If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
about:blank
I have been trying to surf the internet, but the same
search page pops up just about everywhere. The URL to this page page reads "about:blank." This page appears as my homepage, when I check my mail, and randomly among links. I have already run CWShredder, Ad-Aware 6.0, Spybot Search and Destroy, and AVG 6.0. I have also tried to post my save log from Hijack This on several sites, but the same page comes back to haunt me. Enclosed is my most recent save log from after running all the above programs. Thank You. Logfile of HijackThis v1.97.7 Scan saved at 5:42:28 PM, on 8/6/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\ATI2EVAE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\TPPALDR.EXE C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE C:\WINDOWS\TPPSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\PHILIPSREMOTE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\SPECIFICMAIL\SPCM.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_DIRECTOR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE C:\MY DOCUMENTS\DOWNLOAD\THAONLYACE\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust...defaults/su/sb cydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, (Default) = http://red.clientapps.yahoo.com/cust...defaults/su/sb cydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF- FD60B590A87D} - C:\PROGRA~1\COMMON~1 \REAL\TOOLBAR\REALBAR.DLL O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA- A397A8FD8082} - (no file) O2 - BHO: (no name) - {4F632101-BF38-11D8-BFC3- 00409BC39C72} - C:\WINDOWS\SYSTEM\FGJG.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6 \avgcc32.exe /STARTUP O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\SYSTEM\pc32.exe bg O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1 \GRISOFT\AVG6\Avgserv9.exe O4 - HKCU\..\Run: [SPCM] C:\Program Files\specificmail\SPCM.EXE O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: AIM (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/install...od/yregcfg.cab O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...oducts/CursorM aniaInitialSetup1.0.0.6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...cabs/director/ sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...F6E491A6-77E1- 4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?38025.6635763889 O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...0C8EDFAB-30BC- 4792-898E-2DABE27B2C4D/mp43dmo.CAB |
#2
|
|||
|
|||
about:blank
You have the CoolWebSearch variant known as CWS.about:blank
Hijack This alone cannot fix it because there is a super-hidden file involved...you will have to do some manual work to fix this and delete the involved files. One of the forums you posted to should have given you proper instructions. This group is not really the correct forum, and though I could give you a long series of instructions, it is best if you get the procedure from the "experts". Scan with Hijack This, then post the log along with details of what if anything you have already tried, and what operating system you are using, to this forum: http://forum.aumha.org/viewforum.php?f=30 Also have a look at the "housekeeping" you should complete before you post your log: http://aumha.org/forum/viewtopic.php?t=4075 -- Glen Ventura, MS MVP W95/98 Systems http://dts-l.org/goodpost.htm "Adrian" wrote in message ... I have been trying to surf the internet, but the same search page pops up just about everywhere. The URL to this page page reads "about:blank." This page appears as my homepage, when I check my mail, and randomly among links. I have already run CWShredder, Ad-Aware 6.0, Spybot Search and Destroy, and AVG 6.0. I have also tried to post my save log from Hijack This on several sites, but the same page comes back to haunt me. Enclosed is my most recent save log from after running all the above programs. Thank You. Logfile of HijackThis v1.97.7 Scan saved at 5:42:28 PM, on 8/6/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\ATI2EVAE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\TPPALDR.EXE C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE C:\WINDOWS\TPPSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\PHILIPSREMOTE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\SPECIFICMAIL\SPCM.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_DIRECTOR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE C:\MY DOCUMENTS\DOWNLOAD\THAONLYACE\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust...defaults/su/sb cydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, (Default) = http://red.clientapps.yahoo.com/cust...defaults/su/sb cydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF- FD60B590A87D} - C:\PROGRA~1\COMMON~1 \REAL\TOOLBAR\REALBAR.DLL O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA- A397A8FD8082} - (no file) O2 - BHO: (no name) - {4F632101-BF38-11D8-BFC3- 00409BC39C72} - C:\WINDOWS\SYSTEM\FGJG.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6 \avgcc32.exe /STARTUP O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\SYSTEM\pc32.exe bg O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1 \GRISOFT\AVG6\Avgserv9.exe O4 - HKCU\..\Run: [SPCM] C:\Program Files\specificmail\SPCM.EXE O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: AIM (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/install...od/yregcfg.cab O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...oducts/CursorM aniaInitialSetup1.0.0.6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...cabs/director/ sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...F6E491A6-77E1- 4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?38025.6635763889 O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...0C8EDFAB-30BC- 4792-898E-2DABE27B2C4D/mp43dmo.CAB |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Browser hijacked - "about:blank" - "search for..." page hijacked my web browser. | sergusha78 | Internet | 2 | July 9th 04 03:15 AM |
about:blank homepage | rj | Software & Applications | 2 | July 3rd 04 05:17 PM |
about:blank | Fred | Internet | 1 | June 27th 04 06:12 AM |
after fixing about:blank bug | joeyo | General | 6 | June 23rd 04 04:40 PM |
ABOUT:BLANK | Internet | 1 | May 28th 04 03:02 PM |