# Solved: about:blank homepage



## Ben1103 (Oct 22, 2005)

I'am having problems with my homepage. It keeps going to about:blank. I'm also recieving alot of pop-ups when i'm not using my internet explorer. Can you help ?


----------



## Cheeseball81 (Mar 3, 2004)

Welcome to TSG 

Please do the following:

* Click here to download *HJTsetup.exe*: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to *C:\Program Files\Hijack This*.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## Ben1103 (Oct 22, 2005)

Cannot open picture

If you created or worked on your picture in another program, its file format will be other than .MIX.
Explore the different file types Picture It! can open. If you don't see your file type listed:

1	Start the program you used to originally create the picture.
2	Open your picture.
3	Save it again in one of the file formats Picture It! can open, such as .BMP.

Opening a picture created in a different program


----------



## Ben1103 (Oct 22, 2005)

thats the message im getting when i save the log file


----------



## Ben1103 (Oct 22, 2005)

i seem to be having problems when im saving it to the edit>select all then clicking on the edit>copy step it says it can't be recognized


----------



## Cheeseball81 (Mar 3, 2004)

That's very strange. Is your system set to open log files in a Picture program?


----------



## bonk (Sep 8, 2005)

Ok don't save it when it comes up in notepad then just copy and paste it in your next reply.


----------



## Ben1103 (Oct 22, 2005)

im not trying to save my log files in a picture program. It's making me do it for some reason. When i try to save log files im saving it in the Hijackthis folder and when i try to open it says "cannot open picture hijackthis.log ,Picture It! cannopt open the file. this file is either not a recognised picture format or an invalid picture file. To try again, select a different file. If the problem persists, the file may be damaged or it may be a format picture It! does not recogonize then it tells me to know more about file formats press ok


----------



## Ben1103 (Oct 22, 2005)

what do you mean by notepad is that when im trying to save the log file to my computer?


----------



## Cheeseball81 (Mar 3, 2004)

Rescan with Hijack This and click on *Do a system scan only*

Then after that, click Save log

It sounds like .log files are set to open up in Picture It! rather than Notepad or Wordpad


----------



## Ben1103 (Oct 22, 2005)

im still getting the same result when i do a system scan only and trying to save the log. It goes to the picture it !


----------



## kimmer13 (Nov 28, 2001)

when you click on SaveLog and it opens the Save logfile window, by default it is set to save as hijackthis.log. change it to hijackthis.TXT and click the save button.
but your file association for LOG files is going to need to be corrected.
i will post a separate entry w/instructions for that.


----------



## Cheeseball81 (Mar 3, 2004)

Do what kimmer13 has suggested


----------



## Ben1103 (Oct 22, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 9:18:13 PM, on 10/24/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {128A9AC6-0956-F765-EFFA-04E4541172B8} - C:\WINDOWS\SDKII.DLL
O2 - BHO: (no name) - {61CCB864-2ED1-11DA-8737-44453A889289} - C:\WINDOWS\SYSTEM\BEDAHJ.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\3.BIN\IMESHBAR.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\3.BIN\IMESHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\newdotnet3_36.dll' missing
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/NSupd9x.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometcursor/21_cometzone/comet.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/cannonballs/install.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.chm::/MegaInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O18 - Filter: text/html - {500BF37F-4012-11DA-8737-C67699729D3B} - C:\WINDOWS\SYSTEM\BEDAHJ.DLL
O18 - Filter: text/plain - {500BF37F-4012-11DA-8737-C67699729D3B} - C:\WINDOWS\SYSTEM\BEDAHJ.DLL


----------



## Ben1103 (Oct 22, 2005)

is that what you needed?


----------



## Cheeseball81 (Mar 3, 2004)

Yes 

You have a lot of infection. And no anti-virus protection. 

Get *AVG* (it's free): http://free.grisoft.com/doc/1
Install it and run a scan.

Then do the following:

Download *CW-Shredder* at the link below:
http://cwshredder.net/bin/CWShredder.exe

Download '*SpSeHjfix*'. to the desktop and then
right click a blank part of desktop & select new folder, call it spfix 
unzip the file into that folder 
http://www.derbilk.de/SpSeHjfix109.zip

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Now run the Shredder - Hit The FIX button!

*Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.*

Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel>Internet Options>Programs & press Reset Web Settings, then you can set your home page to what you want on the General tab.


----------



## kimmer13 (Nov 28, 2001)

To change your file association open Windows Explorer, click on Tools/Folder Options. Go to the File Types tab. Locate LOG on the list and click on it to highlight. Click the change button. Locate Notepad, highlight it and click OK and OK again to close the dialog boxes.


----------



## Ben1103 (Oct 22, 2005)

alright i will try


----------



## Cheeseball81 (Mar 3, 2004)

It's easier than it looks 

We will get this infection cleaned up for you.


----------



## Ben1103 (Oct 22, 2005)

i seem to be unable to open the SpSeHjfix when im creating a new folder and redownloading it in the spfix folder how can i fix this?


----------



## Cheeseball81 (Mar 3, 2004)

How come you're creating a folder for it? The link should be a direct download (a zip file)


----------



## Ben1103 (Oct 22, 2005)

it was a direct download from the link that you gave me for it but when i tried downloading it.. it seems to not work when i try to open it. it's telling me to click the program you want to use to open the file SpSeHjfix109.zip'. If the program you want is not in the list,click Other Description of '.zip' files:


----------



## Cheeseball81 (Mar 3, 2004)

Do you have a program that opens zip files?


----------



## Ben1103 (Oct 22, 2005)

i think so because the CWShredder worked fine when i downloaded it but. As for the antivirus it's still downloading and is going to take awhile.


----------



## Ben1103 (Oct 22, 2005)

but how would i be able to check if i had a program that opens zip files?


----------



## Cheeseball81 (Mar 3, 2004)

Download WinZip from here: http://oldversion.com/program.php?n=winzip

Then see if you can open SpSeHjfix now.


----------



## Ben1103 (Oct 22, 2005)

alright thanks i will try


----------



## Cheeseball81 (Mar 3, 2004)

You're welcome


----------



## Ben1103 (Oct 22, 2005)

for winzip it shows that there are older versions of it does it matter which one i choose or should i download from where it says free music downloads?


----------



## Ben1103 (Oct 22, 2005)

i downloaded the 8.1 version i hope thats ok


----------



## Ben1103 (Oct 22, 2005)

as for the anti virus it's telling me that it is corrupted and that i should reinstall it so im going to do that


----------



## Cheeseball81 (Mar 3, 2004)

Okay :up:


----------



## Ben1103 (Oct 22, 2005)

when i downloaded the winzip 8-1 SR-1 version it tells me i need to pay 29 bucks for it. Which one do i download if i want the free trial?


----------



## Cheeseball81 (Mar 3, 2004)

Free trial - they should all have free ones. I downloaded the same exact one without a problem.


----------



## Ben1103 (Oct 22, 2005)

where can i get to the free trial?


----------



## kimmer13 (Nov 28, 2001)

most of the older versions will work w/o problem in w98; but even if you download the newest one i believe it comes with a 30 eval period. once installed when you run it you are presented with "use evaluation copy" or "buy now", just click "use eval copy" and you are in.


----------



## Ben1103 (Oct 22, 2005)

alright thank you


----------



## Ben1103 (Oct 22, 2005)

the anti virus that im downloading is u7f36190.bin is that the type that i need to be downloading?


----------



## Cheeseball81 (Mar 3, 2004)

That's the update.

Go here: http://free.grisoft.com/doc/2/lng/us/tpl/v5

Scroll down and click on *avg71free_361a651.exe*


----------



## Ben1103 (Oct 22, 2005)

i need help figuring out the type of antivirus to download the one that i just downloaded didn't work, can u help me?


----------



## Cheeseball81 (Mar 3, 2004)

What happened after you downloaded it?

Avast is another free one: http://www.avast.com/eng/avast_4_home.html


----------



## Ben1103 (Oct 22, 2005)

it showed the same result like it did for the SpSeHjfix before i downloaded the winzip.But it shouldn't do that since i have already downloaded winzip and able to download zip files right? but anway i' will download the other version to see if that works.


----------



## Cheeseball81 (Mar 3, 2004)

That's alittle strange because the AVG download was an .exe not a .zip file.

