« previous next »
Pages: [1]

Author Topic: NEED HELP - hijacked by about:blank  (Read 1239 times)

Uzumaki

  • Guest
NEED HELP - hijacked by about:blank
« on: August 06, 2004, 09:10:38 AM »
My computer was recently hijacked by about:blank and I am not able to access my yahoo email nor my Email Removed and it constantly resets my homepage to about:blank.  I thought I fixed it by deleting/modifying some keys in the registry, but it's back.  I'm assuming there's some hidden .dll file that is duplicating the files each time I delete them, but I don't know how to find it.  Here is my hijackthis log file:

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\AYUMI HAMASAKI\SOFTWARE\TCLOCK.EXE
C:\PROGRAM FILES\ISP50\BIN\PPSHARED.EXE
C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE
C:\PROGRAM FILES\ISP50\DIALER\DIALER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\ISP50\MAXSPEED\PROPELAC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\DOWNLOADED PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.peoplepc.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM
FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} -
C:\PROGRAM FILES\ISP50\BIN\BANDOBJECT.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {895A184B-C01F-4954-B3C5-8519D3E74E36} -
C:\WINDOWS\SYSTEM\KDFOOC.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM
FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony
Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe"
/server /nosystray
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program
files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action
Setup\VAServ.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TClock.lnk = C:\Ayumi Hamasaki\Software\TClock.exe
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM
FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM
FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program
Files\ISP50\MAXSPEED\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program
Files\ISP50\MAXSPEED\pac-image.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM
FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
- C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O14 - IERESET.INF: START_PAGE_URL=http://home.peoplepc.com/home
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/271a0d49188926...ip/RdxIE601.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) -
http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) -
http://so.bugs.co.kr/BugsOggPlay_11.CAB
O18 - Filter: text/html - {CC8ACD9E-7049-4691-9DE8-BA028E6BC795} -
C:\WINDOWS\SYSTEM\KDFOOC.DLL
O18 - Filter: text/plain - {CC8ACD9E-7049-4691-9DE8-BA028E6BC795} -
C:\WINDOWS\SYSTEM\KDFOOC.DLL

I need all the help I can get, and would really appreciate any advice on what other programs I should download.  Please let me know if you need any more info.

thanks for your time,

Uzumaki
Logged

sinsa

  • Guest
NEED HELP - hijacked by about:blank
« Reply #1 on: August 06, 2004, 08:31:00 PM »
go to this site will explain how to get ride of about blank http://www.akadia.com/services/about_blank_virus.html
Logged

Offline sinsa

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
NEED HELP - hijacked by about:blank
« Reply #2 on: August 06, 2004, 08:42:40 PM »
follow above link and read whole page before you start will also need to be familar with registry editing
Logged

i am help, i had the same proble

  • Guest
NEED HELP - hijacked by about:blank
« Reply #3 on: August 09, 2004, 01:49:03 PM »
Hi,

just like you, i had the same problem. there is a software that can remove this issue from your computer.
please e-mail me and I will e-mail you the software.
saeed5Email Removed
please do not send spam along with the e-mail, or the e-mail will automatically be rejected.

With Regards,
Sam
Logged

i can help, i had the same probl

  • Guest
NEED HELP - hijacked by about:blank
« Reply #4 on: August 09, 2004, 01:50:20 PM »
Hi,

just like you, i had the same problem. there is a software that can remove this issue from your computer.
please e-mail me and I will e-mail you the software.
saeed5Email Removed
please do not send spam along with the e-mail, or the e-mail will automatically be rejected.

With Regards,
Sam
Logged
Pages: [1]
« previous next »