about:blank woes, please help.

By Sephirajo
May 3, 2005
  1. Okay, I've managed to get a verison of the about:blank adware on my computer. SInce I really don't want to pay 40 bucks for a program that may or may not remove it, I'm at a total loss.

    I looked over the how to post in this forum and I'm sure it would work, except, I can't resart in safe mode, nor can I do a system restore. The options are there, it's just not working.

    A little help please? t____t This is driving me insane.

    I have a copy of my hajackthis file here, any help, any help at all would make me very, very greatful.
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    1) Move HJT away from the desktop (see my signature).
    2) You need to remove either Norton or Avast, you can't have 2 AVs at the same time. Avast does not seem to be complete.

    Boot in Safe Mode. (if you can't, do it in Normal Mode).
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:


    Next, UNinstall anything to do with:
    C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
    C:\Program Files\\bin\tgcmd.exe

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\\bin\tgcmd.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tjgvk.dll/sp.html#12345
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tjgvk.dll/sp.html#12345
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tjgvk.dll/sp.html#12345
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tjgvk.dll/sp.html#12345
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tjgvk.dll/sp.html#12345
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tjgvk.dll/sp.html#12345
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {8C2B313B-0038-177E-6D7E-FA538BD46D1C} - C:\WINDOWS\ipkg.dll
    O2 - BHO: (no name) - {B32B105D-2FED-6EFA-3683-23669852C7D7} - C:\WINDOWS\ipkg.dll
    O4 - HKLM\..\Run: [ecusvxod] C:\WINDOWS\System32\qtspnlz.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [ipyf.exe] C:\WINDOWS\ipyf.exe
    O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = ?
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - (file missing)
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    Tick-mark ALL of these: O16 - DPF:
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sysax32.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    Now click on the Fix Checked button in HJT.
    When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
  3. Sephirajo

    Sephirajo TS Rookie Topic Starter

    Okay, problem with that. We've never been able to remove norton antivirus, it doesn't show up on the unistaller or anything. Also, though I found a program that stopped the about:blank hijacking, different programs are still running strangely. Like AIM refuses to function.

    And, we haven't been able to boot up the computer in safe mode, no matter what we tried... it just keeps going back to the screen where you pick how you want to boot up the computer.
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Do the same as what you did, when you ran HJT. You got the HJT-log, so it must work somehow...

    If you know how to, use Notepad and edit the file 'c:\boot.ini' and change the line
    multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows ...." /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows ...." /safeboot

    Safe boot.ini and reboot. That should force the PC into Safe Mode.
    When you are done with your HJT-stuff, reverse the above.

    You may have to change the read-only file-attribute for 'boot.ini', using either
    attrib -r c:\boot.ini or in Explorer rightclick boot.ini, select Properties and UNtick the Readonly box.
  5. Sephirajo

    Sephirajo TS Rookie Topic Starter

    Okay, I was able to remove norton (finally) and though I couldn't boot in safe mode, this is my fiancee's computer, so editing of files like that is totally up to him, I did stop the listed processess and run hijack!this. It fixed my problems with aim and some other ones, but for some reason IE is still opening up on start up. Anyway to stop that?

    Thanks so much for your help!
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Click on Start/Run and type in msconfig and click OK.
    Select the Startup tab and see if IE is mentioned in there. If yes, UNtick it, click on Apply, exit the program and reboot. Should be gone now, but report it here, so we can help you remove it permanently.

    Also click on Start/(All) Programs and put the mousecursor on Startup to see if IE is in there. If so, rightclick it and select Delete, confirm that and you are done.

    Are you sure you press the F8 button at the right time to get into Safe Mode? It is easy to miss!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...