• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Hythopian Shade

Stuck with about:blank

7 posts in this topic

I have tried to get rid of this problem, but I can't seem to find the options to remove it from one sticky where I need to locate a "System Hook" folder in "System Information."

 

I also tried using the free anti-virus software at Symantec, but couldn't find out how to get rid of the files it found. Here's its log:

 

C:\WINNT\Temp\setup1.exe is infected with Download.Trojan

C:\WINNT\system32\setup1.exe is infected with Download.Trojan

C:\windows\notepad.exe is infected with Download.Trojan

C:\windows\temp\setup1.exe is infected with Download.Trojan

C:\temp\setup1.exe is infected with Download.Trojan

C:\Program Files\Hijack This\backup-20040629-045504-916.dll is infected with Trojan.StartPage

 

Also, here is my Hijack This log:

 

Logfile of HijackThis v1.97.7

Scan saved at 1:01:18 AM, on 7/1/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\WINNT\system32\CTsvcCDA.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Navnt\AdvTools\NPROTECT.EXE

C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\WINNT\System32\LXSUPMON.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINNT\system32\CTHELPER.EXE

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\EnterNet.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.altavista.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.altavista.com/

F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: (no name) - {5B6411B0-594B-4CBD-A590-5DCAF06B7E2F} - C:\WINNT\system32\eecf.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

O4 - HKLM\..\Run: [PLXSTART] C:\PROGRA~1\PLEXTO~1\PLXSTART.EXE

O4 - HKLM\..\Run: [PLXTASK] C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\Navnt\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - Global Startup: Kodak EasyShare software.lnk.disabled

O4 - Global Startup: Kodak software updater.lnk.disabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

 

I am running Windows 200 Professional Edition, and I have Norton Anti-Virus (updated last week), Spybot S&D (latest version), Ad-Aware version 6, Hijack This, and CWShredder. I have tried a sever steps on this site to figure out how to remove the about:blank hijack problem, but have been unsuccessful.

 

Any help is appreciated. Thanks in advance.

Share this post


Link to post
Share on other sites

Did you try the About-Buster tool mentioned on this site. I have not used it personally, but some on here have said it works.

Share this post


Link to post
Share on other sites

I'll have to try that. I don't get online much as you see, but I'll try and make time to read about it and down load it. Thanks for the suggestion.

Share this post


Link to post
Share on other sites

I downloaded the about:buster utility, and upgraded it, but the about:blank hijack still persists. Can anyone give me advice? I currently have Spybot S&D, Ad Aware, Hijack This, CW Shredder, and About:Buster, but the hijack remains even after running them all, rebooting, running them again, rebooting again in safe mode, and running them a 3rd time. If needed I can repost my Hijack This log again. Thanks for any help.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0