About:blank

I've gone through the steps on this page:
http://forums.majorgeeks.com/showthread.php?t=35407
and still have the about:blank thing going on.
I followed all the steps, i wasnt able to do the online virus scans because I could not get ActiveX to work (followed the instructions), but all of the other programs ran but did not fully eliminate it.
Running WinME.

Any suggestions?

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here is the logfile. Thanks for the help.

 

Hi Tomjuan78,
Is that HJ log from safe mode?? If it is you should run it again from normal mode it attach that one. Wouldn't normally be telling you this since I'm no expert but I see that your in here now and none of the pros are.
Good Luck,
T.Blue

 

Blue,
No...that log is from normal mode. I've been trying to clean this thing off of my computer for a couple of weeks, and I think i previously ran HJT...and in a rash move i think i clicked to fix everything. Then of course I read that you're not supposed to do that. Am I screwed?
TJ

 

hmph...cant say..looks like ya still have a few things to get rid of. But hang tite the pros in here will fix you up.

 

Give me a few moments to post you a fix!

 

The first thing I notice is that your IE version is out dated. You need to download and install Internet Explorer 6.0 SP1.

Internet Explorer 6 Service Pack 1

Please look in Add or Remove Programs for the following and Uninstall them if found:

XoftSpy
Please note this program is on a list of rogue anti-spyware programs. Its an Ad-Aware knockoff and has false detections.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {DFD0449A-67CB-4141-91BE-F254700F202A} - C:\WINDOWS\SYSTEM\IIPL.DLL
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O18 - Filter: text/html - {044994B5-FA29-4CE3-9830-8A8E052FDB10} - C:\WINDOWS\SYSTEM\IIPL.DLL
O18 - Filter: text/plain - {044994B5-FA29-4CE3-9830-8A8E052FDB10} - C:\WINDOWS\SYSTEM\IIPL.DLL

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Download Pocket KillBox

Now, Copy and Paste C:\WINDOWS\SYSTEM\IIPL.DLL into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\TEMP\se.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\XOFTSPY ←–– Delete this whole folder if it exist!

C:\WINDOWS\TEMP ←–– Delete everything in this folder!

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows

FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.


After doing all of the above, Scan with HijackThis and attach the new log.

 

OK...will do that tonight & post the results. Thanks a bunch BJGarrick.

 

Good Luck!

Will be awaiting your results.

 

I went through all of those steps, and it seems to be gone. I've attached the HJT log...am I in the clear?

 

Have HJT fix these 2 entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

After you fix them with HJT, go in and delete this file:

C:\WINDOWS\web\related.htm

Yes, you look clear!

To stay clean you should see this article on How to Protect yourself from malware!

 

This is no longer the case. While XoftSpy doesn't measure up to many of the better options available, it has been removed from Rogue list.

PP

 

Yes, I noticed that they mentioned it had been taken off. I removed it anyway though.

Thanks a bunch BJGarrick, hopefully these new programs will help keep me out of trouble

 

Your Welcome!