| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 59388 | 2005-06-30 23:30:00 | About: Blank | pctek (84) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 368325 | 2005-06-30 23:30:00 | I think I may have had this. This morning my browser decided it wuld only load certain webpages. One that wouldn't was this one. I did a seacrh with AdAware, Spybot and Counterspy. Clean. Ran Hijackthis. Clean (I only have 1/2 dozen entries anyway). Ran CWShredder. It did not fing about:blank but did find another hijacker. The manual removal instructions said to remove certain files. I did not have any of them. So I attempeted to get PCWorld again and bookmarked it while it was doing nothing. The bookmark reported about:Blank as the page. SO I went into the registry and checked for the .dll - none listed. So I deleted all IEs home, search and default page listings completely. I do not actually have IE installed anymore although those reg entries remained. Go back on the net, everythings fine. What do you guys think? It couldn't quite do it due to IE being gone? It was a variant? I still have it? Logfile of HijackThis v1.99.1 Scan saved at 10:24:53 a.m., on 1/07/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\CounterSpy Client\sunasDTServ.exe D:\CounterSpy Client\sunasServ.exe D:\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe D:\Mozilla\mozilla.exe D:\Temp\Business\Protection\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunasDTServ] D:\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] D:\CounterSpy Client\sunasServ.exe O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Zone Labs\ZoneAlarm\zapro.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - d:\NVIDIA\NETWOR~1\bin\nSvcIp.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe |
pctek (84) | ||
| 368326 | 2005-06-30 23:37:00 | I would check your hosts file first If you don't know how to do it manually use Spybots Advanced Mode > Tools section to check it |
bartsdadhomer (80) | ||
| 368327 | 2005-06-30 23:38:00 | I would check your hosts file first If you don't know how to do it manually use Spybots Advanced Mode > Tools section to check it localhost 127.0.0.1 |
pctek (84) | ||
| 368328 | 2005-07-01 00:03:00 | www.file.net run HJT while in safe mode. |
tweak'e (69) | ||
| 368329 | 2005-07-01 01:01:00 | Interesting the asus keyboard thing and the ATI stuff were there for ages. Anyway, removal of it all hasn't caused a problem so best gone I think. Thanks guys. Logfile of HijackThis v1.99.1 Scan saved at 11:54:33 a.m., on 1/07/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\CounterSpy Client\sunasDTServ.exe D:\CounterSpy Client\sunasServ.exe D:\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe D:\Temp\Business\Protection\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [sunasDTServ] D:\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] D:\CounterSpy Client\sunasServ.exe O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Zone Labs\ZoneAlarm\zapro.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe |
pctek (84) | ||
| 368330 | 2005-07-01 01:23:00 | shouldn't there be more to the HJT log ?? also running firewals etc off a different drive/partition is not always a good idea. i assume you have IE removed ?? |
tweak'e (69) | ||
| 368331 | 2005-07-01 04:20:00 | shouldn't there be more to the HJT log ?? also running firewals etc off a different drive/partition is not always a good idea. i assume you have IE removed ?? 1) Why? 2) Why? 3) As I said, its uninstalled. |
pctek (84) | ||
| 368332 | 2005-07-01 05:34:00 | Tried about:blank buddy (www.soft32.com) ? | Peterj116 (6762) | ||
| 368333 | 2005-07-01 07:42:00 | Tried about:blank buddy (www.soft32.com) ? Yes. Find it hopeless. Anyway now after removing the ASUS and ATI entries plus what I did before, everythings fine. |
pctek (84) | ||
| 368334 | 2005-07-01 08:06:00 | most of the about:blank hijacks are for IE. however other browser do have their ver of about blank when they can't load pages etc. i wonder if its related to a few DNS outages i've seen recently. the only reason i had net access this morning was due to my DNS cacheing. 1)hjt logs usually have more tho with a stripped out system it could be less. 2)you can get problems with core programs being installed on different drives/partitions than the OS exspecailly when you format/reinstall. |
tweak'e (69) | ||
| 1 2 | |||||