• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Dsanders

about:Blank Hijack

7 posts in this topic

Hi,

 

Thank you in advance for any help you can offer and for taking the time to look at my problem. Internet Explorer keeps going to and about:Blank start page that loads a search page and a pop up. i've gone to the pop up to see what it linked to and it links to the cool web search page. i've looked around on the forums searching for help that could solve this. i've downloaded hijack this, cool web shedder, about:buster, and ad-aware. i've made sure everything was updated. i ran everything through safe mode then restarted my computer. everything appears to be gone till about the 4th or 5th time i start IE then i'm redirected to the about:Blank search page with the pop ups that tell me i have spy ware on my computer.(one of the pop ups i actually find funny, it has some bugs having sex on it. entertaining but annoying when it pops up everytime i visit a new page). i don't know how i keep getting reinfected or if i'm not removing everything. i'm also running Aol Instant Messanger wich also seems to bring up the pop ups. i've included the log file of hijack this. any help would be most appreciated.

 

thank you,

Dj

 

 

Logfile of HijackThis v1.97.7

Scan saved at 11:44:47 AM, on 7/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Link\Air Utility\AirCFG.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe

C:\Program Files\Microsoft Money\System\mnyschdl.exe

C:\Program Files\Microsoft Money\System\misuser.exe

C:\Program Files\Microsoft Money\System\mis.exe

C:\WINDOWS\cw shredder\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dj\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dj\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dj\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dj\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dj\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dj\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {D942671A-BE04-4666-B6B7-9709284CEDE9} - C:\WINDOWS\System32\jnom.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hi. Please download and install the program Registry Lite from here:

 

http://www.resplendence.com/reglite

 

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

 

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

And press enter. You will now be presented with new information in the bottom right and left sections and on the right section, the name AppInit_DLLs should be highlighted. Double-click on the AppInit_DLLs entry and copy and paste the text found in the value field in your next reply to this post.

Share this post


Link to post
Share on other sites

Please follow these steps:

 

Step 1:

Go to Folder Options> View

 

Scroll to the bottom of the list to find the box labeled:

Use Simple File Sharing(Recommended)

Remove the check from that box and press ok.

 

Step 2:

 

Download CWShredder from this link:

http://www.spywareinfo.com/downloads/tools/CWShredder.exe

 

Save that file somewhere as we will use it later.

 

Step 3:

 

Download this file and then immediately sign off the

internet and stay off until all steps are finished.

 

 

The file to download is here:

 

http://computercops.biz/modules.php?name=F...ownload&id=1183

 

Extract the batch file (hiving.bat) and run it. If you have script blocking enabled you will get a warning. Please allow this to run. The script is just producing a message box.

 

After a reboot the super hidden nasty file will no longer be loaded and will be visible. This will end the constant reinstall of about:Blank.

 

Step 4:

 

Restart the Computer.

 

Find this file:

c:\windows\system32\sqlpml.dll

 

Use the security tab on sqlpml.dll and take ownership.

Change the 'everyone special' to

'you> with Admin rights-> FULL control

Then try to delete it, if that fails try to rename

it first to different name+ext.

 

Example:

sqlpml.dll>bleh.txt

bleh.txt > badfile.111

 

Please zip that file and store it somewhere as I would like you to email it to me.

 

Now delete the original file.

 

Step 5:

 

Extract and Run CWShredder immediately.

Press the fix button to clean.

 

Restart and run hijackThis again.

Post your new log here in your next reply.

Share this post


Link to post
Share on other sites

Step 1: Failed.

 

there was no option to uncheck that said Use Simple File Sharing(Recommended)

 

Step 2: Failed.

 

link brought error said couldn't find server. i have how ever downloaded CWShredder from some other location.

 

Step 3: Completed

 

Downloaded, extracted, and saved. it ran through to completion.

 

Step 4: Failed.

 

Found file but was unable to find security tab. tried unchecking read-only but was given access denied error.

Share this post


Link to post
Share on other sites

You have xp home?

Share this post


Link to post
Share on other sites

correct.

 

i might not know were to look.

 

for Use Simple File Sharing i went in to My Computer and went under the Tools menu option.

 

on step 4 i right clicked the file, properties. it only gave me a General tab.

 

thanks again for the help.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0