Jump to content
Sign in to follow this  
ARMARI

About:blank

Recommended Posts

My homepage has been hijacked by About:blank and i can't remove it please help.

here is my log

 

Logfile of HijackThis v1.99.0

Scan saved at 4:49:54 PM, on 20/01/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\addqx32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

C:\Vet\VetTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\atioglxx.exe

C:\WINDOWS\system32\winov32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Anthony\Local Settings\Temp\Temporary Directory 10 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nxqqb.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nxqqb.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nxqqb.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nxqqb.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nxqqb.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nxqqb.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nxqqb.dll/sp.html#37049

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {6BC89B26-3F90-063E-A9AF-B2D80F8C44B2} - C:\WINDOWS\appkj32.dll

O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe

O4 - HKLM\..\Run: [winov32.exe] C:\WINDOWS\system32\winov32.exe

O4 - HKLM\..\RunOnce: [addqx32.exe] C:\WINDOWS\system32\addqx32.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O15 - Trusted IP range: 206.161.125.149

O15 - Trusted IP range: (HKLM)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\d3oc.exe (file missing)

Share this post


Link to post
Share on other sites

You've got a little more going on than just about:blank. While you're waiting for an authorized log reader, you might consider running through a few self help procedures to eliminate some of the variables.

 

If you haven't already, download, update and run Spybot and Adaware. Also, run through a few of the online scanners. On dialup, this may take some time, but should be a part of your regular surfing routine. The web is less safe for the casual user all the time.

 

http://housecall.trendmicro.com/

 

http://www.pandasoftware.com/activescan/ac...f=GB-PR-AS1-203

 

http://onlinecheck.emsisoft.com/en (A2 trojan scanner)

 

http://www.windowsecurity.com/trojanscan/

 

http://www.ravanitvirus.com/scan/

 

These will not get rid of about:blank. That will take some very specific and guided help. Wait for it. But they will clean up a lot of what you may not know you have, and will give you some links you can use in the future, once you've been cleaned and downloaded some better protections.

 

In the meantime, you won't have to feel helpless while you wait ;)

 

bem

Share this post


Link to post
Share on other sites

Well now that doesn't appear to be your scan log either! :angry:

 

ARMARI's original post (scattered in the HJT forum 4 times)

http://pcpitstop.ibforums.com/index.php?showtopic=78628

 

We've got this one in this thread, plus these two as well:

 

http://pcpitstop.ibforums.com/index.php?showtopic=79318

 

http://pcpitstop.ibforums.com/index.php?showtopic=78991

 

Ever heard of the boy who cried Wolf?

Taking advantage of the good nature of the great folks that we have here at the Pit is very revealing.

 

I have a lot of admiration and respect for these folks, and will not allow them to tricked or misled when I see it happening.

 

If you need help, this is definately not the way to go about getting it. :angry:Y

Share this post


Link to post
Share on other sites

Ever heard of the boy who cried Wolf? 

Taking advantage of the good nature of the great folks that we have here at the Pit is very revealing. 

 

I have a lot of admiration and respect for these folks, and will not allow them to tricked or misled when I see it happening.

 

If you need help, this is definately not the way to go about getting it. :angry:Y

ARMARI, this behavior has already caused you to be banned at TomCoyote & to be put under a very watchful eye at Spywareinfo....

 

If the way things are going here don't change very soon, you might not be allowed to be here at all.

Share this post


Link to post
Share on other sites

ARMARI, this behavior has already caused you to be banned at TomCoyote & to be put under a very watchful eye at Spywareinfo....

 

If the way things are going here don't change very soon, you might not be allowed to be here at all.

Seems to me that ARMARI does not know how to stop playing games and wasting people times. My thoughts is that he should be banned.

Share this post


Link to post
Share on other sites

ARMARI, the good people here do a great service to people in need. To take advantage of that is just not on. :angry:

Edited by ferg_85

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...