• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
AladdinSane

Yahoo/Google pop ups About:blank the cause?

10 posts in this topic

Hi,

 

I have tried numerous times to fix this before coming and taking up peoples valuable time on this but for the life of me I cannot get this fixed. Spyboy catches 3 registry entries for about:blank. I delete them they come right back. I tried to remove the search assistant links from Hijack this but they also come right back. I am not sure where the root of this problem lies but if I see another pop up search for loans or inkjet cartridges im going to scream. I truly appreicate you taking the time to look at this for me.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 3:22:15 PM, on 5/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe

C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe

C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe

C:\My Download Files\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=401

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://216.247.86.99/miva/admin.mv?Session...06EB2200006AB50

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=401

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=401

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.attbusiness.net"); (C:\Program Files\Netscape\Users\orders\prefs.js)

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe

O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Dell Home (HKCU)

O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab

O16 - DPF: Yahoo! PageBuilder - http://pagebuilder.yahoo.com/members/tools...code/client.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7672.4622337963

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{665817AD-8E4A-4F19-AE01-96BD6EF52F7E}: NameServer = 207.69.188.187 207.69.188.186

Share this post


Link to post
Share on other sites

If anyone has a suggestion I would really appreicate it. I dont want to start another topic so I have been trying to give as much time as I can before I bump this back to the top. I just really am desperate for help. If I have posted the wrong information or need to provide more please just ask because I really need someone to help me in regards to this matter. Thank you again.

Share this post


Link to post
Share on other sites

Quick Question:

 

Did you try running Spybot in Safe Mode to remove the spyware?

 

What is the problem you're experiencing (other than the inability to remove the items with Spybot)? Pop-up? Toolbars?

 

All of the items marked as "search page" look suspicious as well.

 

Here's what to start with:

* You need to disable system restore on your system.

- First, right click on My Computer and select properties (I don't know if your Icon is in your Start menu or on your desktop, but that's what you're looking for)

- Next, Select the 'System Restore' tab

- Then, select the check box that says 'Disable system restore on all drives'.

- Reboot your system in safe mode

- Run Spybot and remove the offenders

- Run HijackThis to ensure it's gone.

- Empty all temp folders to be safe

^ c:\windows\temp

^ c:\documents and settings\<your user name>\local settings\temp

^ c:\documents and settings\<your user name>\local settings\temporary internet files (delete all files in all folders)

- Reboot your system and Re-enable System Restore (Running XP without it is recipe for disaster)

 

Try that and let me know what happens.

Share this post


Link to post
Share on other sites

Thanks for the advice, its a work computer and I will try your suggestion as soon as I arrive tommorow and post the results. The main problem is constant pop ups evertime you go near google or yahoo. Its consistant and its definately coming from within the desktop not browser based pop ups. Its either an alternative search window, or ads for inkjet printer cartridges, loans, or assorted tomfoolery. Thanks again for taking the time to help me with this.

Share this post


Link to post
Share on other sites

Sorry for the delay in my response, but unfortunately this is still unfixed. I was just sent away on business and did not get a chance to return to this desktop. I did the things you suggested. I ran CWS Shredder and Spybot in safe mode, i removed the items, I emptied the temp folders as suggested but the pop-ups continue. But once I am back and running the same three problems pop up under Spybot which all seem to be about:blank related. I am enclosing the hijack this log once again and I am desperate for help with this.

 

Logfile of HijackThis v1.97.7

Scan saved at 5:23:20 PM, on 6/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe

C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe

C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

C:\PROGRA~1\MICROS~2\OFFICE10\WINWORD.EXE

C:\My Download Files\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=401

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://216.247.86.99/miva/admin.mv?Session...06EB2200006AB50

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=401

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=401

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.attbusiness.net"); (C:\Program Files\Netscape\Users\orders\prefs.js)

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe

O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Dell Home (HKCU)

O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab

O16 - DPF: Yahoo! PageBuilder - http://pagebuilder.yahoo.com/members/tools...code/client.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7672.4622337963

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{665817AD-8E4A-4F19-AE01-96BD6EF52F7E}: NameServer = 207.69.188.187 207.69.188.186

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0