Jump to content


Photo

yet another about:blank problem


  • Please log in to reply
13 replies to this topic

#1 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 30 July 2004 - 08:01 AM

hey guys...

As of lately, the about:blank homepage has become a nuissance to me. Usually i don't have problem with it being in my homepage, but as of lately certain webpages and e-mail sites have been redirected back to the about:blank homepage. I've used CSWshredder, ad-ware 6 and spybot to try to get rid of it. I've even tried a previous forum on about:blank. My system is fine and everything, but it's just becoming rather annoying.

Any suggestions?

Here's the stats from hijack

Logfile of HijackThis v1.98.0
Scan saved at 4:32:11 AM, on 7/30/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NTSYWXF.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\IELEJJ.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\IELEJJ.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\IELEJJ.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\IELEJJ.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\IELEJJ.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\IELEJJ.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {4BFA3272-9C42-2EE1-8751-66557FA52E1C} - C:\WINDOWS\SYSTEM\KMXP.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
O2 - BHO: (no name) - {1A061A3C-E1B4-11D8-89E7-0004933D9110} - C:\WINDOWS\SYSTEM\IELEJJ.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [Prein] C:\WINDOWS\TEMP\APPC1E1.TMP
O4 - HKLM\..\Run: [LDCM Application Launcher] "C:\Program Files\Intel\LDCM\LDCM Launcher.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [DMIStart] C:\Program Files\Intel\LDCM\DMIStart.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut1.exe
O4 - Startup: E_SPSU01.lnk = C:\WINDOWS\SYSTEM\E_SPSU01.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: ComcastHSI - {60847400-6611-11D8-89E5-00047572B31D} - http://www.comcast.net/ (file missing) (HKCU)
O9 - Extra button: Help - {60847401-6611-11D8-89E5-00047572B31D} - http://online.comcast.net/help/ (file missing) (HKCU)
O9 - Extra button: Support - {60847402-6611-11D8-89E5-00047572B31D} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywa...r2501031120.EXE
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v5.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtange...ave/Install.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/emCraft1.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O18 - Filter: text/html - {1A061A3B-E1B4-11D8-89E7-00041CD40964} - C:\WINDOWS\SYSTEM\IELEJJ.DLL
O18 - Filter: text/plain - {1A061A3B-E1B4-11D8-89E7-00041CD40964} - C:\WINDOWS\SYSTEM\IELEJJ.DLL

Thanks in advance when you get it too

#2 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 30 July 2004 - 08:07 AM

i forgot to mention i also used the about:black program...About:buster and it hasn't really done much....

Thanks again.

#3 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 02 August 2004 - 05:31 PM

hey guys...

i understand this is taking time...but i decided to take things in my own hands by reading most post so far...But the problem is still persisting and i am still i need of help ans i'm willing to be patient. I appreciate your help and if i'm violating any of the fourm rules, it is with my deepest apologies that i'm bumping my question up. Here's what i've done so far. I tired using the findnfix.exe file and tried getting info on the !logi.exe., and for some reason 2 particular keys won't be added into the report.


Here are the keys that aren't being loaded into the report:

Keys1\winkey.reg
HLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows

I know this program Findnfix.exe is specially for XP or 2000...but any suggestions for 98 OS.

Heres the notepad results of Findnfix.exe:


»»»»»(*6*)»»»»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...



»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)


»»Dumping Values........


»»Security settings for 'Windows' key:

»»Member of...: (Admin logon required!)


»»»»»»Backups created...»»»»»»

*Temp backups...

»»Performing string scan....
--------------
--------------
--------------
--------------
--------------
--------------

------------
Dos mem debug...



Thanks again for the help and I'm always open to suggestions.

#4 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 02 August 2004 - 05:44 PM

:blink: What on earth??? :blink:

I tired using the findnfix.exe file and tried getting info on the !logi.exe., and for some reason 2 particular keys won't be added into the report


It's not for Win98 at all!!
Matter of fact, some of the functions/commands can act unexpectedly on 9x
And will NOT find anything!
What prompted you to run it?

