about:blank HJT will not remove

You do not have an about:blank hijacker. However you do need to complete ALL the steps in READ & RUN ME. And you must not use MSconfig to control startups. This is also covered in the READ ME.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

Also after attach the 3 logs requested in my previous message, get the below log too.

Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

Your first message said:

That tells us that you ran eveything. Now you giving us a little more info, but it would be more useful if you told us exactly what you ran (and results) and what you could not run.

When you say I can't install programs, we don't know if you were able to run anything at all. If you cannot install anything at all, it is going to be difficult fixing problems.

However you do already have HijackThis so why didn't you do what was requested in message number 3?

Let's see if we can get started but I'm going to need more information at some point because some of the items you have can be nasty to find all components.


Look in Add/Remove programs and uninstall Need2Find if found!

Make sure viewing of hidden files is enabled (per the tutorial).

Now Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later to run it.

Run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click OK.

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.
C:\WINDOWS\system32\runsrv32.dll
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\susp.exe
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe
C:\Documents and Settings\Your User Name\Start Menu\Programs\Startup\winlogin.exe

Where Your User Name is the actual user account login that you are currently having the problem with.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself. However BOOT INTO SAFE MODE during this reboot and do not run anything but what I request. DO NOT open any browsers!

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - Global Startup: winlogin.exe

After clicking Fix, exit HJT:

Run Windows Explorer and double check to make sure the below files are all deleted (some we already got with killbox):
C:\Program Files\Need2Find <--- delete the whole folder
C:\WINDOWS\system32\runsrv32.dll
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\susp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exeC:\Documents and Settings\Your User Name\Start Menu\Programs\Startup\winlogin.exe


Now reboot into normal mode and let me know how things went. Attach a new HijackThis log and also tell me how things are working. Can you run other steps from the READ ME now? If so, it would be in your best interest to run thru the complete READ ME procedure.