1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"about:blank" homepage -- can't fix

Discussion in 'Virus & Other Malware Removal' started by dwshorn, Apr 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
    Logfile of HijackThis v1.97.7
    Scan saved at 9:01:48 PM, on 4/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\MMKeybd.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\jetsuite\DLLCMD32.EXE
    C:\Program Files\Red Chair Software\Dudebox Explorer\dudemgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    c:\jetsuite\jsdaemon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ups.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Documents and Settings\Dave\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62%65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d%5c%72%70%39%34%32%5c%61%30%
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62%65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d%5c%72%70%39%34%32%5c%61%30%
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62%65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d%5c%72%70%39%34%32%5c%61%30%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62%65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d%5c%72%70%39%34%32%5c%61%30%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62%65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d%5c%72%70%39%34%32%5c%61%30%
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62%65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d%5c%72%70%39%34%32%5c%61%30%
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {986490F3-3C3F-49CA-8F14-81A1C65BABAE} - c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp942\a0040630.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DFB0A387-2DC3-4402-8BC8-1C8C05FAE6EB} - C:\WINDOWS\_MWUTB.DLL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Merriam-Webster Unabridged - {D0711285-ABC9-4DFA-81BF-89E6B5A9E0EF} - C:\WINDOWS\_MWUTB.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Startup: Dudebox Manager.lnk = C:\Program Files\Red Chair Software\Dudebox Explorer\dudemgr.exe
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: DllCmd32.lnk = C:\jetsuite\DLLCMD32.EXE
    O4 - Global Startup: HP LaserJet 3100 Status.lnk = C:\jetsuite\JETSTAT.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Unabridged Dictionary - res://C:\WINDOWS\_MWUTB.DLL/23/227
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Collegiate &Dictionary - res://C:\WINDOWS\_MWUTB.DLL/23/219
    O8 - Extra context menu item: Collegiate &Encyclopedia - res://C:\WINDOWS\_MWUTB.DLL/23/235
    O8 - Extra context menu item: Collegiate &Thesaurus - res://C:\WINDOWS\_MWUTB.DLL/23/220
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: S&panish-English Dictionary - res://C:\WINDOWS\_MWUTB.DLL/23/236
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/dell/site/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
    O16 - DPF: {18B35742-FEF5-4DE3-8928-8CAA34C1FEEA} (Merriam-Webster Unabridged Toolbar) - http://unabridged.merriam-webster.com/toolbar/install/webinstall.cab
    O16 - DPF: {3B5A8FBB-833C-4A8C-B171-BA1BC027B3C2} (Installer Class) - http://www.readysyncgo.com/RSGInstall.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
    O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc/opuc.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.48-deleon/GoogleNav.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37574.8713888889
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab
     
  2. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
  3. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
    By the way, I've tried Ad-Aware and CWS several times, but the about:blank homepage keeps reappearing.
     
  4. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
  5. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
    Will someone please help?
     
  6. jaguar_wsc

    jaguar_wsc

    Joined:
    Feb 18, 2004
    Messages:
    68
    that about:blank thing is my problem too. hijack this does nothing for it cuz as soon as you fix the entry it reappears when u restart. i have no clue.
     
  7. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
    Any ideas for me and jaguar_wsc?
     
  8. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Would you do this, open Explorer, navigate to the c:\windows\system32 folder. Select Search > Advanced. Search for all files that have been MODIFIED during a date range when you first encountered this problem.

    Let me know the names of any DLLS that have been modified in that date.

    Also, while this won't resolve the problem it might get us an unobfuscated hijack that will give more info.

    >> restart in Safe Mode by running msconfig and enabling /safeboot under the boot.ini tab. You will have to uncheck this to return to normal.

    In Safe Mode run HijackThis and check and fix the following entries, then reboot and post a fresh Scanlog:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74 %69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62 %65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d %5c%72%70%39%34%32%5c%61%30%
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74 %69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62 %65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d %5c%72%70%39%34%32%5c%61%30%
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74 %69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62 %65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d %5c%72%70%39%34%32%5c%61%30%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74 %69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62 %65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d %5c%72%70%39%34%32%5c%61%30%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74 %69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62 %65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d %5c%72%70%39%34%32%5c%61%30%
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://%63%3a%5c%73%79%73%74%65%6d%20%76%6f%6c%75%6d%65%20%69%6e%66%6f%72%6d%61%74 %69%6f%6e%5c%5f%72%65%73%74%6f%72%65%7b%33%31%34%31%34%36%37%35%2d%36%63%62 %65%2d%34%36%33%39%2d%38%66%36%37%2d%38%63%32%65%33%39%35%64%37%36%38%33%7d %5c%72%70%39%34%32%5c%61%30%
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {986490F3-3C3F-49CA-8F14-81A1C65BABAE} - c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp942\a0040630.dll (file missing)
     
  10. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
    Rog,

    Thanks for helping out. I searched for recently modified dll's in the System32 folder. The only one is called "pmole.dll".