Delete the entire package from your drive asap!
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#5 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 02 August 2004 - 05:50 PM

o.k...sorri...wasn't sure if the program was compatible for the common os's like xp or 98 or Me. Don't worri...i got rid of it

#6 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 02 August 2004 - 05:50 PM

GoTo:
Start>run>Type:
msinfo32
*Expand: "Software Environment"
*Expand: "System hooks"
File may be listed As:

-Hook type: Window Procedure
-Hooked by: XXXXX.dll
-Application: RUNDLL32.EXE
-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll
-Application path: C:\WINDOWS\RUNDLL32.EXE

Where XXXXX..dll is the file name.

If So hilite And use edit>copy and post here

Next, Download "StartDreck":

http://www.niksoft.a.../startdreck.htm

Unzip and run StartDreck.exe:
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log!
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#7 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 02 August 2004 - 05:54 PM

ummm....sorri to say this...but the system hooks has no expansion...will i need to follow up by

#8 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 02 August 2004 - 05:57 PM

...sorri about that last post...what i meant to say was....

will i need to use that zip file?....my system hooks has no items in the display and i literally mean Nothing in it

#9 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 02 August 2004 - 06:10 PM

Run hijackthis and fix checked:

*R1/ *RO/ *R3 Lines: -ALL!
O2 - BHO: (no name) - {4BFA3272-9C42-2EE1-8751-66557FA52E1C} - C:\WINDOWS\SYSTEM\KMXP.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
O2 - BHO: (no name) - {1A061A3C-E1B4-11D8-89E7-0004933D9110} - C:\WINDOWS\SYSTEM\IELEJJ.DLL
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [Prein] C:\WINDOWS\TEMP\APPC1E1.TMP
O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywa...r2501031120.EXE
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/emCraft1.cab
O18 - Filter: text/html - {1A061A3B-E1B4-11D8-89E7-00041CD40964} - C:\WINDOWS\SYSTEM\IELEJJ.DLL
O18 - Filter: text/plain - {1A061A3B-E1B4-11D8-89E7-00041CD40964} - C:\WINDOWS\SYSTEM\IELEJJ.DLL


Restart computer in safe mode.
Run hijackthis again and compare the
pointed entries above in the quoted list, fix any
that turned up again.

Search for and delete, if found:
C:\TV MEDIA< entire folder
PROGRAM FILES\SIDEFIND< entire folder
WINDOWS\SYSTEM\(IELEJJ.DLL, KMXP.DLL) < files!

Go to: WINDOWS\TEMP< And empty contents of temp folder
as much as possible.

When done, post new hijackthis log and scan
results from the "next" step indicated in my
previous post! (Ignore the first)
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#10 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 02 August 2004 - 06:12 PM

alright...although i don't have anything in my Micrsoft system information :system hooks....Here are the startDreck info:


StartDreck (build 2.1.5 public BETA) - 2004-08-02 @ 18:07:45
Platform: Windows 98 (Win 4.10.1998 )

