help with about:blank

Your version of Win XP is seriously out of date. You need to get updated after we get you fixed up (it is not always a good idea to update, especially to XP SP2 with malware problems present). When we finish you should read: How to Protect yourself from malware!

It would be a lot more help if you explained why About:Buster would not run. For example did you get an error message? State the exact error message. You may just be missing some files. If you receive an error message about a missing MSCOMCTL.OCX file when you run about:Buster, download the file in the link below and run it. It will give you the necessary file.

http://www.javacoolsoftware.net/downloads/missingfilesetup.exe
Next time please wait for someone to ask you to upload you HijackThis log. Before going any further please put it in the proper type directory as we requested in the tutorial. You have it here:
C:\Documents and Settings\Keith\Local Settings\Temp\HijackThis.exe

We request that not be in any temp folder nor be in any subdirectory of c:\Documents and Settings. Please move it to c:\Program Files\HJT or c:\Program Files\HijackThis or even C:\Program Files\SpywareTools.

Make sure you have done the following 3 items before continuing:
- HijackThis installed in the proper directory
- you have system restore disabled
- you have viewing of hidden files enabled (per the tutorial).

1) Go here and download Registrar lite and install it: http://www.majorgeeks.com/download469.html
2) Run it, copy and paste this line to reglite's address bar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
3) Click the "go" tab
4) Find: "AppInit_Dlls" value on the right side panel.
5) DoubleClick on AppInit_Dlls and tell me exactly what you see in the Value field:

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Keith\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Keith\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Keith\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - C:\WINDOWS\System32\ntosv.dll
O21 - SSODL: eplrr - {41C8BFDC-F9EE-4688-86BA-6B871B97510C} - C:\WINDOWS\System32\eplrr3.dll
Noramlly I would reboot to safe mode here and delete bad files. However the two files from your log that I mention below are not clearly declared to be a problem. I believe they are but to be safe I will ask you to rename that rather than delete them.
So boot into safe mode and use Windows Explorer to rename the files below as specified:
C:\WINDOWS\System32\ntosv.dll to C:\WINDOWS\System32\ntosvdll.bad
C:\WINDOWS\System32\eplrr3.dll to C:\WINDOWS\System32\eplrr3dll.bad

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You did not put HijackThis in the proper directory yet.
And why do you keep having WinZip running?

C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Keith\Local Settings\Temp\HijackThis.exe

You could have lost all of your HJT backups now. Especially if any disk cleaners like CCleaner have been run. You were suppose to fix that before continuing.

 

Have HJT fix the following two lines:
O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - C:\WINDOWS\System32\ntosv.dll (file missing)
O21 - SSODL: eplrr - {41C8BFDC-F9EE-4688-86BA-6B871B97510C} - C:\WINDOWS\System32\eplrr3.dll (file missing)


Exit HJT.

Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot! And then get a new HJT log and post it back here.