Jump to content


Photo

about:blank problem, cant access email...


  • Please log in to reply
1 reply to this topic

#1 spundit

spundit

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 July 2004 - 08:02 PM

Hi,

I need serious help! I have an about:blank page that just wont go away. I have used spybot, adaware, spysweeper and etc and i havent been able to figure out how to handle this nasty issue...

Here is my hijack log...


Logfile of HijackThis v1.98.0
Scan saved at 7:49:35 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\Msrv32.exe
C:\WINDOWS\System32\soundtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\documents and settings\joe\local settings\temp\Jc.exe
C:\documents and settings\joe\local settings\temp\pEUGriW7x.exe
C:\Program Files\CasinoOnline\CsRemnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\Win4520\WinSys17281.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Registrar Lite\rl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\tsd32.exe
C:\HijackThis.exe

R3 - URLSearchHook: DNURLPlugIn Class - {183D5161-0C62-4295-896C-44E7442CD6F2} - C:\WINDOWS\System32\DIGITA~2.DLL
O2 - BHO: DNURLPlugIn Class - {183D5161-0C62-4295-896C-44E7442CD6F2} - C:\WINDOWS\System32\DIGITA~2.DLL
O2 - BHO: (no name) - {4C1BBB33-635B-469E-A16D-50A9F4585D0C} - C:\WINDOWS\System32\mpefcaa.dll
O2 - BHO: (no name) - ~{02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - ~{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - ~{1725C17D-7861-4FC5-83E8-BD23C81F4A5E} - (no file)
O2 - BHO: (no name) - ~{183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - ~{25ED3020-77F7-48E2-8991-16B8D3E2E176} - (no file)
O2 - BHO: (no name) - ~{2C95C1DD-B92C-4976-B7D3-1CAE2CBEA0BC} - (no file)
O2 - BHO: (no name) - ~{3A5D2486-E5C1-444E-B688-258026EE87F5} - (no file)
O2 - BHO: (no name) - ~{3B246452-9E56-4E83-8E8C-B1E5E2CDDD57} - (no file)
O2 - BHO: (no name) - ~{549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - ~{5580925C-05A5-426A-8B27-52215F31B188} - (no file)
O2 - BHO: (no name) - ~{6FE8459A-9730-4C2D-9C73-058542A30358} - (no file)
O2 - BHO: (no name) - ~{8F6F79C7-39AB-4722-9B09-F87747E8A033} - (no file)
O2 - BHO: (no name) - ~{9CA45B30-20BE-42D9-8959-517E70DC4A29} - (no file)
O2 - BHO: (no name) - ~{AFD24B5C-63EE-4777-ABE2-3D5F87112DCB} - (no file)
O2 - BHO: (no name) - ~{B27619A3-0CBB-413A-877A-2431BF3A8A54} - (no file)
O2 - BHO: (no name) - ~{C98F8204-6DF0-4005-A8E7-61D024139EFA} - (no file)
O2 - BHO: (no name) - ~{CD0CE833-474C-4EEA-B73F-00705E89ECEB} - (no file)
O2 - BHO: (no name) - ~{DAB79991-75BD-4222-8B88-72CF0EBA77F6} - (no file)
O2 - BHO: (no name) - ~{E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: (no name) - ~{F7C23E11-F498-45F7-8D3B-AD0A8F7DD14D} - (no file)
O2 - BHO: (no name) - ~{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Msrv32] Msrv32.exe
O4 - HKLM\..\Run: [soundtask] soundtask.exe
O4 - HKLM\..\Run: [System Log Event] csrss32.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Jc] C:\documents and settings\joe\local settings\temp\Jc.exe
O4 - HKLM\..\Run: [pEUGriW7x] C:\documents and settings\joe\local settings\temp\pEUGriW7x.exe
O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DigitalNames] C:\WINDOWS\System32\DigitalNamesStart.exe
O4 - HKLM\..\Run: [WinSys17281] C:\WINDOWS\System32\Win4520\WinSys17281.exe ggame6 s
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\RunServices: [Msrv32] Msrv32.exe
O4 - HKLM\..\RunServices: [soundtask] soundtask.exe
O4 - HKLM\..\RunServices: [System Log Event] csrss32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [tsd32] C:\WINDOWS\System32\tsd32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Search.vbs