If you can run CWShredder and SpSeHjfix, do those instructions now and we can get the anti-virus program afterwards.


----------



## Ben1103 (Oct 22, 2005)

ok


----------



## Cheeseball81 (Mar 3, 2004)

:up:


----------



## Ben1103 (Oct 22, 2005)

ok i got off the net and shut all the progams down and i tried running the SpSeHjfix. I did what you said and tried to start disinfection and it rebooted my computer and when i logged back on i tried to press the log button and it showed up to the Picture it! so i ended up having to press the close button. As for the CWSShredder do you want me to press the "fix" button or "scan only"?


----------



## kimmer13 (Nov 28, 2001)

did you change the file association for the log filetype yet?

and use FIX on CWShredder


----------



## Cheeseball81 (Mar 3, 2004)

Fix


----------



## Cheeseball81 (Mar 3, 2004)

As for the file types, the instructions looked a bit like for XP.
In 98, Windows Explorer > View > Folder Options > File Types tab


----------



## Ben1103 (Oct 22, 2005)

i changed the file association awhile back when u told me to convert it to TXT but how am i able to leave it like that?


----------



## kimmer13 (Nov 28, 2001)

go back into it and see if it 'stuck' - does it show LOG file type matched up with the Notepad program?


----------



## Ben1103 (Oct 22, 2005)

i need help finding if it suck or not. i opened SpSeHifix and pressed the evaluating version now what?


----------



## kimmer13 (Nov 28, 2001)

Ok, open Windows Explorer, click on the menu option View, then Folder Options, then go to FileTypes. Scroll down the list of file types till you find LOG and this is where you click "Change" and find Notepad on the list of Programs. Then OK your way out. 
(If Notepad isn't on the list you will use the Browse button to locate it.)


----------



## Ben1103 (Oct 22, 2005)

im not seeing file types when i press the folder option


----------



## kimmer13 (Nov 28, 2001)

it should be a tab labelled along the top of the Folder Options window that opened.


----------



## Ben1103 (Oct 22, 2005)

im sorry i don't really see it


----------



## Ben1103 (Oct 22, 2005)

the file types you are telling me in the folder options is throwing me off


----------



## Cheeseball81 (Mar 3, 2004)

Perhaps we should deal with the infection first.


----------



## Ben1103 (Oct 22, 2005)

sounds good


----------



## kimmer13 (Nov 28, 2001)

..........sorry, just read the post , was typing this apparently at the same time  .... anyway, just save this for later!

OK let's try this a different way. One thing I love about computers is there are always multiple ways to do any task....

Can you locate a log file on your computer? Doesn't matter which one as long as it has the extension log. When you locate it, click on it once with the mouse so it is highlighted. Now press and hold the SHIFT key. While holding it down, right click on the log file. The menu that appears should include "Open with...". Select that. Now locate and click on the Notepad program in the window that opens. Make sure the box is checked that says Always Use this Program. Click OK The file should open in Notepad and your association should be updated.


----------



## Cheeseball81 (Mar 3, 2004)

As for your question, run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.


----------



## Ben1103 (Oct 22, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 9:43:04 PM, on 10/25/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130285122\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130285122\EE\AOLSERVICEHOST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\MICROSOFT PICTURE IT! EXPRESS\PICTURE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {128A9AC6-0956-F765-EFFA-04E4541172B8} - C:\WINDOWS\SDKII.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\3.BIN\IMESHBAR.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\3.BIN\IMESHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130285122\ee\AOLHostManager.exe
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\newdotnet3_36.dll' missing
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/NSupd9x.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometcursor/21_cometzone/comet.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/cannonballs/install.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.chm::/MegaInstaller.exe
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab


----------



## Ben1103 (Oct 22, 2005)

i was just wondering if i got rid of the about:blank. I know im still not protected by any anti virus. I actually got it to download last night but this morning a bunch of programs on my computer wouldn't run so i had to unistall it.


----------



## Cheeseball81 (Mar 3, 2004)

Go to Add/Remove Programs and uninstall *New.Net * (NewDotNet). 
If it will not uninstall, or is not listed there - do this:

First click here: http://www.cexx.org/lspfix.htm to get the *LSP Fix*.

