Solved IE11 Homepage changes to about blank

[Windows7_user]

Hi -
My problem is this - for the last 3 weeks my IE11 home page keeps changing to "about blank" once a day or more - does not matter what homepage url I use eg google.co.uk
Mcafee Total Protection found no infection until earlier this week it found a RDN/Generic Downloader.x!ke associated with 2 .msg files. It removed these. I then did a further total scan with the restore point off for windows.
I have deleted internet history, temp internet files and cookies. Flash and Java and windows software up to date (Windows7 64 bit)
I have run the free Malwarebyte scan and also the Mcafee rootkit remover and these found no infection yesterday or today - however the problem is still there. The rootkit scan appeared to scan for "user" however I am logged in as "admin" - so not sure if that is an issue.

I will download the tools this afternoon and add the scan logs to this thread when completed later.

Many thanks!

 

[Windows7_user]

Am following instructions from http://malwaretips.com/threads/remove-about-blank.18390/ - is this ok?

Log for AdW is as follows ( I did not click clean - just Scan, then report) ...

# AdwCleaner v3.210 - Report created 22/05/2014 at 14:52:57
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username :
# Running from : C:\Users\Desktop\adwcleaner_3.210.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Found : C:\ProgramData\Partner
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\lu0m05ne.default\prefs.js ]

-\\ Google Chrome v
[ File : C:\Users\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1549 octets] - [22/05/2014 14:52:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1609 octets] ##########

 

[Windows7_user]

JRT txt file

 

[Windows7_user]

MWB rootkit 1/

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.05.22.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107

22/05/2014 15:56:03
mbar-log-2014-05-22 (15-56-03).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 313870
Time elapsed: 51 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

 

[Windows7_user]

--

 

[Ink]

Am following instructions from http://malwaretips.com/threads/remove-about-blank.18390/ - is this ok?

I suggest waiting for a helper to respond, before risking your PC from further damage.

• The fixes are specific to your problem and should only be used for this issue on this machine!

 

[Windows7_user]

I suggest waiting for a helper to respond, before risking your PC from further damage.

• The fixes are specific to your problem and should only be used for this issue on this machine!

Thx - will do.

 

[TwinHeadedEagle]

Hi,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Windows7_user]

Hi,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Thx - will do this and report back on Friday morning.

 

[Windows7_user]

Here is the FRST .txt

 

[Windows7_user]

and the addition one ...

 

[TwinHeadedEagle]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  emptyfolderscheck;delete
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns;b

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[Windows7_user]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  emptyfolderscheck;delete
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns;b

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

====

 

[Windows7_user]

After reboot - IE11 now goes to an MSN page and the following message came up (see attached)

Is it ok to continue with the next step?

 

[TwinHeadedEagle]

Yes, please procede with Zoek

 

[Windows7_user]

Zoek results ...


Zoek.exe v5.0.0.0 Updated 21-05-2014

 

[TwinHeadedEagle]

How is computer now?

 

[Windows7_user]

Hi - have changed homepage back to google - so will update tomorrow as to whether it has changed again or not. Many thanks for your help so far - amazing really!
Will post later tomorrow or Sun am.

 

[Windows7_user]

so far so good ....

 

[TwinHeadedEagle]

Ok, then we're done


I can recommend you this software to avoid Adware in the future. Unchecky is very light and install and forget program. It works in background and has auto update feature, so beleive me you will forget it is installed.

http://unchecky.com/

Read here how it works --> http://www.howtogeek.com/179758/how-to-avoid-junkware-offers-with-unchecky/



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.