• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
iltis

about:blank - hijacked

28 posts in this topic

Hi,

for a few days my IE starts with about:blank (Search for...) no matter what starting page I've set before. At the same time my net connection slowed down extremely!

Ad-aware & Spybot did not help. Please give me some intructions how to get rid of that! Thanks.

 

Here is my HJT log:

 

Logfile of HijackThis v1.97.7

Scan saved at 23:30:18, on 2004.06.22.

Platform: Windows XP Szervizcsomag 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\totalcmd\TOTALCMD.EXE

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\System32\ctfmon.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\pruzo\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\pruzo\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\pruzo\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\pruzo\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\pruzo\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\pruzo\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {7C62771B-A1B7-453A-9EAA-E1E2B2DD16F7} - C:\WINDOWS\System32\mmg.dll

O3 - Toolbar: &Rádió - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8051.5118287037

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

i have same problem- keep resetting my home page- getting pop ups telling me internet explorer has spy

i've ran spybot and reg cleaner

HELP :grrr:

Share this post


Link to post
Share on other sites

(sorry bad english) i have got the same problem (about blank), but i have it a bit under controle now i think.

i have used CWshredder (found on google) and deleted the first "software"

then i did a hijackthis on my computer and saved a log file.

and i use spysweeper so i am protected and you can restore your homepage by adding it in one of the tabs. so you can use your internet now normal.

the only (bad) thing is, i don't know how to get rid of it completly, cause it is keep coming back, i do a check with sweeper every day and he will find it back every day.

so it seems that it is deep down in my computer i think.

i have made a logfile with hijack this, maybe someone knows if there is still something in my computer and what i should remove.

i have put one file "out of order", it looked weired i though, maybe someone knows if it belongs to my computer or not.

it's a: nwiz-quitlyinstall...... file.

i have read in another forum that it belongs to windows, but others said that it is spy or something.

 

Logfile of HijackThis v1.97.7

Scan saved at 23:28:47, on 22-6-2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Eigenaar\Mijn documenten\My eBooks\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {A696EA93-1C02-4CB5-9F84-9C799CECB151} - C:\WINDOWS\System32\hjklda.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

 

i hope somebody can tell me what to do with all this.

Share this post


Link to post
Share on other sites

Well... first, I know that we're supposed to not post our hijack files on other folks' threads... but be-that-as-it-may,

 

I've got the same problem and I've noticed that we all have that temp/sp.html file in common and I KNOW it's not supposed to be there. I'm going to have a look around. Remember that these folks get probably a couple hundred of idiots like me every day with these problems. I'm sure someone's beaten it.

Share this post


Link to post
Share on other sites

sights0d and all of you guys pleaaaaaase help me, i've been struggling with the same problem and it seems that my log is very similar to yours. i have tried everything: ad-aware, spy-bot, spy-sweeper, CWshredder.....nothing helps it keeps coming back...

 

i hope there is a solution out there somehwere!!!!

 

thanks...in advance....i hope

Share this post


Link to post
Share on other sites
sights0d and all of you guys pleaaaaaase help me, i've been struggling with the same problem and it seems that my log is very similar to yours. i have tried everything: ad-aware, spy-bot, spy-sweeper, CWshredder.....nothing helps it keeps coming back...

 

i hope there is a solution out there somehwere!!!!

 

thanks...in advance....i hope

Well... I see seraphim here and he's the only one I know who's conquered it. TELL US, OH GREAT ONE!!!

Share this post


Link to post
Share on other sites

i am sorry for the log file. i hope someone can give us the solution, i am becoming mad from this "thing".

i am still seeing it in my log, seems he nevers disappears.

thousend thanks if one can help.

Share this post


Link to post
Share on other sites

okay i just have got the solution from some one from belgium.

if your logfile have the same files like mine, you must delete the follwing files in "hijack this":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

and this one:

O2 - BHO: (no name) - {A696EA93-1C02-4CB5-9F84-9C799CECB151} - C:\WINDOWS\System32\hjklda.dll

after deleting them, you reboot your system and test again in "hijack this"

mine was clean at last!!!!!!

Share this post


Link to post
Share on other sites

WHOA!!! HOLD ON!!!

 

Remember that this )(@)$&(!~!!! is generating random registry names...

 

Check all those items that end in temp/sp.html fix those.

 

Now... the item in my comp was named gshm and it was in my system folder in the 04 section on HJT. Find the item in your system folder that is newest (view it by date). It's probably the culprate, especially if it's been within the last day or so. Check him and delete his butt.

 

I'm clean now. WOOHOO!!! :wave:

 

I only had to get rid of one item aside from those sp.html files.

 

Good luck!

 

Trust me. Don't screw your registry up unless you're SURE you know what to do.

Edited by sights0d

Share this post


Link to post
Share on other sites

AHHHHHHHHHHHHHHHHH this thing is killing me.....I had the same "sp.html" as cherrish but not the ".dll"?????

 

what to do ????

Share this post


Link to post
Share on other sites

hey sights0d i couldnt find that file.....what shall i do???

 

im almost tempted to format my stupid hard drive!!!!

Share this post


Link to post
Share on other sites
AHHHHHHHHHHHHHHHHH this thing is killing me.....I had the same "sp.html" as cherrish but not the ".dll"?????

