caperjack
I hate 20 Questions
Team Colleague
13,069 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
"About:blank" problem
Have something to say? Contribute New Article Reply to this Article "About:blank" problem
Hi! It's my 1rst time here, and it seems like there's a lot of competent techs on this subject!!
so here's the deal:
I own a P4 running XP home edition with service pack 1, I run adaware + spybot once a week (approx.).
never got a problem before, this morning I got this popup from one of those ".cc" serch site (don't ask me wich one, I didn't note it...), and now, it's the "about:blank" every time. It is also almost impossible to save any .exe (and some other extentions) from http...
so I wonder if a good person could help me out with this....
I managed to download Hijackthis and here's the report:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Louis.BUREAU\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PeerGuardian] C:\Program Files\KMD Lite\peerguardian.exe
O4 - HKCU\..\Run: [eDexter] C:\Program Files\KMD Lite\eDexter\edexter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38014.6094791667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
thanx for your help!
Here it is! :)
Logfile of HijackThis v1.97.7
Scan saved at 22:00:48, on 2004-04-26
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Louis.BUREAU\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PeerGuardian] C:\Program Files\KMD Lite\peerguardian.exe
O4 - HKCU\..\Run: [eDexter] C:\Program Files\KMD Lite\eDexter\edexter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38014.6094791667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
caperjack
I hate 20 Questions
Team Colleague
13,069 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
The problem with about blank is that is puts a "request dial back" from its destination which sits in your restore files, everytime you remove it and then redial connection it comes back.
I fixed it with Spybot and Adaware then went back a few days in the sytem restore log.
ok... but it's still impossible for me to change my start page. When I open IE, change my home page in the internet options, close IE, and open it, it will load the home page I wanted once, but the second time I open IE, it will put back about:blank....
it's also impossible for me to save .exe from http sites....
what do you think it could be??
Thanx for your help!
ok... but it's still impossible for me to change my start page. When I open IE, change my home page in the internet options, close IE, and open it, it will load the home page I wanted once, but the second time I open IE, it will put back about:blank....
it's also impossible for me to save .exe from http sites....
what do you think it could be??
Thanx for your help!
try this just for the heck of it .
Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.
Reboot to SAFE mode to run swshredder
How to start computer in safe mode
reboot computer and post a new log.
Also check in my signature ,how to setup ad-aware and spybot just to make sure you have them setup right .
caperjack
I hate 20 Questions
Team Colleague
13,069 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
Thanx for your help everyone!
I think I got rid of the "thing"... everything seems to be fine now!
thanx again!
In case it returnes !!
- Download reglite
- install "Reglite" and run it, enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs into the address bar.
- Double click on AppInit_DLLs to open a "Data Editor" properties window, if the bottom textfield named "Value" contains a .dll file; then this is the hidden file you need to get rid off.
- You should not be able to delete this file if you try to clear the value field, IMPORTANT: take note of the path and name of the .dll file. Write it down so you do not forget it.
- Rename the Folder "Windows" (This is a purple "highlighted" folder in the left hand window) to NOTWINDOWS. Simply click on the folder, click on "Edit" in the menu bar and select "Rename".
- Click AppInit_DLLs again and clear the value containing the .dll and ok it. This should have removed the .dll
- Rename the windows folder back to its original name "Windows".
- Next step will be to remove this dll file so make sure you have it noted down.
- Click "Start" => "Run" and type in "cmd" (Without the quotations) and click on "Okay".
- This will open a command window I will assume you have a basic knowledge of DOS if you have any problems at this point just write back I will outline the commands.
- Type in dir and press "Enter". You should see the name of the file listed.
- Go to the system32 folder (This is where the .dll file will typically reside) and type attrib -r "nameofdll".dll
- Type del "nameofdll".dll
- Type dir and locate the dll name the dll should now have been removed and will not be listed.
- Check the following two links for instructions on downloading and running the applications listed:
- Restart computer in safe mode ( How do I boot into "Safe" mode? ) and run these programs again, just to make sure all traces are gone.
- Boot up pc as normal and you should be trouble free.
caperjack
I hate 20 Questions
Team Colleague
13,069 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
This article has been dead for over three months
You
© 2012 DaniWeb® LLC
