Jump to content


Photo

about:blank problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 always deferred

always deferred

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 July 2004 - 04:28 PM

Everytime I bring up IE I get this annoying about:blank search site and a spyware removal popup. I have run adaware and Spybot S&D to no avail. Here is a copy of my hijack this log. Please help. Thanks!

of HijackThis v1.98.0
Scan saved at 5:21:03 PM, on 7/29/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {5C8418A1-DBC9-11D8-BD2E-0009C8643551} - C:\WINDOWS\SYSTEM\BPBK.DLL
O2 - BHO: (no name) - {4AF63A09-C245-0BC2-8753-60550DA72E49} - C:\WINDOWS\SYSTEM\MGSUE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [ConfigServices] C:\CPQS\TOOLS\CONFIG.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {F8F9AF06-E177-11D8-BD2E-D02474289C9A} - C:\WINDOWS\SYSTEM\BPBK.DLL
O18 - Filter: text/plain - {F8F9AF06-E177-11D8-BD2E-D02474289C9A} - C:\WINDOWS\SYSTEM\BPBK.DLL

#2 wrb

wrb

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 122 posts

Posted 30 July 2004 - 11:26 PM

Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Copy and paste hijackthis from the desktop to that new folder
Delete your copy on the desktop

Download STARTDRECK
http://members.black.../startdreck.zip
Unzip it to it's own folder

run StartDreck.exe:
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log!

#3 always deferred

always deferred

    Member

  • New Member
  • Pip
  • 2 posts

Posted 03 August 2004 - 12:08 PM

Here is my startdreck log:



StartDreck (build 2.1.5 public BETA) - 2004-08-03 @ 13:02:54
Platform: Windows 98 (Win 4.10.1998 )

舞egistry
舞un Keys
翟urrent User
舞un
*AIM=C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
舞unOnce
聞efault User
舞un
*AIM=C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
舞unOnce
腿ocal Machine
舞un
*ScanRegistry=c:\windows\scanregw.exe /autorun
*TaskMonitor=c:\windows\taskmon.exe
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*EM_EXEC=c:\mouse\system\em_exec.exe
*Aureal A3D Interactive Audio Init=A3dInit.exe
*IntelliType="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
*HPSCANMonitor=c:\windows\SYSTEM\hpsjvxd.exe
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*WindUpdates=C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
舞unOnce
舞unServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*Aureal A3D Interactive Audio=sa3dsrv.exe
*ConfigServices=C:\CPQS\TOOLS\CONFIG.EXE
*SchedulingAgent=mstask.exe
舞unServicesOnce
**t=rundll32 C:\WINDOWS\SYSTEM\MSGPOM.DLL,StreamingDeviceSetup
舞unOnceEx
舞unServicesOnceEx
翡rowser Helper Objects (LM)
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
肇iles
艋ystem/Drivers
舞unning Processes
*FFEF1B37=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFFCF8B=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFFC7B3=C:\WINDOWS\SYSTEM\SPOOL32.EXE
*FFFFD543=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFF061C7=C:\WINDOWS\SYSTEM\SA3DSRV.EXE
*FFF0021F=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFF01223=C:\WINDOWS\SYSTEM\DDHELP.EXE
*FFF0AF1F=C:\WINDOWS\RUNDLL32.EXE
*FFF085D3=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFF14B47=C:\WINDOWS\EXPLORER.EXE
*FFF1FDC7=C:\WINDOWS\TASKMON.EXE
*FFF1865B=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFF2059F=C:\MOUSE\SYSTEM\EM_EXEC.EXE
*FFF223DB=C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
*FFF2CC43=C:\WINDOWS\SYSTEM\HPSJVXD.EXE
*FFF3F2D3=C:\WINDOWS\SYSTEM\STIMON.EXE
*FFF42897=C:\PROGRAM FILES\AIM\AIM.EXE
*FFF3165B=C:\PROGRAM FILES\NETGEAR\MA111 CONFIGURATION UTILITY\WLANCFG4.EXE
*FFF77033=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*FFEACB07=C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
*FFEAF81B=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*F99B1CDB=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*F99B16E3=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*F99C8AC7=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

#4 wrb

wrb

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 122 posts

Posted 03 August 2004 - 07:33 PM

I see this in your Startdreck log
WindUpdates=C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
We will want to deal with that one at some time
Let's first try and get rid of the hidden .dll

Hijackthis has been updated since you last posted
Can you please update your version
Open hijackthis in that newly created folder
Click CONFIG---Misc. Tools---Check for updates online

Set Windows to Show Hidden Files and Folders

Download and unzip Win98Fix.zip
Win98Fix.zip

Also download CWShredder and save to desktop----run this later
CWShredder

Disconnect from the NET

Now, ensure that Win98Fix.zip is unzipped

-DoubleClick on: 'RunFix.reg' file, Answer 'yes'
to the prompt!
-RESTART your computer

Find and delete:
C:\WINDOWS\SYSTEM\MSGPOM.DLL <---this file


Open CWShredder and let it FIX all problems
RESTART again

Open Ad-Aware---CHECK FOR UPDATES
Set these additional options for custom scan
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

RESTART one more time
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back with an updated and fresh hijackthis log, can I also see a new Startdreck log again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button