problems with about:blank stuff

Discussion in 'adware, spyware & hijack cleaning' started by petrus, Apr 27, 2004.

Thread Status:
Not open for further replies.
  1. petrus

    petrus Registered Member

    Joined:
    Apr 25, 2004
    Posts:
    3
    I have this thing with "about:blank" homepage in my computer and I will need
    some help.
    What I have done so far:

    I turned off system restore in my Windows XP
    I rebooted in safe mode
    I have ran PV runme.bat option 7
    I have ran CWShredder: result at all CWS's not present, IE pages OK
    I have ran SpyBot S&D :result OK
    I scanned with Norton Antivirus: result OK
    logfile at this moment:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:55:08 AM, on 4/27/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    D:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://mail.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = 192.168.0.1:80
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec

    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38100.5551041

    667
    O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment

    1.4.1_07) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{B750074E-F506-4611-9DD0-0ADE0E9731D3}:

    NameServer = 192.168.0.1,212.93.136.2
    ----------------------------------------------------------------------
    Reboot computer
    I opened Internet Explorer, all ok, it was opened at my home page (yahoo
    mail).
    Reboot computer
    I opened again Internet Explorer an the "about:blank" page was back again.
    i don't know what to do now, so I ask for your help.

    Here is another log after all the above steps:

    Logfile of HijackThis v1.97.7
    Scan saved at 12:17:03 PM, on 4/27/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    res://C:\WINDOWS\System32\oafa.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    res://C:\WINDOWS\System32\oafa.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    res://C:\WINDOWS\System32\oafa.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    res://C:\WINDOWS\System32\oafa.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    res://C:\WINDOWS\System32\oafa.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    res://C:\WINDOWS\System32\oafa.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = 192.168.0.1:80
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DEB92DDB-2FD0-4AD9-BE23-F6AE3A9EB874} -

    C:\WINDOWS\System32\oafa.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec

    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38100.5551041

    667
    O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment

    1.4.1_07) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{B750074E-F506-4611-9DD0-0ADE0E9731D3}:

    NameServer = 192.168.0.1,212.93.136.2





    I've tryed to install SpywareBlaster and I received this message:
    "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it."
    Norton Antivirus could not find any virus.
    Also I can't download Ad-Aware. I can do all the steps to download it, the
    window with "downloading..." is opening but nothing is downloading, no matter how much time I wait. Could that be related with my "about:blank" too?

    Thank You for help
    Petrus
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi Petrus,

    Could you please update your Windows and IE first?

    Regards,

    Pieter
     
  3. petrus

    petrus Registered Member

    Joined:
    Apr 25, 2004
    Posts:
    3
    Hi!
    I apologize for my long absence, the attempt to install Service Pack 1
    led directly to the final crush of my Windows XP.
    So I had to reinstall it all and I used this oportunity to format the partition.
    After that I had no problem to install all the updates for Win SP and IE.
    Also I could download and install without any problem AdAware and SpywareBlaster.
    So that bug was very clever made to prevent me to install any antispy software.
    I hope now (after format) my computer is clean.
    When you have time, please take a look at this log.
    I scanned both with AdAware and SpyBot S&D


    Logfile of HijackThis v1.97.7
    Scan saved at 1:49:34 AM, on 5/5/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.0788310185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{252C9119-BA4C-42C0-9610-58A44600B4BD}: NameServer = 212.93.136.2


    Thank You very much
    Petrus
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
  5. petrus

    petrus Registered Member

    Joined:
    Apr 25, 2004
    Posts:
    3
    OK,
    again lots of thanks for help.
    Petrus
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.