|
|
|
About Blank
Showing all messages in thread #1108255096
Windows XP Annoyances Discussion Forum
The following are all of the messages in this thread (16 in all), shown in chronological order. Click any message subject to view that message by itself or to view the thread hierarchy.
|
About Blank
Saturday, February 12, 2005 at 4:38 pm
Posted by Tony
(881 messages posted)
My son's computer has been infected with the About Blank virus. Pleas look at my
log and tell me what to do.
[Reply or follow-up to this message]
| |
re: About Blank
Saturday, February 12, 2005 at 4:47 pm
Posted by Steve
(21645 messages posted)
After helping a couple friends with about:blank, I can say it is easier, and less
time consuming to reinstall Windows.
Steve 
[Reply or follow-up to this message]
|
re: About Blank
Saturday, February 12, 2005 at 4:48 pm
Posted by Sgt
(1517 messages posted)
Run these programs http://www.annoyances.org/exec/forum/winxp/1103643258
If still have issues post log
Sgt
Back it up Soldier
[Reply or follow-up to this message]
|
re: About Blank
Saturday, February 12, 2005 at 5:12 pm
Posted by Falcon
(13489 messages posted)
If lucky, about a 15 minute fix. First update and run
CWShredder
, then, post your new HijackThis
log.
The Wereotter
[Reply or follow-up to this message]
|
re: About Blank
Saturday, February 12, 2005 at 5:55 pm
Posted by joe
(7018 messages posted)
and in the future, to avoid that, use firefox
as it is immune to About: Blank and other Browser hijackers!
[Reply or follow-up to this message]
|
re: About Blank
Saturday, February 12, 2005 at 6:32 pm
Posted by Rich Kurtz
(12246 messages posted)
Which one on that web page should be downloaded, the stand alone version or the "Free
trial" version?
[Reply or follow-up to this message]
|
re: About Blank
Saturday, February 12, 2005 at 6:44 pm
Posted by Falcon
(13489 messages posted)
Stand-alone.
The Wereotter
[Reply or follow-up to this message]
|
re: About Blank
Saturday, February 12, 2005 at 7:59 pm
Posted by Flopdogg
(19 messages posted)
About Blank is actually a hidden dll file not a virus. Hijack this and cwshredder
are only temporey fixes. You have to find the hidden file in the registry and rename
it.
On Saturday, February 12, 2005 at 4:38 pm, Tony wrote:
>My son's computer has been infected with the About Blank virus. Pleas look at my
>log and tell me what to do.
[Reply or follow-up to this message]
|
re: About Blank
Saturday, February 12, 2005 at 8:18 pm
Posted by joe
(7018 messages posted)
:-|
?????
[Reply or follow-up to this message]
|
re: About Blank
Sunday, February 13, 2005 at 4:13 am
Posted by Falcon
(13489 messages posted)
CWShredder claims to remove CWS.HiddenDLL, also known as the about:blank hijacker.
Even if it does not, HijackThis can and has been successfully used, with a few extra
steps, to remove this.
The Wereotter
[Reply or follow-up to this message]
|
re: About Blank
Sunday, February 13, 2005 at 3:48 pm
Posted by Tony
(881 messages posted)
Ran CWShredder. Seems to have cleared up the system.
Here is the new Hijack This log file.
Logfile of HijackThis v1.99.0
Scan saved at 6:35:42 PM, on 2/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.032\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2D7655EA-1539-469C-A7CA-3E92E79D9D34} - C:\WINDOWS\system32\gheg.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton
Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
/startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
-s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094221327042
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Filter: text/html - {EFFF58D0-CF24-4B4C-960D-5ECCBAAFCCBA} - C:\WINDOWS\system32\gheg.dll
O18 - Filter: text/plain - {EFFF58D0-CF24-4B4C-960D-5ECCBAAFCCBA} - C:\WINDOWS\system32\gheg.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program
Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet
Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe
[Reply or follow-up to this message]
|
re: About Blank
Sunday, February 13, 2005 at 4:16 pm
Posted by Falcon
(13489 messages posted)
- Unzip HijackThis to a permanent folder. It makes backups.
