Author Topic: about.blank help (Read 3846 times)

jack1 · « **on:** March 08, 2005, 10:51:46 AM »

I am having a couple of problems with my computer, I believe it is infected. Everytime I open my internet explorer I get a page entitled "about.blank". When I try to open my "contrl panel" it takes as long as "60 seconds" and when I change my home page back to its original setting under "internet options" it will only work once when "about.blank" reapears. I have read some of your posting and see that you usually start the remedy process by viewing a hijackthis log file. I have down loaded this program and my log file follows:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:44 AM, on 03/08/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\ADDTQ32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\APIBC.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\natqc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {708855B6-7B1A-0E07-E911-ABFC91C434AC} - C:\WINDOWS\SYSTEM\APPJM.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [APIBC.EXE] C:\WINDOWS\APIBC.EXE
O4 - HKLM\..\RunServices: [ADDTQ32.EXE] C:\WINDOWS\ADDTQ32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

Can you help me with this problem.

HeddaLora · « **Reply #1 on:** March 08, 2005, 05:50:03 PM »

I'd just get AdAware, update it, run it and remove what it finds.

Or get the new Microsoft spyware removal tool. I've heard from several people that it's quite good.

jack1 · « **Reply #2 on:** March 08, 2005, 07:55:07 PM »

Hi Heddalora,
I did what you suggested, I downloaded Adware and ran it on my computer. On the first scan it identified 290 objects, I went through the removal process and adware performed a quaratine of the objects then preceeded to delete them. the deletion process seem to freeze before completing and the deletion process bar remained on my screen untill I closed the application. I decided to re-scan and found that the objects I thought were deleted were detected once again. Again I ran the deletion and again it seem to freeze before completing. A third scan produced the same results. Can you suggest what could be going wrong. Thanks for your help.

guestolo · « **Reply #3 on:** March 08, 2005, 08:03:40 PM »

Can you please try this Jack

Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates

Next:
You may want to print out these instructions to make it easier to follow
RESTART your computer into SAFE MODE

Open Ad-Aware
Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back to Normal mode to finish the cleaning process

Come back here and post a fresh hijackthis log afterwards

jack1 · « **Reply #4 on:** March 09, 2005, 08:20:40 AM »

gestolo

Here is my hijackthis log. Running adware in safe mode seams to work. There is no longer a long delay when opening my control panel. However about.blank is still a problem.

Logfile of HijackThis v1.99.1
Scan saved at 8:16:50 AM, on 03/09/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\ADDTQ32.EXE
C:\WINDOWS\SYSTEM\ADDNL32.EXE
C:\WINDOWS\SYSTEM\MSKV.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\D3BJ32.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\WINDOWS\ADDZT32.EXE
C:\WINDOWS\CRFN32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {7FD318B9-600D-989C-1DCA-4BF6B4D6258D} - C:\WINDOWS\NETAD.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\RunServices: [ADDTQ32.EXE] C:\WINDOWS\ADDTQ32.EXE
O4 - HKLM\..\RunServices: [SYSOE.EXE] C:\WINDOWS\SYSTEM\SYSOE.EXE
O4 - HKLM\..\RunServices: [ADDNL32.EXE] C:\WINDOWS\SYSTEM\ADDNL32.EXE
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE
O4 - HKLM\..\RunServices: [D3BJ32.EXE] C:\WINDOWS\SYSTEM\D3BJ32.EXE
O4 - HKLM\..\RunServices: [MSKV.EXE] C:\WINDOWS\SYSTEM\MSKV.EXE
O4 - HKLM\..\RunServices: [ADDZT32.EXE] C:\WINDOWS\ADDZT32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

Thanks for your help!

guestolo · « **Reply #5 on:** March 09, 2005, 10:12:43 PM »

Let's try some more cleanup

Download to desktop About:Buster.zip
by RubbeR Ducky
UNZIP the contents to desktop

Open the AboutBuster folder and run About:Buster.exe
Check for updates and update it
Close it out after you update, we'll run this later

Download and save to desktop the Standalone version of CWShredder.exe
Don't run it yet

Download the The Hoster
Unzip it to a folder
We'll need this later

Print out the rest of these instructions or save too a Notepad file on the desktop

RESTART again back to Safe mode
Bring up your Task Manager (Ctrl+Alt+Del) and end Task on these if still running
ADDTQ32.EXE
ADDNL32.EXE
MSKV.EXE
SDKBF32.EXE
D3BJ32.EXE
CRFN32.EXE
SYSOE.EXE <--all instances

