Another fooled by About:Blank in need... (Resolved)

  1. 15-10-2004  #21
    owen
    owen is offline D-A-L Team Member (UK)

    Re: Another fooled by About:Blank in need...

    Can you run Ad-aware in Safe Mode?

  3. 17-10-2004  #22
    Jughead1975
    Jughead1975 is offline Junior Member
    No I can't. Do you want me to post another Hijack This Log?
  4. 18-10-2004  #23
    owen
    owen is offline D-A-L Team Member (UK)
    I suggest you uninstall Ad-aware. Delete the programs folder, C:\Program Files\Lavasoft. Then download a new copy of Ad-aware and try again. If not, there is something causing a problem.

    Yes do post a fresh log.
  5. 20-10-2004  #24
    Jughead1975
    Jughead1975 is offline Junior Member
    Adaware still doesn't work, the uninstall takes deletes the program folder lavasoft. Also, About:Blank is still being caught by spybot everytime I start IE and close IE. Here is the HijackThis Log...

    Logfile of HijackThis v1.98.2
    Scan saved at 8:00:41 PM, on 10/19/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE
    C:\AMERICA ONLINE 6.0\AOLTRAY.EXE
    C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
    C:\PROGRAM FILES\NIKON\NKVIEW5\NKVMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\SPYWARE KILLER\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.d-a-l.com/help/forumdisplay.php?f=8
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.twmaine.com/
    F1 - win.ini: run=hpfsched
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.D LL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE" /Q
    O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
    O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi3 2.dll
    O18 - Filter: text/html - {8AE4A501-1E1F-11D9-AC32-000B47C8BA8D} - C:\WINDOWS\SYSTEM\EDPBPIA.DLL
  6. 20-10-2004  #25
    owen
    owen is offline D-A-L Team Member (UK)
    Hello,
    Could you download StartupDreck from http://members.blackbox.net/hp_links...startdreck.htm

    Unzip StartupDreck once you have downloaded it. Then run StartDreck.exe.

    When the program starts, at the bottom, click Config.

    Then near the bottom click Unmark All.

    Now we need to choose the specific entries we want in the log. Under the Registry heading, put a checkmark in Run Keys.

    Under the System/Drivers heading, put a checkmark in the Running Processes box.

    Then click Ok.

    At the bottom click Save. Save the file to a convenient location.

    In your next reply, click the button.

    Underneath the post reply box click Manage Attachments. Then in the popup window, click Browse and locate the logfile saved by StartupDreck. Click it and then click Ok. Next to the Browse button, click Upload. Once the file has uploaded, close the popup window and then post your message.
  7. 22-10-2004  #26
    Jughead1975
    Jughead1975 is offline Junior Member
    Here it is. Thanks for stayin with me.
    Attached Files
  8. 23-10-2004  #27
    owen
    owen is offline D-A-L Team Member (UK)
    Right, that log is clean. We are dealing with a different variiant.

    Go to Start> Run and type the following in bold:
    regedit /e c:\txtprtcl.txt "HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain"

    When done, come back here and upload the file txtprtcl.txt which should be located in C:\.
  9. 25-10-2004  #28
    Jughead1975
    Jughead1975 is offline Junior Member
    I tried to do that numerous times over the last few days, but I can't get it to type in bold, even if I cut and paste from your comment. I tried it that way and typing manually, but i was unable to find the file in c:\. Then I searched for files and folders throughout my system and could not find the file either. What am I doing wrong?
  10. 26-10-2004  #29
    owen
    owen is offline D-A-L Team Member (UK)
    I didn't mean type it in bold, I just meant type the test displayed in the post as bold into Start> Run.

    Sometimes it doesn't appear. Just post a new Hijack This log and it will do.
  11. 26-10-2004  #30
    Jughead1975
    Jughead1975 is offline Junior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Here it is...

    Logfile of HijackThis v1.98.2
    Scan saved at 6:08:57 PM, on 10/26/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE
    C:\AMERICA ONLINE 6.0\AOLTRAY.EXE
    C:\PROGRAM FILES\NIKON\NKVIEW5\NKVMON.EXE
    C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\SPYWARE KILLER\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.d-a-l.com/help/forumdisplay.php?f=8
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.twmaine.com/
    F1 - win.ini: run=hpfsched
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.D LL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE" /Q
    O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
    O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi3 2.dll
    O18 - Filter: text/html - {8AE4A501-1E1F-11D9-AC32-000B47C8BA8D} - C:\WINDOWS\SYSTEM\EDPBPIA.DLL
Closed Thread
Page 3 of 4 FirstFirst 1 2 3 4 LastLast
« hijack this log, please (Resolved) | hjt log Please Read (Resolved) »