about:blank in Win 98 SE

  1. 17-02-2005  #11
    bcbear
    bcbear is offline Newbie

    Re: about:blank in Win 98 SE

    Success again!
    Here is the log file for HJT:
    Logfile of HijackThis v1.99.0
    Scan saved at 9:55:19 AM, on 2/17/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\ISSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Personal Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Personal Firewall\ISSVC.exe"
    O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
    O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
    O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activ...oadControl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

    Here is the Startdeck log:
    StartDreck (build 2.1.7 public stable) - 2005-02-17 @ 09:35:38 (GMT -05:00)
    Platform: Windows 98 SE (Win 4.10.2222 A)
    Internet Explorer: 6.0.2800.1106
    Logged in as Default at BEAR

    »Registry
    »Run Keys
    »Current User
    »Run
    »RunOnce
    »Default User
    »Run
    »RunOnce
    »Local Machine
    »Run
    *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    *Symantec Core LC=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    *IS CfgWiz=C:\Program Files\Norton Personal Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    *Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    +OptionalComponents
    +IMAIL
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    »RunOnce
    »RunServices
    *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    *ISSVC="C:\Program Files\Norton Personal Firewall\ISSVC.exe"
    *ccProxy=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Browser Helper Objects (LM)
    *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    `InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
    `InprocServer32=c:\program files\google\googletoolbar1.dll
    *Nisbho.CNisExtBho.1/{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
    `InprocServer32=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    *Name/{E8A1D898-52F8-4299-A7EE-AEA6262C7635}
    `InprocServer32=C:\WINDOWS\SYSTEM\MSJGB.DLL
    »Files
    »System/Drivers
    »Running Processes
    +FF0F5245=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    +FFFF05B5=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    +FFFF1325=C:\WINDOWS\SYSTEM\MPREXE.EXE
    +FFFF3C59=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    +FFFFDAD1=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    +FFFFA741=C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\ISSVC.EXE
    +FFFF3B8D=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    +FFFE00B5=C:\WINDOWS\SYSTEM\mmtask.tsk
    +FFFD7709=C:\WINDOWS\EXPLORER.EXE
    +FFFCF8B9=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    +FFFC0CA9=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    +FFF92F5D=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    +FFFAC541=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    +FFF89B19=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    +FFF74BAD=C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\95\MAPISP32.EXE
    +FFF7B105=C:\WINDOWS\SYSTEM\PSTORES.EXE
    +FFF8FF7D=C:\WINDOWS\SYSTEM\DDHELP.EXE
    +FFF837E5=C:\WINDOWS\DESKTOP\STARTDRECK.EXE
    »Application specific

    Thanks again.

    I am running Norton Personal Firewall and I need to disable it to use the web. I downloaded the trial version of Kerio Firewall. Is Kerio more effective than Norton?

  3. 17-02-2005  #12
    HJM
    HJM is offline Valued Member
    Save 20% on AVG Internet Security 2012 Suite!
    Everything is looking good again.

    Have you installed Spywareblaster yet? I see you haven't got Spywareguard as per my advice a few posts ago. Both of these will go a long way to protecting you from this sort of infection.

    Have you checked the permissions on your Norton firewall to make sure you haven't accidently blocked internet Explorer? If not, check that you haven't got iexplore.exe blocked. Kerio will do the same job, no better no worse probably.

    One other thing, you don't appear to have Spybot Search & Destroy on your system. Both Spybot and Ad-Aware should be installed on your machine and used at least once a week. They both do the same job but sometimes detect adware etc which the other misses. You can get these programs by clicking on the specific tutorial links in my signature at the bottom of my post. Spybot also has some very useful extra functions, one of which I suggest you implement immediately to stop your IE startpage being altered again.

    After installing Spybot, click on Mode (top left) > Advanced > Tools and put a checkmark in the box 'Lock IE Startpage'.

    Let me know if things get out of hand again.
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« Please help - "about:blank" | hijack this log inside - help is appreciated!! »