Hijacked by About Blank

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

john776

Thread Starter
Joined
Apr 15, 2004
Messages
7
O.K. I can not get rid of this. I have talked with numberous people and it will not go away. Is it possible to just clear off my computer of everthing and start over reinstalling? I'm not sure if even this will clear it up, but it is hiding. Does anyone have a fix or can you help me dump all my stuff and reload?

Thanks
 
Joined
Dec 9, 2000
Messages
45,855
John, you have posted Scanlogs a couple of times, neither of them properly. Include the whole log showing version number, Windows version, Browser Version and time of scan.

http://forums.techguy.org/showthread.php?t=222809

Get a current download of HijackThis from the site below.

http://www.spywareinfo.com/~merijn/downloads.html

Also get the Coolwebshredder, CWShredder.exe and run that and have it fix any problems it finds, then reboot and post a new Scanlog.

By the way, since you apparently have WinXP and this is the only rogue dll in the Scanlog:

C:\WINDOWS\System32\jolin.dll

Try this: Press f8 promptly on startup,

From the startup menu choose SafeMode Command Prompt. This does not load Explorer (into which some of these dlls are hooked).

>>> At the command prompt enter:

del C:\WINDOWS\System32\jolin.dll

let me know if you get an error message, such as "not found".

Then reboot and check and fix the Scanlog entries and see if they remain fixed.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5818B24C-DB0D-43B9-A699-A7FE6AC1A7E8} - C:\WINDOWS\System32\jolin.dll

There is also a long discussion of the problem on this forum which may be of some help:

http://www.computercops.biz/postx24263-0-30.html

And I would recommend you install the latest Security patches from Microsoft.

http://forums.techguy.org/t195532.html
 

john776

Thread Starter
Joined
Apr 15, 2004
Messages
7
Thanks for your help. I was leaving out the very top of my HJK log, didn't think it was needed. Here is my latest after running CWShredder and I removed the about:Blank but didn't have the BHO no name. I also did push f8 on restart, nothing happened? Here is my latest log.

Logfile of HijackThis v1.97.7
Scan saved at 9:29:27 PM, on 4/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROPHETSQL\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = google.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.jeld-wen.com/CFIDE/classes/CFJava.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37999.6018634259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Joined
Dec 9, 2000
Messages
45,855
Well I don't see the jolin.dll there any more. Did CoolWebShredder find anything?

Getting the startup menu is a timing thing, usually you will briefly see that screen that prompts you to choose the Windows you want to boot to. If there are no options such as the Recovery Console it passes in a couple of seconds. I'd suggest under the boot.ini tab you increase the "timeout" value which should give you a longer time to press f8 on boot up

You can also enable Safe Mode by running msconfig and selecting /safe boot from the boot.ini tab. There is also the /nogui option but I'm not sure how you deselect that prior to rebooting. I'll have to check that out. I know you can re-run msconfig in Safe Mode, but I'm not sure about Safe Mode Command Prompt.

Right now your Scanlog looks normal; but the problem seems to return in the morning for some, so keep us updated.

In the meantime you might navigate to C:\windows\system32 and do an Advanced search. Select the "modified" search and see what DLLS have been modified within the date range that you have experienced this problem.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top