Jump to content


Photo

HiJack This Log for About:Blank Trojan


  • Please log in to reply
2 replies to this topic

#1 patrickhayes55

patrickhayes55

    Member

  • New Member
  • Pip
  • 3 posts

Posted 31 May 2004 - 05:09 PM

Hello, can someone please check out my HiJack This Log.

My homepage keeps resetting to About:Blank.

I have run these programs and cannot get rid of it: CWShreder, AVG 6.0, Ad-Aware 6.0, Spybot S&D, Norton Antivirus, Spy-Sweeper, and HiJack This. My HiJack this log is below.

I understand that a couple of the registry values have to be deleted or changed. However, I am not sure which ones. Please help.
Thanks,
PH




Logfile of HijackThis v1.97.7
Scan saved at 6:00:18 PM, on 5/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\QUICKENW\QAGENT.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Documents and Settings\PH\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [QAGENT] C:\PROGRA~1\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?1083529216828
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.dotphoto.com/XUpload.ocx

#2 happyguy

happyguy

    Member

  • New Member
  • Pip
  • 2 posts

Posted 13 June 2004 - 07:27 AM

about:blank trojan removed!
(aka HomeOldSP hijacker)

I tried most adware programs to no avail.
The wicked pest kept returning.
Now I am happy to report that there is a cure:
Adware Away.
No free trial - but it is easy as pie to use.
The about:blank trojan was killed in minutes.

Click "more" on Adware Away's menu.
Icons with names of various hijackers are displayed.
Click on those bothering you, and they're gone!!

Well worth the $25 price. In fact it also trashed
CoolWebSearch, Lycos SideSearch and IstBar -
trojans I didn't even know I had. All I can say,
"Adware Away is FANTASTIC".

www.AdwareAway.com

#3 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 17 June 2004 - 11:40 AM

POST EDITED - Please disregard or delete.

Thanks - and sorry.
R. :blush:

Edited by rosso_acido, 17 June 2004 - 05:38 PM.

I am the iron anchor.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button