinfo.com/index.php?showtopic=942 and i followed the directions told by daemon at the bottom of the page. it fixed my system. after several hours it hasnt come back no files come up with searchs from ad-aware, anything odd in hijackthis, and also spybot search and destroy. the only thing i havent been able to fix is the DSO exploit. if my problem comes back i'll post again and wait for advice. thank you for all yall's help. :lol: :lol: :lol: :lol: :lol:
Whatever the reason for DSO exploit warning in SpyBot- from my experience in using the program, it almost always comes up, and I'm not really convinced that it indicates anything nasty in particular either. I want to research the issue further to get amore definitive answer; when I do I'll post the particulars....
DMR
Wombat At Large
Team Colleague
7,229 posts since Dec 2003
Reputation Points: 221
Solved Threads: 370
This article has been dead for over three months
You
© 2012 DaniWeb® LLC