You may not need it, but go ahead and download it just in case.

Now go here: http://www.newdotnet.com/removal.html

Scroll to the bottom of the page to *Procedure 4* and download and run the *New.Net Uninstaller*.

** If you lose your internet connection after running the New.Net Uninstaller, Run the LSP Fix, and click Finish. (Don't do anything else).

That should restore the internet connection.

Restart your computer.

Download *KillBox * here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
*DO NOT* run it yet.

With IE closed, run Hijack This again. 
Put a checkmark on these entries and hit "fix checked":

*O2 - BHO: Class - {128A9AC6-0956-F765-EFFA-04E4541172B8} - C:\WINDOWS\SDKII.DLL

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\3.BIN\IMESHBAR.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL (file missing)

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\3.BIN\IMESHBAR.DLL

O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O10 - Broken Internet access because of LSP provider 'c:\windows\newdotnet3_36.dll' missing

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...lls/install.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Acti...iveLauncher.cab

O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01....gaInstaller.exe

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab*

Boot into *Safe Mode* (start tapping the *F8* key at Startup, before the Windows logo screen)

Double-click on Killbox.exe to run it. 
Now put a tick by Standard File Kill. 
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. 
It will ask for confimation to delete the file. 
Click Yes. 
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

*C:\WINDOWS\SDKII.DLL

C:\WINDOWS\System\spoolsrv32.exe*

Note: It is possible that Killbox will tell you that one or more files do not exist. 
If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the KillBox.

Find and delete these folders (if present):

*C:\PROGRAM FILES\IMESH
C:\PROGRAM FILES\IMESHBAR
C:\Program Files\AWS
C:\Program Files\NewDotNet*

Also in safe mode navigate to the C:\Windows\Temp folder. 
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type *%temp%* in the Run box. 
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. 
On the General tab under "Temporary Internet Files" Click "Delete Files". 
Put a check by "Delete Offline Content" and click OK. 
Click on the Programs tab then click the "Reset Web Settings" button. 
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.


----------



## Ben1103 (Oct 22, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 11:10:57 PM, on 10/25/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130285122\EE\AOLHOSTMANAGER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130285122\EE\AOLSERVICEHOST.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130285122\EE\AOLSERVICEHOST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\MICROSOFT PICTURE IT! EXPRESS\PICTURE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130285122\ee\AOLHostManager.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/NSupd9x.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometcursor/21_cometzone/comet.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab


----------



## Ben1103 (Oct 22, 2005)

i did what u asked for the most part


----------



## Cheeseball81 (Mar 3, 2004)

Great job  Your log is clean. How are things now?


----------



## Ben1103 (Oct 22, 2005)

everything seems to be working fine. Is there any other adjustments i need to make on anything or am i finally finished?


----------



## Cheeseball81 (Mar 3, 2004)

You're good. Just need to get an anti-virus program installed.


----------



## Ben1103 (Oct 22, 2005)

ok about that anti virus i downloaded it last night and it seemed to be working fine until the next morning when i was getting some error's on my computer and it wouldn't let me run anything on my computer. Now that i've done all these adjustments on my computer if i downloaded it again do you think everything will work fine this time?


----------



## Cheeseball81 (Mar 3, 2004)

I think it will. Which one did you download? AVG?


----------



## Ben1103 (Oct 22, 2005)

i decided to get the avast instead. I didn't want to risk avg again.As for scanning should i do a scan once a day or how should i go about doing it?


----------



## Cheeseball81 (Mar 3, 2004)

Maybe every 2 weeks or so.


----------



## Ben1103 (Oct 22, 2005)

alright thanks cheeseball for everything you've done for me i really appreciate it


----------



## Cheeseball81 (Mar 3, 2004)

You're welcome 

You can mark your thread "Solved" from the *Thread Tools* drop down menu.


