1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

About:Blank

Discussion in 'Windows XP' started by mfrashuer, Apr 12, 2004.

Thread Status:
Not open for further replies.
  1. mfrashuer

    mfrashuer Thread Starter

    Joined:
    Sep 24, 2002
    Messages:
    92
    I did CWShredder, HiJack This, Spybot, & Adaware.

    Nothing is working. About blank keeps reappearing. I have done what others have told me to do. Delete About blank line, uncheck third part Internet browser, Reboot. It all comes back. Any suggestions? :mad: :mad: :mad:



    Here is the save log file from Hijack this;


    Logfile of HijackThis v1.97.6
    Scan saved at 6:25:56 PM, on 4/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\Bin\HPOstr05.exe
    C:\Program Files\MRU-Blaster\scheduler.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\bin\HPOVDX05.EXE
    C:\WINDOWS\System32\hpoipm07.exe
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Mark Frashuer\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hdgmj.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hdgmj.dll/sp.html (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hdgmj.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hdgmj.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hdgmj.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hdgmj.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {62FC47D5-5C53-4C45-8AB9-C28838330BFA} - C:\WINDOWS\System32\hdgmj.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700 NT\Bin\HPOstr05.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/account/downloads/executables/ie/IDA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. rude

    rude

    Joined:
    Mar 8, 2004
    Messages:
    2,326
    Clear out your TIF and other temp files.
    In Internet Options, under the General tab click the Delete temporary internet files, choose to delete all Offline content.
    Also, go to Start - Search - Files or folders - in the named box, type: *.tmp and choose
    Edit - select all - File - delete. Empty the contents of the C:\Windows\temp folder
    and C:\temp folder, if you have one. Empty Recycle bin.

    After you have done the above,go back to tools/Internet Options, under the General tab/Home Page,reset your home page.
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,181
    You should stick with the same thread where you were getting help the first time from Mobo and Dan. Did you do everything they said? They are probably subscribed to that thread.

    Here's the link:

    http://forums.techguy.org/showthread.php?t=218203

    Also, you should update Hijack This to the lastest version, although I'm sure it won't make much of a difference but it's best to have the latest one before you post your final log. The latest version is v1.97.7.

    Cookie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219758

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice