Jump to content


Photo

hijacked by about:blank


  • Please log in to reply
7 replies to this topic

#1 helpneeded

helpneeded

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 11 July 2004 - 09:23 AM

had been getting the about blank redirect, have run adaware, spybot s&d, cwshredder, spyguard, and have installed spywareblaster, but my hijackthis file still doesnt look right, can someone please look at it and let me know if i need to do anything else, my system still seems a little slower than normal

thanx in advance for the help

Logfile of HijackThis v1.98.0
Scan saved at 9:18:25 AM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-ever...g.com/index.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: psic Class - {B6598677-4B54-42A9-BA67-8B64E3FCD92D} - C:\WINDOWS\System32\psic1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\DOCUME~1\ALLUSE~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\DOCUME~1\ALLUSE~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\all users\documents\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\all users\documents\IEExtension.dll
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37...m::/on-line.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab

#2 helpneeded

helpneeded

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 11 July 2004 - 10:11 AM

sorry bout the bump, just dont wanna b ovelooked again

#3 helpneeded

helpneeded

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 11 July 2004 - 11:22 AM

bump

#4 helpneeded

helpneeded

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 11 July 2004 - 01:39 PM

bump

#5 jimarm

jimarm

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 11 July 2004 - 02:36 PM

I don't want to sound pessimistic and I may be wrong, but I have not seen anyone get a lasting fix from the elaborate (and potentially damaging if done incorrectly) protocols suggested on this forum.
I have also installed the programs you mention and for all I know they may have helped. The thing I have found is that the troublemaking hijacks ("search for" in my case, with about:blank as home page address) can be avoided by not letting them open. This can be done by using a back door such as a link on one of your emails or by calling up your Internet Properties and resetting to default or a specific address immediately before logging on (about:blank may come right back, but it hasn't opened).
One thing I haven't been able to avoid is "SearchFor" taking over the reply field on my email program (Outlook Express) if it is set to not include the message replied to (i.e., the field is blank); if the message relplied to is in the field, the problem goes away.
If your browser is slow, check your "ISP Status" to see is if is sending and receiving information when you are not. I think I solved this program with a free installation of ZoneAlarm.
Good luck.

#6 helpneeded

helpneeded

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 11 July 2004 - 03:34 PM

ty for tthe info, but i have been told by many people in my area that this site has been very helpful to them, my only problem has been getting someone to look at my log files to tell me if i have a problem that needs fixed, and how to do it

#7 helpneeded

helpneeded

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 11 July 2004 - 04:22 PM

bump

#8 IndiGenus

IndiGenus

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 11 July 2004 - 04:40 PM

help...stop bumping your posts. I know it's frustrating but if you follow the link here it will explain why "bumping" will only hurt your chances of getting help. And read all the pinned topics to educate yourself as there are more people with problems than there are to help...which is why I'm trying to educate myself. Be patient...read this link

http://forums.spywar...?showtopic=4817

Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button