Find and delete these files or folders if they exist
C:\WINDOWS\system\kylww.dll <--file
C:\WINDOWS\NETAD.DLL
C:\WINDOWS\ADDTQ32.EXE
C:\WINDOWS\SYSTEM\SYSOE.EXE
C:\WINDOWS\SYSTEM\ADDNL32.EXE
C:\WINDOWS\SYSTEM\SDKBF32.EXE
C:\WINDOWS\SYSTEM\D3BJ32.EXE
C:\WINDOWS\SYSTEM\MSKV.EXE

Stay in safe mode
Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\kylww.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\kylww.dll/sp.html#28129

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {7FD318B9-600D-989C-1DCA-4BF6B4D6258D} - C:\WINDOWS\NETAD.DLL

O4 - HKLM\..\RunServices: [ADDTQ32.EXE] C:\WINDOWS\ADDTQ32.EXE
O4 - HKLM\..\RunServices: [SYSOE.EXE] C:\WINDOWS\SYSTEM\SYSOE.EXE
O4 - HKLM\..\RunServices: [ADDNL32.EXE] C:\WINDOWS\SYSTEM\ADDNL32.EXE
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE
O4 - HKLM\..\RunServices: [D3BJ32.EXE] C:\WINDOWS\SYSTEM\D3BJ32.EXE
O4 - HKLM\..\RunServices: [MSKV.EXE] C:\WINDOWS\SYSTEM\MSKV.EXE
O4 - HKLM\..\RunServices: [ADDZT32.EXE] C:\WINDOWS\ADDZT32.EXE

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Again, in safe mode
Open AboutBuster.exe
Hit Ok. Now for the scanning part. Hit Start and then Ok. The program should start scanning.Scan a Second time. SAVE the logs >>>Then hit exit

Run CWShredder and Click ONLY the FIX button
Let it clean what it can

When it's done Restart back to Normal mode
Run a scan with About:Buster again, save the log

Don't open a Browser yet
Open HOSTER and "RESTORE ORIGINAL HOSTS"

Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

This is important
Look in your C:\Windows\System folder
For this file name
Shell.dll
If it's not there
Download and Save to desktop Shell_98.zip
UNZIP the contents to your
C:\Windows\System folder
That should replace the missing file

Afterwards, you don't appear to be running any Anti-Virus software
Not very safe
If you have your own, Install it now and update it and run a Full System Scan
If you don't have your own
I very much recommend that you download and Install
AVG7 free
From this link
http://free.grisoft.com/doc/2/lng/us/tpl/v5
Give the link time to load if it's busy
Scroll down until you see
avg70free_308a468.exe or similiar

Save the Installer, Double click to Install
After installation ensure you Check for updates and run a Full system Scan

Once the above is done
Post back with a fresh Hijackthis log
Also post the About:Buster logs from SAFE mode and Normal Mode

jack1 · « **Reply #6 on:** March 11, 2005, 03:59:15 PM »

guestolo,

I started to carryout the instructions you sent me and ran in to some problems. I downloaded the softwares and restarted in safe mode. I went to the task manager to look for the programs you listed but none of those were running. I then found all the dll and exe files you listed and deleted them. Idid another scan with hijackthis and found that all the R0 items had a file jpwmo.dll instead of the kylww.dll listed in the previous log and so I did not "fix check" them but did "fix check the renaining ones.Still in safe mode I ran "about:buster" saved the log and exit.

I ran CWSSchredder and used the fix button.

Then I rebooted in normal mode and in the process recieved an error "While initializing device IOS" "error:real mode memeroy allocation failed". I had that happen to me one time in the past and the manufacturer directed to do a "system files restore", which cleared the error. I repeated this restore operation, and the error cleared and I was able to restart in normal mode.

Once rebooted I ran another about:buster log.

I ran Hoster and restored the original hosts.

I reset the web settings as you directed.

I found the shell.dll file it was in my system folder.

When shut down and restarted my computer, I was unable to access the internet. So I decided to re-install my PCI card and dsl modem, but this has not resolved my problem. I am posting to you from another computer which has internet access. Another problem also developed in that when I do a normal shut down, the shut down starts normally but then freezes when it gets to the windows "shutting down screen" and then the only way I could finish the shut down process is to hold the power button in for 5 seconds.

