about:blank

Secure Home | Search | About

Lost Password?

Microsoft Antivirus Discussions

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

about:blank

speedo mc / cos

07-18-2005

Re: about:blank

David H. Lipman

07-18-2005

Posted by =?Utf-8?B?c3BlZWRvIG1jIC8gY29z on July 18, 2005, 6:22 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Sorry to be posting a new message. I ran a full scan on norton antivirus 2003
and it totally up to date with live update. Detected no problems at all. But
about:blank is really annoying. I have installed Spybot 1.4 which is up to
date version and in advance mode and that is preventing about:blank from
resetting as homepage in control panel. However, i get these messages just
telling me this which is fairly ok. still have a toolbar that i don't want. i
ran some other software and nothing works.

Anyway can i please attach my hijack this log and it might give more details
as to how to fix easily. Otherwise i will have to revert to following all
your instructions which sound complicated.

See how you guys get on. Your the best.. Print it off and check it out...

Logfile of HijackThis v1.99.0
Scan saved at 20:22:38, on 18/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\wzxswem.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Iomega QuikSync 3\quiksync3.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\winzipMC\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FreshBar - -
C:\WINDOWS\System32\docntrop.dll
O3 - Toolbar: (no name) - - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [pqxbfra] c:\windows\system32\wzxswem.exe r
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega
Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Iomega QuikSync 3.lnk = C:\Program Files\Iomega
QuikSync 3\quiksync3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\winzipMC\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
- C:\WINDOWS\web\related.htm
O9 - Extra button: Start spyware remover -
- C:\Program Files\WareOut\WareOut.exe
(HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover -
- C:\Program Files\WareOut\WareOut.exe
(HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: - ms-its:mhtml:file://d:
oo.mht!http://69.50.166.213/users/mike/web/axe/x.chm::/update.exe
O17 -
HKLM\System\CCS\Services\Tcpip\..\:
NameServer = 69.50.188.180,85.255.112.5
O17 -
HKLM\System\CCS\Services\Tcpip\..\:
NameServer = 69.50.188.180,85.255.112.5
O17 -
HKLM\System\CS1\Services\Tcpip\..\:
NameServer = 69.50.188.180,85.255.112.5
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: IomegaAccess - Iomega Corporation -
C:\WINDOWS\System32\iomegaaccess.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation
- C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Posted by David H. Lipman on July 18, 2005, 6:41 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| Sorry to be posting a new message. I ran a full scan on norton antivirus 2003
| and it totally up to date with live update. Detected no problems at all. But
| about:blank is really annoying. I have installed Spybot 1.4 which is up to
| date version and in advance mode and that is preventing about:blank from
| resetting as homepage in control panel. However, i get these messages just
| telling me this which is fairly ok. still have a toolbar that i don't want. i
| ran some other software and nothing works.
|
| Anyway can i please attach my hijack this log and it might give more details
| as to how to fix easily. Otherwise i will have to revert to following all
| your instructions which sound complicated.
|
| See how you guys get on. Your the best.. Print it off and check it out...
|
| Logfile of HijackThis v1.99.0

< HJT log snipped >

Suspicious:

Do you know this site? --> R1 - HKCU\Software\Microsoft\Internet
Explorer,(Default) =
http://targetclicks.net/srch.php?qq=%s
Do you know this site? --> R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O3 - Toolbar: FreshBar - -
C:\WINDOWS\System32\docntrop.dll
O9 - Extra button: Related - -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
- C:\WINDOWS\web\related.htm
O16 - DPF: - ms-its:mhtml:file://d:
oo.mht!http://69.50.166.213/users/mike/web/axe/x.chm::/update.exe

O9 - Extra 'Tools' menuitem: Start spyware remover -
- C:\Program Files\WareOut\WareOut.exe

WareOut is a Rogue annti spyware application
http://www.spywarewarrior.com/rogue_anti-spyware.htm

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Similar Threads	Posted
about.blank	January 25, 2007, 9:34 pm
about:blank	April 11, 2007, 2:17 pm
about:blank.. read on	July 18, 2005, 9:50 am
About:Blank Homepage Hijacker	November 9, 2005, 6:20 am
errors and blank screens	April 29, 2006, 11:05 pm
Monitors go blank - have to reboot - could this be a virus?	July 7, 2006, 11:56 am
Firewall disabled, IE blank page - Virus, Trojan?	June 14, 2006, 7:43 am

The site map in XML format XML site map