Jump to content


Photo

Hijack Log


  • Please log in to reply
4 replies to this topic

#1 Jules1584

Jules1584

    Member

  • New Member
  • Pip
  • 4 posts

Posted 14 July 2004 - 08:45 PM

I've been attempting to remove this about:blank thing for a month now, buut I think in the end I messed my computer up even more. Now it doesn't shut down properly, and if you press the restart button it can't get through the "improper shut down" scan...thats no good. Its being bombarded by pop ups and every so often my homepage gets changed...Anyways, if anyone could help me out that would be great! Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 9:45:33 PM, on 7/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\VIEWPORT.EXE
C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\INTERNET KEYWORD\INETMGR.EXE
C:\WINDOWS\SYSTEM\WAVEUTIL.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\WINDOWS\SYSTEM\EWNNW4.EXE
C:\WINDOWS\SYSTEM\AUNL.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\INTERNET KEYWORD\INETSVC.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O4 - HKLM\..\Run: [HydarVisionViewport] viewport.exe
O4 - HKLM\..\Run: [IDesktop] C:\Program Files\Immersion Corporation\Immersion Desktop\idesktop.exe 1
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe
O4 - HKLM\..\Run: [WAVEUTIL] C:\WINDOWS\SYSTEM\WAVEUTIL.EXE
O4 - HKLM\..\Run: [3GA@Y9M36ACY9X] C:\WINDOWS\SYSTEM\Zfl8.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunOnce: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 Jules1584

Jules1584

    Member

  • New Member
  • Pip
  • 4 posts

Posted 15 July 2004 - 09:11 AM

*please help*

Edited by Jules1584, 15 July 2004 - 10:49 AM.


#3 Jules1584

Jules1584

    Member

  • New Member
  • Pip
  • 4 posts

Posted 15 July 2004 - 09:18 PM

*bump* Please Help! my computer is going crazy! thanks...:)

#4 Jules1584

Jules1584

    Member

  • New Member
  • Pip
  • 4 posts

Posted 15 July 2004 - 10:38 PM

given this another shot :)

#5 kerry

kerry

    Member

  • New Member
  • Pip
  • 2 posts

Posted 15 July 2004 - 10:47 PM

Jules,

I honestly think that no one really has an answer for this.

Adaware, Spybot, Hijackthis, and even the software you can get from guys on this forum such as about:buster and cwsshredder, can't touch this thing.

Norton pretends it doesn't even exist!
This is the nastiest thing I thin I've ever seen.

You can read my post here,
http://forums.spywar...showtopic=15678

But look around, everyone is having this problem.

All the more reason to use Netscape now I guess.? :)

I'm using it now without a single popup window. Not one all day. But I've been working on getting this res:/xxx.dll thing off my pc for two day solid and can not.

I'm not sure anyone can.

I'm getting extremely frustrzted and am seriously considering formatting my drive and stating over....

Before I do though, I'm going to find out how this thing snuck in, and what I can do to prevent from getting it. Because once you get it, it can't be cured!! :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button