Here is latest hijackthis log and the safe mode and normal mode about:buster logs:

Logfile of HijackThis v1.99.1
Scan saved at 3:49:16 PM, on 03/11/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\jpwmo.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www2.enter.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: {0000031A-0000-0000-C000-000000000046} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Dcfssvc] C:\Program Files\Common Files\KODAK\HYDRA_DR\dcfssvc.exe --pdr: "C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ADDZT32.EXE] C:\WINDOWS\ADDZT32.EXE
O4 - HKLM\..\RunServices: [MSKV.EXE] C:\WINDOWS\SYSTEM\MSKV.EXE
O4 - HKLM\..\RunServices: [D3BJ32.EXE] C:\WINDOWS\SYSTEM\D3BJ32.EXE
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE
O4 - HKLM\..\RunServices: [ADDNL32.EXE] C:\WINDOWS\SYSTEM\ADDNL32.EXE
O4 - HKLM\..\RunServices: [SYSOE.EXE] C:\WINDOWS\SYSTEM\SYSOE.EXE
O4 - HKLM\..\RunServices: [ADDTQ32.EXE] C:\WINDOWS\ADDTQ32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

Scanned at: 2:55:48 PM on: 03/10/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Removed! : C:\WINDOWS\addzt32.exe
Removed! : C:\WINDOWS\addna32.exe
Removed! : C:\WINDOWS\d3lj32.exe
Removed! : C:\WINDOWS\crtu.exe
Removed! : C:\WINDOWS\d3dm32.exe
Removed! : C:\WINDOWS\ieze32.exe
Removed! : C:\WINDOWS\d3rk.exe
Removed! : C:\WINDOWS\netwm32.exe
Removed! : C:\WINDOWS\SYSTEM\d3su.exe
Removed! : C:\WINDOWS\SYSTEM\addwg32.exe
Removed! : C:\WINDOWS\SYSTEM\atltk.exe
Removed! : C:\WINDOWS\SYSTEM\addil.exe
Removed! : C:\WINDOWS\SYSTEM\javaml.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 3:22:57 PM on: 03/10/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

Once again thanks for your help, can you help me resolve these newest problems.

guestolo · « **Reply #7 on:** March 12, 2005, 01:37:44 AM »

Let's try this again

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\jpwmo.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www2.enter.net

R3 - URLSearchHook: {0000031A-0000-0000-C000-000000000046} - - (no file)
O4 - HKLM\..\RunServices: [ADDZT32.EXE] C:\WINDOWS\ADDZT32.EXE
O4 - HKLM\..\RunServices: [MSKV.EXE] C:\WINDOWS\SYSTEM\MSKV.EXE
O4 - HKLM\..\RunServices: [D3BJ32.EXE] C:\WINDOWS\SYSTEM\D3BJ32.EXE
O4 - HKLM\..\RunServices: [SDKBF32.EXE] C:\WINDOWS\SYSTEM\SDKBF32.EXE
O4 - HKLM\..\RunServices: [ADDNL32.EXE] C:\WINDOWS\SYSTEM\ADDNL32.EXE
O4 - HKLM\..\RunServices: [SYSOE.EXE] C:\WINDOWS\SYSTEM\SYSOE.EXE
O4 - HKLM\..\RunServices: [ADDTQ32.EXE] C:\WINDOWS\ADDTQ32.EXE

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer afterwards

Run About:Buster again

I hope you don't think I was kidding about Installing AVG free Edition
Do it now and update it and run a full system scan
A good AV is like running any other Virus or Spyware removal too

Post back with a fresh Hijackthis log afterwards
Please Install and run the free AV on your system

jack1 · « **Reply #8 on:** March 12, 2005, 12:59:35 PM »

guestolo,

I followed your last instructions.

I am still not able to get on the internet with the computer we are troubleshooting. I get a "cannot find server" error whenever I try to open my internet explorer. I have reinstalled my ethernet PCI card and the device manager says its installed and working. When I check my network configuration tcp/ip>netgear pci adapter is shown. When I check my IP configuration it shows an ip address for my PCI adapter of 169.254.54.213 I don't believe this address is correct. I have a DSL connection with a Zoom modem and a linsys wireless router. I am direct wired from the router to the computer I am having trouble with. I have two other computers a notebook and another desk top with wireless conections to the router, both of the other computers can access the internet through the wireless router.

I still cannot shut down or restart my computer normally, it stalls and has to be shut down using the power button.

I plan on installing the AVG program you suggested as soon as I can get back on to the internet.