- Uninstall New.Net from Add/Remove Programs, if present.
- Download LSPFix: http://www.cexx.org/lspfix.htm
- Reboot to Safe Mode
- Run CWShredder again.
- Check these entries in HijackThis and press Fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll/sp.html
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {2D7655EA-1539-469C-A7CA-3E92E79D9D34} - C:\WINDOWS\system32\gheg.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll,DllInstall
O4 - Startup: PowerReg Scheduler V3.exe
O18 - Filter: text/html - {EFFF58D0-CF24-4B4C-960D-5ECCBAAFCCBA} - C:\WINDOWS\system32\gheg.dll
O18 - Filter: text/plain - {EFFF58D0-CF24-4B4C-960D-5ECCBAAFCCBA} - C:\WINDOWS\system32\gheg.dll
- Run LSPFix, check the "I know what I'm doing" box, and mark these files for
removal:
- All containing the word "newdotnet"
- Delete these files and folders. Make sure hidden and system files are visible,
as well as file extentions, under Control Panel->Folder Options->View tab.
- C:\Documents and Settings\Chris\Local Settings\Temp\ <-- All files in
folder, but not folder.
- C:\WINDOWS\system32\gheg.dll
- C:\Program Files\NewDotNet\
- Reboot normally and post another HijackThis log.
The Wereotter
[Reply or follow-up to this message]
|
re: About Blank
Sunday, February 13, 2005 at 8:15 pm
Posted by Tony
(881 messages posted)
New Log File
Logfile of HijackThis v1.99.0
Scan saved at 10:14:34 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Chris\Desktop\New Folder\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton
Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
/startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094221327042
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program
Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet
Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe
[Reply or follow-up to this message]
|
re: About Blank
Monday, February 14, 2005 at 5:49 am
Posted by Falcon
(13489 messages posted)
Visit the page "about:blank" in Internet Explorer. If you get a page of ads, you're
not clean. If you get a blank page, you're clean, and can fix these entries to restore
the default search tool:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
The Wereotter
[Reply or follow-up to this message]
|
re: About Blank
Monday, February 14, 2005 at 12:52 pm
Posted by Tony
(881 messages posted)
Thanks Otter.
[Reply or follow-up to this message]
|
re: About Blank
Monday, March 14, 2005 at 1:00 pm
Posted by Jimho
(1 messages posted)
Thanks for this information. I had a simalar problem and was able to peice together
a solution from this msg.
Jim
in Nashville
On Sunday, February 13, 2005 at 4:16 pm, Otter wrote:
>
> - Unzip HijackThis to a permanent folder. It makes backups.
> - Uninstall New.Net from Add/Remove Programs, if present.
> - Download LSPFix: http://www.cexx.org/lspfix.htm
> - Reboot to Safe Mode
> - Run CWShredder again.
> - Check these entries in HijackThis and press Fix:
>
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll/sp.html
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll/sp.html
>R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
>O2 - BHO: (no name) - {2D7655EA-1539-469C-A7CA-3E92E79D9D34} - C:\WINDOWS\system32\gheg.dll
>O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
>O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
>O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Chris\LOCALS~1\Temp\se.dll,DllInstall
>O4 - Startup: PowerReg Scheduler V3.exe
>O18 - Filter: text/html - {EFFF58D0-CF24-4B4C-960D-5ECCBAAFCCBA} - C:\WINDOWS\system32\gheg.dll
>O18 - Filter: text/plain - {EFFF58D0-CF24-4B4C-960D-5ECCBAAFCCBA} - C:\WINDOWS\system32\gheg.dll
>
>
> - Run LSPFix, check the "I know what I'm doing" box, and mark these files for
>removal:
[Reply or follow-up to this message]
| |
Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread
| |
Return to the Windows XP Discussion Forum
|
|
|
|
