Question for Nellie2 -Reference About Blank Hijack

  dave h 19:23 03 Feb 2005

I am suffering from the above Hijack, and have read your clear explanation to Albertpalbert on how to remove it.

Would the same removal process work with XP Home?

Thanx in advance.

  JaßîsFaß ˜ 19:33 03 Feb 2005

First make sure that you have the latest version of HijackThis click here
Save Hijack this in its own folder. Run it and click the Scan button. Click Save Log (do NOT try fixing anything). Save the log in the same folder as HijackThis.

The log will open in Notepad. Copy it from there and paste here. You may need to do this in two or more sections because of the 800 word limit on this site. Also, please double-space it by adding a blank line every other line.

Then, please be patient. Hopefully Nellie2 will be along in a while but she is one of the busiest people on the net.

In the meantime, please ignore any well-intentioned suggestions to run this, that or the other. That would not be helpful until your log has been analysed by an expert.

  JaßîsFaß ˜ 19:34 03 Feb 2005

The click here above should be click here

  Fruit Bat /\0/\ 20:20 03 Feb 2005

About blank symptom of coolweb search Hijack.

CWShredder from the link above should get rid of it.

Switch of system restore run shredder then switch restore back on.

  dave h 19:57 05 Feb 2005

Thanx for the input so far.

The problem has got worse. My system restore points have all disappeared.

I can no longer get on to the internet (I'm currently on a friends computer) as all sites come up with 'Page not found' and this message -

Access Blocked - Virus Warning!
You cannot access this site due to following reason:
Your computer was infected by Spyware or Adware Software.
This is dangerous software which disclose your personal
and transferred data and/or display unsolices advertising.
You can use this ADWARE/SPYWARE REMOVAL tools in
order to solve this problem and prevent futurer infection.
You can click Search to look for information on the Internet.

I'll be running some spyware cleaners and I'll try CW Shredder if I can find a copy.

Thanx again for the input.

Dave H

  dave h 20:00 05 Feb 2005

One other thing. Before I was shut out from the internet, I downloaded and ran 'Hijack this' but it stopped part way through with an error.


Dave H

  dave h 14:27 09 Feb 2005

I have now downloaded Firefox and abandoned Internet explorer.

However, I would still be interested in removing the garbage installed by 'About Blank' if anyone can help.

Thanks again.

  Nellie2 18:05 13 Feb 2005

Sorry dave h I missed this thread! The thing with this type of infection is that the bad files are randomly named, so what works for one person won't work for you, also, there are different types of this infection some have a hidden dll that you have to find, some have a rogue service that you have to deal with, the solution depends on the type of infection. Using firefox may be ok for now... but you still have the infection on your pc and it will marr performance.

If you are having problems with hijackthis v1.99.0 then try v1.98.2 available click here

  dave h 18:47 13 Feb 2005

Thanks for your response.

I've downloaded the versionn you suggested, but I shan't be able to run it until tomorrow.

I'll report back then.

Thanx Again

  dave h 10:45 14 Feb 2005

Herewith the result of the 'Hijack This' Scan.
d at 10:39:31, on 14/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FirstCap\CapHk.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Ontrack\PowerDesk\PDEXPLO.EXE
C:\Hijack this\HijackThis.exe

  dave h 10:47 14 Feb 2005

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SEDP Class - {3BA765C2-08DB-4fe2-9279-311CA10D582A} - C:\WINDOWS\sehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\stlbd.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\FREESE~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment utiliser Live Photos ?