»Registry
»Run Keys
»Current User
»Run
*ATI Launchpad="C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
*TV Media=C:\TV MEDIA\TVM.EXE
»Default User
»Run
*ATI Launchpad="C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
*TV Media=C:\TV MEDIA\TVM.EXE
»Local Machine
»Run
*TaskMonitor=C:\WINDOWS\taskmon.exe
*Creative Launcher=C:\Program Files\Creative\Launcher\CTLauncher.EXE
*AudioHQ=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
*AtiPTA=Atiptaxx.exe
*RealTray=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*KodakCCS=C:\WINDOWS\System32\Drivers\KodakCCS.exe
*USBMonit.exe="C:\WINDOWS\SYSTEM\USBMonit.exe"
*Synchronization Manager=mobsync.exe /logon
*TV Media=C:\TV MEDIA\TVM.EXE
*Prein=C:\WINDOWS\TEMP\APPC1E1.TMP
*LDCM Application Launcher="C:\Program Files\Intel\LDCM\LDCM Launcher.exe"
*InCD=C:\Program Files\ahead\InCD\InCD.exe
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*Installed=1
*NoChange=1
*Installed=1
*Installed=1
»RunOnce
*TV Media=C:\TV MEDIA\TVM.EXE
»RunServices
*ATIPOLAB=ati2evxx.exe
*DMIStart=C:\Program Files\Intel\LDCM\DMIStart.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*{4BFA3272-9C42-2EE1-8751-66557FA52E1C}
`InprocServer32=C:\WINDOWS\SYSTEM\KMXP.DLL
*DyFuCA_BH.BHObj.1/{00000010-6F7D-442C-93E3-4A4827C2E4C8}
`InprocServer32=C:\WINDOWS\NEM219.DLL
*BrowserHelperObject.BAHelper.1/{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
`InprocServer32=C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
*{1F5F664D-E2EA-11D8-89E7-000498239425}
`InprocServer32=C:\WINDOWS\SYSTEM\IELEJJ.DLL
»Files
»System/Drivers
»Running Processes
*FF8F51E1=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFF650D=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFF109D=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFF2B85=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFFDB39=C:\WINDOWS\EXPLORER.EXE
*FFFE36DD=C:\WINDOWS\TASKMON.EXE
*FFFEC035=C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
*FFFEF081=C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
*FFFEE7BD=C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
*FFFE99D5=C:\WINDOWS\SYSTEM\STIMON.EXE
*FFFEA671=C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
*FFFD45B1=C:\WINDOWS\SYSTEM\USBMONIT.EXE
*FFFD3245=C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
*FFFDD321=C:\WINDOWS\SYSTEM\QTTASK.EXE
*FFFDF2A5=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
*FFFDB771=C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
*FFF34D49=C:\WINDOWS\SYSTEM\SPOOL32.EXE
*FFF3FF25=C:\WINDOWS\SYSTEM\DDHELP.EXE
*FFF15765=C:\WINDOWS\SYSTEM\NTSYWXF.EXE
*FFF0DB31=C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
*FFF0B99D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*FFF714BD=C:\WINDOWS\SYSTEM\PSTORES.EXE
*FFF008FD=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE
*FFFE203D=C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\STARTDRECK.EXE
»Application specific

#11 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 02 August 2004 - 06:18 PM

alright this is going to take me sometime...i appreciate this again...

#12 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 02 August 2004 - 06:22 PM

StartDreck is no longer needed.

Just follow up on all the hijackthis steps outlined in my previous post.

When done, delete this file as well, if present:
WINDOWS\NEM219.DLL<

Read the FAQs here, Run all available removal tools again such as:
-CWShredder
-SpyBot S&D
- Ad-Aware

*Make sure they are the latest versions +ref files.
As most your pests are detected!!! :scratchhead:
.....and you should be all set.

Feel free to post final follow up hijackthis log.
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#13 FinalDynasty001

FinalDynasty001

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 02 August 2004 - 06:52 PM

WHOOO HOOO...No more about:blank page...but still named about:blank...anyways...Thanks!...here's the final logs just to clean up any loose ends

Logfile of HijackThis v1.98.0
Scan saved at 6:49:35 PM, on 8/2/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\HIJACKTHIS.EXE

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LDCM Application Launcher] "C:\Program Files\Intel\LDCM\LDCM Launcher.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [DMIStart] C:\Program Files\Intel\LDCM\DMIStart.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut1.exe
O4 - Startup: E_SPSU01.lnk = C:\WINDOWS\SYSTEM\E_SPSU01.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ComcastHSI - {60847400-6611-11D8-89E5-00047572B31D} - http://www.comcast.net/ (file missing) (HKCU)
O9 - Extra button: Help - {60847401-6611-11D8-89E5-00047572B31D} - http://online.comcast.net/help/ (file missing) (HKCU)
O9 - Extra button: Support - {60847402-6611-11D8-89E5-00047572B31D} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com


THANK YOU AGAIN!....if you have any last comments...i'm always open to options

#14 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 02 August 2004 - 08:08 PM

Nice progress! :thumbsup:

To complement the cleaup, asap hop on to windows Updates (link(s) bellow)
And upgrade your outdated version of IE to it's current: IE6/SP1
Incuding but not limited to --all -- security patches offered.

Unless you do so, immediate reinfection is guaranteed! :p

Keep your Win98 out of trouble! ;)
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button