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: 컴내꺼 [넷하드] - javascript:window.open("http://www.com.ne.kr/", "_blank", "");
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
O15 - Trusted Zone: *.yahoo.com
O15 - Trusted Zone: http://*.yahoo.com
O16 - DPF: {148F17D2-A980-470A-9A49-2C032BF9BCDC} (MarkAny WebSAFER - SBSi) - http://www.sbs.co.kr.../ppv/MAWS05.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {1EE59A7D-F863-4E86-A3D8-93183460B761} (difplayerctrl Class) - http://images.entoi....l/DIFPLAYER.CAB
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.i...workInstall.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net..._XPayMPIOCX.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
O16 - DPF: {5373CE59-8BB8-45DF-96FB-7DC2F668D674} (P3BugsCtrl Class) - http://player.bugs.c...bugsmedia_1.cab
O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.n...oad/CDNExtX.cab
O16 - DPF: {642BA26B-F76D-4E0D-8421-B24CA1A82EF0} (ChatClubYahoo Control) - http://kr.talk.club....atClubYahoo.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr...sOggPlay_11.CAB
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} (TURBO PLAYER Setup Control) - http://cdn.naver.com...bs/turbois9.cab
O16 - DPF: {8C4127A8-68CC-42A8-BE05-57B00D6A4408} (MainControl3 Class) - http://appupdate.gur...ncher3_1005.cab
O16 - DPF: {957F8EA8-8F82-4220-AC1D-00B2DC19A98A} (Ibcd_kbsCtrl Class) - http://img.kbs.co.kr/ib/ibcd_kbs.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://www.odiamond.co.kr/ShortCut.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl195.daum.n..._fileupload.cab
O16 - DPF: {9C2736BA-BE7B-11D8-832B-0010A71A39DB} (clubcon50.frmclubcon50) - http://lyu7845.hihom...images/sexy.CAB
O16 - DPF: {C5C3F918-F6BB-4DF9-9809-214C252CEF7C} (JoyOnSBS Control) - http://game.sbs.co.kr/joyonsbs.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DDA887E8-E6E4-4D48-81E4-817DCA66B8FB} (NethardShort Control) - http://icons.com.ne....rt/NetShort.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.c.../bugsLoader.cab
O16 - DPF: {E4972AF4-E211-49B9-9267-C693E521AEF0} (DaumGame_Linkman Control) - http://211.172.252.2...ame_Linkman.cab
O16 - DPF: {EED125B3-3BE7-49DE-B3C1-CDA0E4B76958} (DigitalNamesPlugInActiveXreNew Control) - http://dnplugin.digi...NamesPlugIn.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{202CF954-7179-4542-BE98-EE1F2D6ACF3B}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{202CF954-7179-4542-BE98-EE1F2D6ACF3B}: NameServer = 206.141.192.60 206.141.193.55
O18 - Filter: text/html - {D92F3A77-688B-42C5-B091-B4562E04F5BC} - C:\WINDOWS\System32\mpefcaa.dll
O18 - Filter: text/plain - {D92F3A77-688B-42C5-B091-B4562E04F5BC} - C:\WINDOWS\System32\mpefcaa.dll



/////////////////////////////////////////////////////////////////////////////////////////////

I have no clue what any of this means... HELP!

Thanks a lot

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 26 August 2004 - 07:27 PM

Due to the time passed, please do the following:
  • HijackThis ...
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:
    • spywareinfo.com
    • subratam.org
    • tools.zerosrealm.com
  • Install/Unzip it into C:\HJT.
  • Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.
  • Run HijackThis, click on scan and wait for the scan to finish.
  • The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.
  • Notepad will open with a copy of the log.
    • Click on "Edit" => "Select All".
    • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.
  • Please post your entire log here for analysis.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button