 

what to do ????

It randomly generates the file name. I'd go into the system folder and find the newest files. It should have been modified the last time you deleted the sp files. That's the bad boy.

Share this post


Link to post
Share on other sites
AHHHHHHHHHHHHHHHHH this thing is killing me.....I had the same "sp.html" as cherrish but not the ".dll"?????

 

what to do ????

It randomly generates the file name. I'd go into the system folder and find the newest files. It should have been modified the last time you deleted the sp files. That's the bad boy.

Jojo... pm me your HJT log. I'll look it over. I'm no expert, but maybe I can help you.

Share this post


Link to post
Share on other sites

i dont know if i'm being an idiot or not (please excuse me if i am), by system folder you're implying windows/system? the latest modified file dates back to 2002..

 

im lost!

Share this post


Link to post
Share on other sites

here it is.....

 

i have already deleted the sp. lines and rebooted

 

 

Logfile of HijackThis v1.97.7

Scan saved at 8:23:24 PM, on 6/22/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE

C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\taskswitch.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Documents and Settings\Johans\Desktop\FreeRAM XP Pro 1.40.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

C:\Program Files\Internet Explorer\iexplore.exe

E:\setup.exe

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Johans\My Documents\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro2004.com/index.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe //ICWLaunch

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Johans\Desktop\FreeRAM XP Pro 1.40.exe" -win

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ATI TV (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwa...are/awswaxf.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1087766319343

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7903.3950578704

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.madonion.com/global/msc34.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab

Share this post


Link to post
Share on other sites
i dont know if i'm being an idiot or not (please excuse me if i am), by system folder you're implying windows/system? the latest modified file dates back to 2002..

 

im lost!

Just post your HJT log. The file you're looking for is the most recent in the windows/system folder. On your HJT file it'll probably say no name at the beginning... Like mine said

O2 - BHO: (no name) - {CAA618A3-C3A6-11D8-8AE8-00500AB1BAF8} - C:\WINDOWS\SYSTEM\GAHI.DLL

Share this post


Link to post
Share on other sites
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro2004.com/index.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe //ICWLaunch

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

These ones are suspicious. Find the files associated with them (by navigating to them) and check their last activity by getting the properties on the actual file.

 

BTW, this'll screw up your MS Media player, so you'll have to re-download it.

 

O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

are especially suspicious because of the "no name" on them.

Share this post


Link to post
Share on other sites

Great. Never mind. Mine came back :grrr::techsupport: I'm going back to work on it. BTW... has anyone else had any luck downloading ad aware?

Share this post


Link to post
Share on other sites
hey sights0d i have ad aware...how do u want it?

 

i guess it's back to the drawing board for us!!

I'll send you an email address via email through this board.

Share this post


Link to post
Share on other sites

Problem solved once I ran ad aware with the newest update. Hopefully it'll stay that way. It ran a bit slowly at first, but I ran MSconfig and unclicked some processes.

Share this post


Link to post
Share on other sites

i just registered to the site because this post fixed my computer.

 

remove all the log entries that refer to the location mentioned earlier. if your .dll file does not match the one above, which mine didn't, i checked the box for .dll file that was located in the system32 folder like the other. i fixed those entries and i rebooted and scanned again. i recieved the same log but i had a different .dll file but in the same system 32 folder. i checked all the boxes again including the new .dll file and fixed those. after rebooting and scanning again i found the problem was solved and i got my homepage back again. any questions feel free to e-mail me for any clarity if needed.

Share this post


Link to post
Share on other sites
i just registered to the site because this post fixed my computer.

 

remove all the log entries that refer to the location mentioned earlier. if your .dll file does not match the one above, which mine didn't, i checked the box for .dll file that was located in the system32 folder like the other. i fixed those entries and i rebooted and scanned again. i recieved the same log but i had a different .dll file but in the same system 32 folder. i checked all the boxes again including the new .dll file and fixed those. after rebooting and scanning again i found the problem was solved and i got my homepage back again. any questions feel free to e-mail me for any clarity if needed.

I did the same thing and it wasn't there even after restarting twice, but it came back anyway. Trust me. the ad aware worked wonders.

Share this post


Link to post
Share on other sites

After reading that Ad-Aware helps I tried to download Ad-Aware from download.com and was unable to download the program. Any suggestions?

Share this post


Link to post
Share on other sites

HELP! HELP! HELP!

THIS ABOUT:BLANK BROWSER HIJACK IS A SON OF A B!!

I CAN'T SEEM TO SHAKE IT NO MATTER WHAT I DO.. ADAWARE,CWSSHREDDER.. YOU NAME IT.

CAN SOMEONE PLEASE HELP ME.

I FEEL LIKE TOSSING MY COMPUTER OUT OF THE WINDOW.

THANKS, -C

Share this post


Link to post
Share on other sites

IF you don't have the dll mentioned in other posts you probably have this one. adgbg.dll

That's the one that creates the registry entries and the sp.html file.

You'll probably have to delete it in safe-mode

You must delete this file before making cautious changes to your registry and deleting the sp.html file.

Search your registry for all references to the file and delete them. Then delete references to sp.html

 

Please be cautious with your registry. An updated version of Ad-aware will also be able to find this ware and fix the problems

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0