Buster came up clean and here is the most recent hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:16:13 AM, on 03/12/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\VSTASCAN\VSACCESS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Dcfssvc] C:\Program Files\Common Files\KODAK\HYDRA_DR\dcfssvc.exe --pdr: "C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab

Again thanks for your help.

guestolo · « **Reply #9 on:** March 12, 2005, 04:22:52 PM »

I don't understand the loss of Internet connection

We could try
Winsock2 fix from here
http://www.bu.edu/pcsc/internetaccess/winsock2fix.html

I would like to see a list of your programs first in Add/Remove programs
Can you open Hijackthis>>Open Misc Tools Section>>Open the Uninstall Manager
Click the Save List button

Save the list and post it back here, thanks

Could you also navigate to this file please
C:\WINDOWS\SYSTEM\ABCD.EXE <--file
Right click on it and left click properties
Do you know what it's related too?
What was the date created?

jack1 · « **Reply #10 on:** March 13, 2005, 07:25:19 PM »

Guestolo,

I got to the bottom of my problem, evidently my computer does not like to have both a "dial-up" card and a "ethernet" card installed at the same time. I did another restore with only my "dial-up" card installed. Then I removed the "dial-up" in the device manager, shut down the computer and removed the 'dial-up" card and installed the "ethernet" card. After that both my internet and shut down problems went away.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

About.blank has also disappeared and my computer speed has increased.

I downloaded and installed the "AVG" you suggested.

Again thanks for your expert help.

guestolo · « **Reply #11 on:** March 13, 2005, 07:31:48 PM »

Good to hear, I was hoping you would post back
I know that there has been an issue with Ad-Aware and TIBS Browser object
Removal caused loss of Internet connection
But I didn't see it in your log

Do you know what this file is related too
It may be legit I just want to make sure
C:\WINDOWS\SYSTEM\ABCD.EXE <--this file

Did AVG find anything?

jack1 · « **Reply #12 on:** March 13, 2005, 08:25:58 PM »

Guestolo,

Sorry I have no idea what ABCD.EXE file is for.

I ran AVG and it found and removed another 296 objects.

I installed AVG in the two other personal computer I have here.

AVG looks great.

guestolo · « **Reply #13 on:** March 13, 2005, 08:47:56 PM »

Can you find ABCD.exe on your hard drive

Run it through this online malware scan
Give this site time to load
Jotti's Online Malware scan

Use the browse button and navigate to this file
C:\WINDOWS\SYSTEM\ABCD.EXE<--this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please, just the scanner results

I though it was related too a spell checker, but I'm not sure

jack1 · « **Reply #14 on:** March 13, 2005, 09:01:13 PM »

Guestolo,

Just ran Jotti's Online Malware scan, here's the results:

Service load: 0% 100%

File: abCD.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: -

AntiVir No viruses found (0.43 seconds taken)
Avast No viruses found (1.53 seconds taken)
AVG Antivirus No viruses found (0.54 seconds taken)
BitDefender No viruses found (0.53 seconds taken)
ClamAV No viruses found (0.63 seconds taken)
Dr.Web No viruses found (0.92 seconds taken)
F-Prot Antivirus No viruses found (0.09 seconds taken)
Fortinet No viruses found (0.44 seconds taken)
Kaspersky Anti-Virus No viruses found (1.01 seconds taken)
mks_vir No viruses found (0.24 seconds taken)
NOD32 No viruses found (0.49 seconds taken)
Norman Virus Control No viruses found (0.80 seconds taken)

guestolo · « **Reply #15 on:** March 13, 2005, 09:10:02 PM »

When you navigated to the file and right clicked on the file
What was the creation date of it

You may want to right click on it and rename it too
ABCD.EX_

You will have to shut it down in the task manager first
or Use Hijackthis>>Open Misc Tools section>>
Open Process manager and kill that process beforehand

That way it should do no harm if it is malicious
Just leave it renamed for the time being, if you find no problems with it being renamed
Then you can delete it after a couple of weeks

I have a couple other programs you may be interested in
To set up protection against future attacks

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection

If you find it difficult to run a Hijackthis scan after installing IE-Spyad with Windows 98
That is because IE-spyad adds that long list to your registry and Hijackthis checks that area of your registry for Hijackers
It's a very good and small program that is effective is preventing hijacking on your machine
Both Spywareblaster and IE-Spyad don't run in the background

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

HeddaLora · « **Reply #16 on:** March 15, 2005, 09:20:05 PM »

You keep finding so much stuff on your computer after repeated scannings -- do you have some firewall software in place?

TheTechGuide Forum

News:

Author Topic: about.blank help (Read 3846 times)

jack1

about.blank help

HeddaLora

about.blank help

jack1

about.blank help

guestolo

about.blank help

jack1

about.blank help

guestolo

about.blank help

jack1

about.blank help

guestolo

about.blank help

jack1

about.blank help

guestolo

about.blank help

jack1

about.blank help

guestolo

about.blank help

jack1

about.blank help

guestolo

about.blank help

jack1

about.blank help

guestolo

about.blank help

HeddaLora

about.blank help