about blank problem

Please do not offer any more help here until you no more about the problems you are trying to resolve. Doing the above will not work and will not fix about:blank problems. In addition PSTORES is a required Windows Process.

 

Please do the following:

Download: "StartDreck", from here:
http://www.niksoft.at/_data/startdreck.zip

Unzip to its own folder and start the program,
Press 'Config'
Press 'Unmark All'
Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'
Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Please attach the log in this thread.

Then if you have rebooted or powered down your PC since posting your HJT log. Post a new one and do not power down or reboot. Wait for a fix to be posted. You can disconnect from the Internet to keep your PC safe but do not power down.

 

Okay! Remember that it is critical to not power down or reboot after posting the HJT log.

 

It is critical that you remember to ALWAYS exit browsers before you use HijackThis. You had the below running:

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Not exiting your browser can make proposed fixes fail. You must remember to do this? Even the one you are reading procedures in must be closed. I'm trying to put together a fix for you now.

Please make sure you downloaded and extracted About:Buster to a folder where you can find and run it. It should have been downloaded while executing the READ ME FIRST. What I want you to do right now is run About:Buster and make sure you have UPDATED the database for About:buster. I believe it is up to number 25. Just do that. DO NOT RUN a scan right now. After that you can exit AB (short hand for About:Buster).

 

Okay after noting and doing what I requested in my previous message, follow the steps below.

You need to print or save these instructions locally because after this reading this sentence you will need to physically unplug your connection from your cable, ADSL, or dial-up modem to your PC and then you MUST exit all browsers and DO NOT run any again until requested.

Okay, unplug your internet connection and exit browsers now!!!!

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\SYSTEM\SYSVG.EXE
C:\WINDOWS\IEEB32.EXE
C:\WINDOWS\MSQL.EXE
C:\WINDOWS\MSBY.EXE

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you make sure you have exited all browser sessions including the one you are reading in right now (DO NOT OPEN ANOTHER BROWSER UNTIL DIRECTED TO DO SO):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jbdaz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jbdaz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jbdaz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jbdaz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jbdaz.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jbdaz.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {CC3D24A9-47A8-5403-4BFA-513BDA68E932} - C:\WINDOWS\SYSTEM\WINYQ.DLL
O4 - HKLM\..\Run: [MSBY.EXE] C:\WINDOWS\MSBY.EXE
O4 - HKLM\..\RunServices: [MFCXN.EXE] C:\WINDOWS\MFCXN.EXE
O4 - HKLM\..\RunServices: [SYSPG.EXE] C:\WINDOWS\SYSTEM\SYSPG.EXE /s
O4 - HKLM\..\RunServices: [JAVAMQ.EXE] C:\WINDOWS\SYSTEM\JAVAMQ.EXE /s
O4 - HKLM\..\RunServices: [NETDS32.EXE] C:\WINDOWS\SYSTEM\NETDS32.EXE /s
O4 - HKLM\..\RunServices: [MSFR.EXE] C:\WINDOWS\MSFR.EXE /s
O4 - HKLM\..\RunServices: [SYSVG.EXE] C:\WINDOWS\SYSTEM\SYSVG.EXE /s
O4 - HKLM\..\RunServices: [IEEB32.EXE] C:\WINDOWS\IEEB32.EXE /s
O4 - HKLM\..\RunServices: [MSQL.EXE] C:\WINDOWS\MSQL.EXE /s
O15 - Trusted IP range: 206.161.125.149

Then exit HJT after clicking FIX

Run Windows Explorer and look for and try to delete (sort the listing in windows explorer by Modification dates and look for possibly other similarly name files from the same date - let me know if you find others):
C:\WINDOWS\jbdaz.dll
C:\WINDOWS\SYSTEM\WINYQ.DLL
C:\WINDOWS\MSBY.EXE
C:\WINDOWS\MFCXN.EXE
C:\WINDOWS\SYSTEM\SYSPG.EXE
C:\WINDOWS\SYSTEM\JAVAMQ.EXE
C:\WINDOWS\SYSTEM\NETDS32.EXE
C:\WINDOWS\MSFR.EXE
C:\WINDOWS\SYSTEM\SYSVG.EXE
C:\WINDOWS\IEEB32.EXE
C:\WINDOWS\MSQL.EXE

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. If you cannot find or delete them, note which ones and continue (tell me the results when you come back here). We will be repeating an attempted deletion after booting in safe mode later in these steps.

- Run about:Buster and save the log to ab1.log (make sure you let it do the second scan).

- NOW PULL THE POWER PLUG TO YOUR PC! Yes, you read that correctly. This is very important! I do not want you to power down the normal way.

- After that wait a minute or two and then power up into safe mode (still with no internet connection available and do not open any browsers). Only run what I request.

- Repeat the attempted file deletions given above while in safe mode. Note and tell me later which ones cannot be deleted or found (if already deleted earlier and not found now, that is okay).

- Empty your Recycle Bin. In fact as an additional measure do the following, run Ccleaner that you installed while running the READ ME FIRST.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

- Run about:Buster again and save the log to ab2.log (let it do second scan)!

- Immediately after about:buster completes, reboot in normal mode. (you do not need to pull the powser plug here. Just reboot.)

- Plug your cable to the internet back in now.

- Open and close a couple of IE sessions and then with IE closed get a new HJT log.

- Now come back here and post both about:Buster logs and the new HJT log. And tell me what happened during the procedure.

Let me know anything else that you notice.

 

Okay! Make sure you have them copied locally or printed because it is very important to remain disconnected with no browsers open during the process.

 

Looks much better and I would be it is running a lot better too!

Let's see if we can remove the TZ IP address.

Run IE, select Tools, Internet Options. Now select Security and then click the Trusted Sites circle. Then click the Sites button. Look for the 206.161.125.149 address in the Web sites box and select it. Then click Remove. Then at the bottom make sure there is a check mark in the box that says Require server verififcation...... blah blah. Now click OK. And OK again.

Is the line now gone from your HJT log?

 

You're welcome. Make sure your perform the steps in the below thread to help avoid future problems:

How to Protect yourself from malware!