Jump to content


Photo

Whenever I open my browser, it goes to about:blank


  • Please log in to reply
8 replies to this topic

#1 Sass

Sass

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 05 June 2004 - 04:44 PM

Hi! Okay, my browser (despite how many times i set a homepage :gah: ), always goes to "about blank", and gives me problems. I keep "fixing" my problems in spybot, but they are never really fixed. :techsupport: Help Me Find The Spy! :worm: I have included My Hijaked log, so please let me know what has to go! Thanks for looking!
P.S. i read the FAQ
<br>
Logfile of HijackThis v1.97.7
Scan saved at 11:15:46 PM, on 6/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
C:\PROGRAM FILES\HANDSPRING\HOTSYNC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\IPHLPSVR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab

Edited by Sass, 05 June 2004 - 11:13 PM.


#2 Nemesis6

Nemesis6

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 05 June 2004 - 05:58 PM

Hello. You've got a CoolWebSearch infection and some other stuff. Here's a tool that should take care of the first one - http://www.spywarein.../CWShredder.exe

Save it to a directory(just just open from destination), run it, upgrade it from within the program, and click Fix. Now post a new log.

Edited by Nemesis6, 05 June 2004 - 06:08 PM.


#3 Sass

Sass

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 05 June 2004 - 08:01 PM

thanks! i did that, and got rid of coolwebsearch, i updated the hijackthis log, and still have some spyware. can anyone else help?

#4 Nemesis6

Nemesis6

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 05 June 2004 - 08:13 PM

Well, I'm still here. Looking at your log again.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\R6U461TCCFXP3.DLL

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O15 - Trusted Zone: *.greg-search.com


Now, restart in Safe-Mode(Press F8 a lot of times during startup of the computer untill you are prompted with a dialog, there, you should be able to select it)

Now, when Windows has booted up in Safe-Mode, delete the following files -

C:\WINDOWS\SYSTEM\R6U461TCCFXP3.DLL

Use the search function to find this file - image.dll

Now, restart in normal mode and post a new HijackThis log.

Edited by Nemesis6, 05 June 2004 - 08:26 PM.


#5 Sass

Sass

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 05 June 2004 - 11:13 PM

i have been able to remove everything except the image.dll, but i found an imagehlp.dll. is that the same thing, and should i remove it? i have also updated my log.

#6 Nemesis6

Nemesis6

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 06 June 2004 - 07:00 AM

Imagehlp.dll is a normal file. Don't delete it. Did you boot up in safe-mode? Either image.dll doesn't exist, or it's hidden.

#7 Sass

Sass

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 06 June 2004 - 08:33 AM

yeah, i was in safe mode when i looked for image.dll, and couldn't find it...

#8 Nemesis6

Nemesis6

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 06 June 2004 - 10:34 AM

Then I hereby declare you: Clean. I'd recommend that you download SpywareBlaster, it's a program that blocks a large number (2900 +) of adware, spyware, viruses, cookies, malware, generally a lot of bad stuff from getting into your computer. Here's a link that contain some mirrors for it - http://www.javacools...sbdownload.html
Remember to update it regularly.

Edited by Nemesis6, 06 June 2004 - 10:35 AM.


#9 Sass

Sass

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 06 June 2004 - 09:20 PM

Great tip on the SpywareBlaster, so I downloaded it and ran the install, however I get this error message at the end: "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it.", so I did, about a dozen times, with the same message at the end. Any thoughts??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button