problems - about:blank, and cwshredder

hi all, i was wondering if you could help me fix these things. i have been reading many forums and strategies to get rid of this problem but it hasn't totally worked so far. i even tried to use cwshredder and my whole comp crashed on me. here's my hijackthis log:

i also installed spybot SD resident which blocks certain things requiring me to click on a popup box everytime something is found. i have also been using a2 guard (similar program, similarly annoying popups/warnings) so tell me if i need to diable these programs and then do a hijackthis log. these programs don't fix the about:blank home page crap.

if you need anything else, just tell me. any help at all would be most appreciated - this is one annoying bug. thanks.

adam

Edit by chaslang: Unrequested inline log removed.

 

sorry about that should have read the above message regarding hijack this logs etc. i'll repost after.

sorry again.

adam

 

Please pay close attention to forum guidelines!

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs. TIP: Create a folder on your C:\ drive for the tools/utilities you will need to use. For example: Navigate to your Program Files directory, right click on a blank spot in the window > choose New > Folder. Name this folder Spyware Tools. Now you can save the needed tools to this folder and if you prefer, create sub-folders named for each individual utility.

After doing ALL of the above if you still have a problem:

• Download HijackThis 1.99.1

• Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

• Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

• Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

• Run HijackThis and save your log file.

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

• Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Adam, This one can be a beast...... For one thing, I noticed XP as your platform, and the latest worms are exploiting the LSASS vulnerabilities in this platform. Wouldn't hurt to go to: http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx

and check out any patches you may need for your particular system. Also, be careful about using too many so called Spybots, etc. I had some bad bad bugs and ended up learning the hard way that a lot of the so called anti spyware programs are, in fact, part of the problem. Two things I would do right away are, 1) Download and run Ad-Aware SE. Run it as many times as you need to, and take the time to read what each item is before removing. Some files appear (like alexa) but aren't necessarily bad. You'll be able to tell. 2) Download Zone Alarm (the free one), especially if you're on a cable internet service. These two programs along with my antivirus program have kept me out of trouble pretty nicely which is an amazing feat! As far as Hijack This, I'm not a big fan. I think one could easily find themselves in deep doo doo with it if they're not careful. Of course, that's just my opinion, I could be wrong...........

 

thanks alot for the reply and yeah the reason why i have a ton of those spybot things was through following the steps of forums, including this one. after following the steps though (which took me about 2 hours or so at least) i seem to have cleared the about:blank thing.

i don't understand how i did it but i'm not complaining. one prolem that still occurred was the crash-exception-blue screen after running cwshredder program, which many here (and elsewhere) swear by.

kind of troubling but as long as my system is relatively fine, i have no complaints.

adam

 

again, sorry it was just the fact that i had been up screwing around with this thing all day. i should have read the posts.

but...have you ever experienced cwshredder causing a 'fatal exception' or something? it's the blue-crash screen which happens after cwshredder gets to the end of 'fixing' files.

again sorry and thanks a ton.

adam

 

About:Blank isnt that easy to remove, please attach a current HJT log so I can confirm your clean.

 

here you go.

attached as: hijackthis.loghere.txt

 

Before you do ANYTHING else with Hijack This, you MUST complete this step!

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.


First:
Click Start > Run > type services.msc and Click OK

Locate Workstation NetLogon Service and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply

Second:
Please look in Add or Remove Programs for the following and Uninstall them if found:

Messenger Plus! 3

Shareaza ←–– I would uninstall this because ALL P2P bring spyware/virus infections, however its up to you!



Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

MsgPlus.exe

TeaTimer.exe ←–– End this process because it will interfere with part of this fix!

iexplore.exe ←–– End this process because you were requested not to run any browsers while running HJT!

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:2748

O2 - BHO: (no name) - {BD9FEFD0-EF30-3DE1-4C8D-9621C6488169} - C:\WINDOWS\system32\d3qk.dll

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O14 - IERESET.INF: START_PAGE_URL=http://www.nb.sympatico.ca/

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/06ebdd07eaed96da7506/netzip/RdxIE.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - - (no file)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Messenger Plus! 3 ←–– Delete this whole folder if it exist!

C:\WINDOWS\system32\d3qk.dll

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!