• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
cephalopod

I have tried everything! Please read my log file

10 posts in this topic

I posted a log file on Thursday and have not received a response. I realize that most of those that offer assistance are extremely busy with all of the new infections that have sprung up. I have tried Asquared, AVG, Norton, CWshredder, Spybot, AdAware, Stinger, and a couple other programs. A couple found some infected files and destroyed them. I know this infection is not gone. About:Blank is still going to come back I am sure and if I go to my HP Help address it will come right up. I am not sure which variant I have and am completely oblivious as to how to get rid of it. It seems that many are being cured with the FindnFix program, but this seems to only apply to those with Windows XP.

 

Just to reiterate I have tried everything and ABout:Blank still keeps coming back. If someone could read my log file I would be very appreciative. Thank You in advance for any help that would be provided. Here is my log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 8:12:55 PM, on 6/27/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\AVGGRISOFT\AVG6\AVGSERV9.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\HPSYSDRV.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE

C:\WINDOWS\SYSTEM\SAIMON.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE

C:\WINDOWS\SYSTEM\USBMONIT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\AVGGRISOFT\AVG6\AVGCC32.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

F1 - win.ini: run=hpfsched

O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL (file missing)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL (file missing)

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL (file missing)

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe

O4 - HKLM\..\Run: [sAIMON] C:\WINDOWS\SYSTEM\SaiMon.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe

O4 - HKLM\..\Run: [uSBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"

O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\SYSTEM\PD6000SM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

O4 - HKLM\..\Run: [iyyflo] C:\WINDOWS\SYSTEM\ymqsefe.exe

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVGGRI~1\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe

O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\AVGGRI~1\AVG6\Avgserv9.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Startup: KODAK SOFTWARE UPDATER.LNK = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7867.8226273148

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/180f95ca3f2c3c1c2819/...ip/RdxIE601.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud15.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinsthdlk.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab

O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab

O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab

 

Again, any help would be greatly appreciated. I am considering reformatting if this thing can't be cured. But who knows that may not help either. Frustration is at it's max.

Share this post


Link to post
Share on other sites

mme_nrd. Thank you for your suggestion. I have Microsoft ME and it seems that the only ppl that are told to use that method of removal are those with XP. I am unsure whether to implement that removal tactic unless told by one of the experts. I just dont want to mess anything up permanantly. Thank you for your suggestion. I still have not rebooted and will wait for a log analysis b4 I do. Looking forward to a response soon. Thank you to anyone that can help.

Share this post


Link to post
Share on other sites

I was wondering if there is a removal technique that works for those running Microsoft ME. I have seen a few people running XP resolve their problems, but am yet to see any suggestions for those with ME. I am becoming very discouraged and was wondering if this doesnt work out can I just reformat my hard drive. Is that the ultimate solution? I am yet to reboot and my current log is above. Thank You to anyone that can help!

Share this post


Link to post
Share on other sites

Ran the new AdAware update (came out like yesterday) and it found all kinds of stuff not found previously by other programs. Also ran Spybot, CWShredder, Norton, A-Squared, and AVG again. Things are definately looking better, but I am sure this things is not gone. If anyone can take a look at my log and tell me what to do I would greatly appreciate it!! Thanks!!

 

Logfile of HijackThis v1.97.7

Scan saved at 6:28:00 PM, on 6/28/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\AVGGRISOFT\AVG6\AVGSERV9.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\HPSYSDRV.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE

C:\WINDOWS\SYSTEM\SAIMON.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE

C:\WINDOWS\SYSTEM\USBMONIT.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\EHELP\BIN\MAD.EXE

C:\HJT\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

F1 - win.ini: run=hpfsched

O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe

O4 - HKLM\..\Run: [sAIMON] C:\WINDOWS\SYSTEM\SaiMon.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe

O4 - HKLM\..\Run: [uSBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"

O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\SYSTEM\PD6000SM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

O4 - HKLM\..\Run: [iyyflo] C:\WINDOWS\SYSTEM\ymqsefe.exe

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVGGRI~1\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe

O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\AVGGRI~1\AVG6\Avgserv9.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7867.8226273148

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/180f95ca3f2c3c1c2819/...ip/RdxIE601.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud15.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinsthdlk.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab

O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab

O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab

Share this post


Link to post
Share on other sites

I wanted to add that there is a junkxxx file located under my C: drive. The file is empty, but this mustve been planted on my comp by the hijacker.

 

Just wanted to make that know in case it was of importance. Again, my current log is listed above. Analysis of this log would be greatly appreciated. Thanks!!

Share this post


Link to post
Share on other sites

cephalopod:

 

I think that others have figured this out. I posted step-by-step instructions of what I did to kill About:Blank /SearchX HERE. Let me know if it works for you (notice there are additional steps to what you tried previously).

 

Kill the beast!!!

 

:bangbang:

 

The Fist

Share this post


Link to post
Share on other sites

The Fist,

 

I tried to search for a dll file that was modified on the same day as my notepad and wmplayer (6/22/04 @ 11:20 am) using the msdos command U suggested. Nothing of the sort could be found anywhere. I have not had any major problems except for having to reinstall my scanner and digital camera software since I updated all of my anti-malware/spyware software and ran them. I ran AVG, A-squared, Norton, CWshredder, Spybot, and Adaware. Since this time I have rebooted a couple of times and ran adaware, cwshredder, and AVG and nothing has been found by these programs. I may be rid of this thing!!! One disturbing thing though. When I go to the HP Help link that comes with my comp and try to connect to chat with a help assistant (as I have done before) the site comes up as this page cannot be found (it was previously about:blank b4 I ran the above programs). Is there any way to reset/regain this??

 

 

By the way THANKS FOR ALL YOUR HELP!!!!!!

I really appreciate it!!

Share this post


Link to post
Share on other sites

Just to be sure, I would double check if there are any recent (i.e. in June) .dll files with 57,344 bytes in the c:\windows\system directory (make sure that you typed "cd system" to get to that directory). Mine was the exact date and time, but I haven't heard from anyone else to verify that fact. There are around 10 or so files of that size. If it is not there you may be clear. As for the HP issue, I would suggest calling HP (unfortunately I have a Dell and can't help you on that front).

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0