    But I didn't take your next step because I have a new HijackThis log, and it's different now. Here it is:

    Logfile of HijackThis v1.97.7
    Scan saved at 11:43:12 PM, on 4/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\MMKeybd.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\jetsuite\DLLCMD32.EXE
    C:\Program Files\Red Chair Software\Dudebox Explorer\dudemgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    c:\jetsuite\jsdaemon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ups.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dave\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {9ED19D5B-E74C-4D12-AD51-40435B597960} - C:\WINDOWS\System32\pmole.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DFB0A387-2DC3-4402-8BC8-1C8C05FAE6EB} - C:\WINDOWS\_MWUTB.DLL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Merriam-Webster Unabridged - {D0711285-ABC9-4DFA-81BF-89E6B5A9E0EF} - C:\WINDOWS\_MWUTB.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Startup: Dudebox Manager.lnk = C:\Program Files\Red Chair Software\Dudebox Explorer\dudemgr.exe
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: DllCmd32.lnk = C:\jetsuite\DLLCMD32.EXE
    O4 - Global Startup: HP LaserJet 3100 Status.lnk = C:\jetsuite\JETSTAT.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Unabridged Dictionary - res://C:\WINDOWS\_MWUTB.DLL/23/227
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Collegiate &Dictionary - res://C:\WINDOWS\_MWUTB.DLL/23/219
    O8 - Extra context menu item: Collegiate &Encyclopedia - res://C:\WINDOWS\_MWUTB.DLL/23/235
    O8 - Extra context menu item: Collegiate &Thesaurus - res://C:\WINDOWS\_MWUTB.DLL/23/220
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: S&panish-English Dictionary - res://C:\WINDOWS\_MWUTB.DLL/23/236
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/dell/site/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
    O16 - DPF: {18B35742-FEF5-4DE3-8928-8CAA34C1FEEA} (Merriam-Webster Unabridged Toolbar) - http://unabridged.merriam-webster.com/toolbar/install/webinstall.cab
    O16 - DPF: {3B5A8FBB-833C-4A8C-B171-BA1BC027B3C2} (Installer Class) - http://www.readysyncgo.com/RSGInstall.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
    O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc/opuc.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.48-deleon/GoogleNav.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37574.8713888889
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok as you can see from some of the other "about:blank" threads I've responded to, I don't have the solution at this time, just some things to try.

    There is a long discussion on another forum and the offer of a tool which might help; I have no experience with it, but you should give the thread a read:

    http://www.computercops.biz/postx24263-0-30.html

    In the meantime I'd like you to boot to Safe Mode and delete pmole and run HijackThis and check and "fix" all the pmole entries. You should have a notepad copy of these instructions to read in Safe Mode as we don't want Internet Explorer running even if you could connect.

    In Safe Mode, run cmd and at the command prompt enter:

    del C:\WINDOWS\System32\pmole.dl

    Run HijackThis and check and "fix":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pmole.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {9ED19D5B-E74C-4D12-AD51-40435B597960} - C:\WINDOWS\System32\pmole.dll

    >> Still in Safe Mode, run regedit

    Make sure the "file tree" is collapsed; click Edit > Find and enter:

    {9ED19D5B-E74C-4D12-AD51-40435B597960}

    Hit Find Next. Right click on and delete every hit you get. Hit F3 to continue the search until finished.

    Reboot and post another Scanlog. This might provide some temp relief. Also see the Recent Security Updates thread in this forum and install those recent ones. You should also check Windows Update for any others you need.
     
  12. dwshorn

    dwshorn Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    9
    Rog, you just might be a genius.

    I used HJT to fix all those entries. I later ran regedit and tried that search, but no entires were found. Anyway, I reset my IE homepage, and so far so good -- no "about:blank" b.s.

    I'm keeping my fingers crossed that this will hold up. Thanks very much for your help.
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Well, good to hear, but you need to cross fingers and knock on wood too. The experiences I was reading concerning this one is it is somehow configured to return once a day. Let us know, perhaps you got lucky.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - blank homepage can't
  1. ated19
    Replies:
    4
    Views:
    562
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222095

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice