About:Blank Problems

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Cream Factory, Jun 12, 2004.

  1. Cream Factory

    Cream Factory Private E-2

    All right i have been many places and tried many things to get rid of this problem so maybe I have messed up it even more but i dont knwo im not skilled iwth computers in this area, but now the only time i see the hijack page is when i type in a website wrong I seem to be keeping my homepage but who knows for how long i want to gt rid of this for good its driving me nuts. I think this is the logs you guys need to help me =/. I have Ran CW and ad awear then i rebooted this is my log

    Logfile of HijackThis v1.97.7
    Scan saved at 1:13:59 AM, on 6/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\LINKSYS\WMP11 CONFIG UTILITY\WMP11CFG.EXE
    C:\PROGRAM FILES\WIRELESS LAN UTILITY\WLANUTILITY.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Scan Spyware] "C:\PROGRAM FILES\SCANSPYWARE V3.6\SCANNER.EXE"
    O4 - Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
    O4 - Startup: Wireless Lan Utility.lnk = C:\Program Files\Wireless LAN Utility\WlanUtility.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
     
    Cream Factory, Jun 12, 2004
    #1
  2. Cream Factory

    Cream Factory Private E-2

    And I wil be getting Windows xp pro soon maybe that will rid me of this anyways when i install it??????????
     
    Cream Factory, Jun 12, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Hi Cream, Welcom to MG's. I don't see anything in your log of concern. Is that your whole log. It's rather strange to not have anything in between the running processes and the first O2 line.

    You may want to start looking at this thread: http://www.majorgeeks.com/vb/showthread.php?t=34559
    for my last post. We may be heading there with you too. But first have you actually tried a reset of web settings to defaults and also setting your start page to something useful (like www.majorgeeks.com)?
     
    chaslang, Jun 12, 2004
    #3
  4. BaBang

    BaBang Private E-2

    To all you guys with about:blank problems (for those of you that were helping me in my topic, I finally fixed it permanently.), it is indeed a dll file. I found it on my computer and deleted, I can't remember the file name but if it was posted via hijackthis log I could identify it.
     
    BaBang, Jun 12, 2004
    #4
  5. Cream Factory

    Cream Factory Private E-2

    I do not know what i did or how but its gone i am healed! for now if it comes back then i will it was like magic i dunno what combination of things i did but im pretty sure it was a dll file too it dosent even come back when i type in the wrong url
     
    Cream Factory, Jun 12, 2004
    #5
  6. Cream Factory

    Cream Factory Private E-2

    I had been to a million threads and forums and this one did seem to be the best i think it was some thing here i did that fixed it or maybe jsut dumb luck ither way im happy anyways i dont use IE that much any more latley i have been using Mozilla
     
    Cream Factory, Jun 12, 2004
    #6
  7. Cream Factory

    Cream Factory Private E-2

    It came back....................... Im about to destroy my pc right now. anyways heres the logfile i havent done any thign to it since it came back

    Logfile of HijackThis v1.97.7
    Scan saved at 11:01:40 PM, on 6/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\LINKSYS\WMP11 CONFIG UTILITY\WMP11CFG.EXE
    C:\PROGRAM FILES\WIRELESS LAN UTILITY\WLANUTILITY.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\N9HUPO3D\INSTALL_AIM_4.8.2790[1].EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\WINDOWS\DESKTOP\DLS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {0DE13722-BC87-11D8-B4E0-00905C45031C} - C:\WINDOWS\SYSTEM\EMP.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Scan Spyware] "C:\PROGRAM FILES\SCANSPYWARE V3.6\SCANNER.EXE"
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
    O4 - Startup: Wireless Lan Utility.lnk = C:\Program Files\Wireless LAN Utility\WlanUtility.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38149.9403703704

    Yeah i see a few that wernt there before but im not going to run the cw thing or kill box or any thing till i hear some thign from u guys
     
    Cream Factory, Jun 12, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay Cream,

    This maybe the only way to fix this.
    Get DLLFIX.EXE from: http://tools.zerosrealm.com/dllfix.exe

    1) Save the file to your Desktop, double click dllfix.exe and follow the prompts. This will create a folder called dllfix on your desktop.
    2) Click on this folder and then double click on start.bat.
    3) Select option 1 Run Find-All to scan your PC. This will create a log file.
    4) Post this log back here before running any fixes.
     
    chaslang, Jun 12, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds