Jump to content


Photo

about:blank


  • Please log in to reply
3 replies to this topic

#1 Zorth

Zorth

    Member

  • New Member
  • Pip
  • 1 posts

Posted 12 July 2004 - 05:34 PM

Hello there,

Got my home page hijacked by about:blank. Ran SD and Adware with latest updates in safe mode etc. About:blank always comes back. Please help me, thank you.

Here is my hijackthis file:

Logfile of HijackThis v1.97.7
Scan saved at 4:28:00 PM, on 7/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\System32\Promon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Netropa\OSD.exe
C:\Documents and Settings\Guy Pelletier\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\GUYPEL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\GUYPEL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\GUYPEL~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\GUYPEL~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\GUYPEL~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\GUYPEL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF32F6AA-5033-4948-A037-F1214F459EAD} - C:\WINDOWS\System32\defng.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7645.4159953704
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.st.../soesysinfo.cab

#2 terryb

terryb

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 13 July 2004 - 02:36 PM

I Had the about blank aggravation, too.
First, I would recommend that you run your anti-virus software.
If you don't have one, you can get a free online scan from:
http://www.pandasoft....com/activescan
or
http://housecall.ant.../start_corp.asp
Or, you may opt to download the free edition of AVG 6.0 at
http://www.grisoft.com
Then go into the advanced mode of Spybot S&D to
Tools/Browser Pages and use the "change" option to reset
your search pages.
(You may need to run your scan programs in Safe Mode, also.)
And, I noticed a few running processes that are notorious for
causing problems with start-up, shutdown, mouse control, etc.
So, unless you absolutely need the stuff from Creative Labs and
DataViz, then disable these: DvzMsgr.exe, devldr32.exe, MediaDet.Exe

I noticed a few other pesky applications, but before you disable them, we'll see how this info. does., first, then act accordingly.
I hope this helps in some way.

#3 rseman

rseman

    Member

  • New Member
  • Pip
  • 1 posts

Posted 14 July 2004 - 02:03 AM

The only thing that i've found that gets rid of about:blank is CWShredder.

The only problem is that when you visit the site that gave it to you in the first place, you're reinfected immediately.

But at least you can get rid of it and start over clean.

#4 terryb

terryb

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 14 July 2004 - 11:18 AM

Have you tried the option available on Spybot S&D and on Spysweeper
that blocks certain servers that are Known for such activity (CoolWebSearch and many others.)? It can help protect you by
shielding you from those sites; preventing some re-infections. It has helped me on more than one occasion.
To activate it on Spybot, go into advanced mode, click on Tools, then
Hosts File. You can block all the bad sites listed. (Read the info. there
on exactly how this feature works. If you happen to block a site that you
want (for whatever reason), you can easily remove it.)
Spysweeper has a Hosts File Shield that works basically the same way.
These features make your surfing a little safer. Every little bit helps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button