----------



## Ben1103 (Oct 22, 2005)

Hey cheeseball i was wondering if you could help me fix my sister's computer. She seems to be having problems with her internet explorer. Things are running slow for her and she has been getting some about:blank pop ups. heres her Hijack this log


----------



## Ben1103 (Oct 22, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 8:58:08 PM, on 11/04/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\UOVRPVTS\EYADCAAN.EXE
C:\PROGRAM FILES\UOVRPVTS\NAACDAYE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: IEHlprObj Class - {74266FA9-E6C8-11D3-B48F-0080C77B28D9} - C:\WINDOWS\SYSTEM\IEHELPERMIDDLEMAN.DLL (file missing)
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\SYSTEM\YCOMPANION.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\2.BIN\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [YYFHY9ox] C:\PROGRA~1\UOVRPVTS\EYADCAAN.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: BBSetup - http://download.bonzi.com/freebuddy/wd/bbsetup.exe
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://a794.g.akamai.net/7/794/2743/v0002/images.bonzi.com/freebuddy/wd/bbsetuppop.exe
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/resources/neutral/controls/MsnPUpld.cab?4,0,1009,0
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.karupsgirls.net//style.css::/open.exe


----------



## Ben1103 (Oct 22, 2005)

as of now im downloading avast anti virus for her. is there anything else i need to do?


----------



## Cheeseball81 (Mar 3, 2004)

Yes.

Uninstall *MyWebSearch* from Add/Remove Programs.

Then download and run the following:

*Ad-Aware SE*: http://www.majorgeeks.com/download506.html

Install the program and launch it.
First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next).

*SpyBot S&D*: http://www.majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). 
Click online, Search for updates, Download all available updates. 
Close all Browser windows, Click ''Check for Problems''. 
When the scan is finished let Spybot fix/remove all it finds marked in RED.

Reboot, post a new log.


----------



## Ben1103 (Oct 22, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 9:58:38 AM, on 11/05/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\SYSTEM\YCOMPANION.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ckFHWsEw] C:\PROGRA~1\UOVRPVTS\EYADCAAN.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/resources/neutral/controls/MsnPUpld.cab?4,0,1009,0
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.karupsgirls.net//style.css::/open.exe


----------



## Ben1103 (Oct 22, 2005)

hows that


----------



## Cheeseball81 (Mar 3, 2004)

Download *KillBox* here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
*DO NOT* run it yet.

With IE closed, run Hijack This again. 
Put a checkmark on these entries and hit "fix checked":

*O4 - HKLM\..\Run: [ckFHWsEw] C:\PROGRA~1\UOVRPVTS\EYADCAAN.exe

O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.karupsgirls.net//style.css::/open.exe*

Boot into *Safe Mode* (start tapping the *F8* key at Startup, before the Windows logo screen)

Double-click on Killbox.exe to run it. 
Now put a tick by Standard File Kill. 
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. 
It will ask for confimation to delete the file. 
Click Yes. 
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

*C:\PROGRA~1\UOVRPVTS\EYADCAAN.exe*

Note: It is possible that Killbox will tell you that one or more files do not exist. 
If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the KillBox.

Open My Computer. 
Select the View menu and click Folder Options. 
Select the View Tab. 
In the Hidden files section select Show all files. 
Click OK.

Find and delete this folder: *C:\PROGRAM FILES\UOVRPVTS*

Also in Safe Mode navigate to the C:\Windows\Temp folder. 
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type *%temp%* in the Run box. 
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. 
On the General tab under "Temporary Internet Files" Click "Delete Files". 
Put a check by "Delete Offline Content" and click OK. 
Click on the Programs tab then click the "Reset Web Settings" button. 
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.


----------



## Ben1103 (Oct 22, 2005)

it's not letting me download killbox. how can i fix it?


----------



## Cheeseball81 (Mar 3, 2004)

Try this link: http://www.atribune.org/downloads/KillBox.exe


----------



## Ben1103 (Oct 22, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 5:13:28 PM, on 11/05/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\SYSTEM\YCOMPANION.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/resources/neutral/controls/MsnPUpld.cab?4,0,1009,0
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab


----------



## Ben1103 (Oct 22, 2005)

hows that cheeseball?


----------



## Cheeseball81 (Mar 3, 2004)

Looks clean  How are things now?


----------



## Ben1103 (Oct 22, 2005)

pretty good she's going to like this thanks alot


----------



## Cheeseball81 (Mar 3, 2004)

You're welcome


----------

