Author Topic: about:blank homesearch (Read 2013 times)

Brian · « **on:** November 04, 2004, 04:16:12 PM »

Hello,
looking for help on removing about:blank.
My Homepage is now directed to a doubtful looking "Home Search" which I cannot remove, also being bombarded with many pop-ups
I don't want to click on the removal program pop-up offered because I don't want to contribute to their profits!
I have tried ADware away and CW Shredder without success. I have also installed HiJack This and saved a log file.
I don't know how to attach the log file at present, so maybe somone out there can help.
Brian
West of England
UK

guestolo · « **Reply #1 on:** November 04, 2004, 08:17:22 PM »

Ensure that you saved hijackthis to a permanent folder
Eg...
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to HJT
You should now have C:\HJT

If you don't have Hijackthis 1.98.2, please delete your copy and
download the latest from This link
and save it to that new folder

Open Hijackthis>>>Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important

Could you also
Download STARTDRECK

Unzip it to it's own folder

run StartDreck.exe:
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post this log too, thanks!

Guest · « **Reply #2 on:** November 05, 2004, 11:33:10 AM »

Hi,
Thanks for the quick response,
Here's the scan I did yesterday, I should have known how to copy and paste!

Anyway here it is....

Logfile of HijackThis v1.98.2
Scan saved at 20:45:18, on 04-11-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\JAVALV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\AGRSMMSG.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {A427B795-B498-01D2-0E8D-3F5691575C0A} - C:\WINDOWS\ATLPA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [agrsmMSG] agrsmMSG.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [JAVALV.EXE] C:\WINDOWS\SYSTEM\JAVALV.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Remind.pif = C:\TODAY\REMIND.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

I haven't tried the other program you suggested yet, but have a look at this for the moment.

Thanks in advance

Brian

guestolo · « **Reply #3 on:** November 05, 2004, 09:06:32 PM »

Hmmm, Brian, I need you to do what I ask, you may not need Startdreck
But please do all the rest I ask of you, these are tools you are going to need

First off,
Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or later
If you don't have this verision, uninstall yours and install this one
This program is yours to keep, for free
After installation-CHECK FOR UPDATES
Don't run this yet, this is not ADware away
Personally, I don't even know how reliable Adware Away is, Ad-Aware if a very reputible product by Lavasoft, and it's yours for free

Create a New folder on your desktop, call it Aboutbuster
==Right click an empty spot on desktop--Select--NEW--folder
Download to desktop About:Buster
by RubbeR Ducky
UNZIP it to that new folder===Run this later

Know how to start in SAFE MODE

Set Windows to Show Hidden Files and Folders

Do another scan with Hijackthis and put a check next to these entries

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\warqq.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\warqq.dll/sp.html#29126

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe

O4 - HKLM\..\RunServices: [JAVALV.EXE] C:\WINDOWS\SYSTEM\JAVALV.EXE

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

After you have ticked the above entries, Close down ALL other open windows, including this one, but leave Hijackthis open
Select FIX CHECKED and exit Hijackthis

Restart your computer in Safe mode
Find and delete these files or folders if they exist

C:\WINDOWS\SYSTEM\JAVALV.EXE <--file
C:\WINDOWS\MSOPT.DLL <--file
Win86.exe and win32x.exe do a search for these 2 files, thay may be in your C:Windows\System folder, delete if they exist

Stay in safe mode
Open About:Buster that you unzipped earlier
===Start About:Buster and hit ok. Now for the scanning part. Hit Start and then Ok. The program should start scanning.Scan a Second time. Then hit exit

Restart back into Normal Mode
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Open Ad-Aware--ensure you updated
Do a Full System Scan---Remove ALL Critical Objects
Restart your computer to finish the cleaning process

Do another scan with hijackthis after you have restarted
And save a new log and post it here
We will have a bit more cleaning to do, but I must see a fresh log
Could you also post the About:Buster logs

Could you also let me know what this entry is related too
O4 - Startup: Remind.pif = C:\TODAY\REMIND.EXE

Guest · « **Reply #4 on:** November 06, 2004, 12:15:00 PM »

OK....

This time I printed out your reply and did everything 'by the book'!
It all went as you directed, thanks a lot.
I now have a working Browser, and my e-mail has returned to normal. For some reason I had to disable and re-enable NAV to allow my e-mail to send and receive.
I just hope that no-one else in my address book gets this problem, you never can tell.
As requested, I am attaching the About Buster and Hijackthis logs from the cleanup, and after the restart.

-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

ADS not scanned System(FAT)
Removed! : C:\WINDOWS\scanregw.exe
Removed! : C:\WINDOWS\mupgt.dat
Removed! : C:\WINDOWS\taskmon.exe.$$$
Removed! : C:\WINDOWS\ssvr.exe
Removed! : C:\WINDOWS\svchostr.exe
Removed! : C:\WINDOWS\winagent.exe
Removed! : C:\WINDOWS\svchst.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

Logfile of HijackThis v1.98.2
Scan saved at 17:11:12, on 06-11-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\AGRSMMSG.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [agrsmMSG] agrsmMSG.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Remind.pif = C:\TODAY\REMIND.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

Also to reassure you about the file remind.exe. It is a DOS desktop reminder routine written by a friend. I have used it for some years to remember family birthdays and upcoming events etc. Shouldn't be any problem with that one.

I hope that I have provided you with enough information, I guess I should visit Microsoft to update my IE config. Maybe I should consider using another browser altogether?

Again many thanks from a much relieved
Brian

guestolo · « **Reply #5 on:** November 06, 2004, 07:05:27 PM »

That looks much better Brian

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

As you can see by your first log
R3 - Default URLSearchHook is missing

This will help to Restore your default urlsearchhook

Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the contents of the Quote box to notepad
In Notepad, Click File>>Save as
Name the file as search.reg
Change the Save as Type to All Files.
Save it to your Desktop

Quote

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

Double click on search.reg and allow it to merge to the registry
Restart your computer
You can delete search.reg from the desktop after

You should install these 2 apps., they add extra security while
silently protecting you, without running in the background

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link==Download link
Scroll down and click on IE-SPYAD.EXE Free!

With both, Check for updates every couple of weeks

READ THIS
How did I get Infected

I do recommend you also visit Windows updates
Scan for Updates>>>Look under Critical Updates and Service Packs
and install All Criticals
Including IE SP1
This will help in keeping your system secure

I do use a different browser myself, as much as I can, much safer
Of course you still have to have IE for those rare times
Here's what I use
Mozilla Firefox

If you decide to use it, ensure after installation you download the flash and shockwave installers
http://plugindoc.mozdev.org/windows.html
Shut down Firefox before installing plugins

Take care Brian

charmagne · « **Reply #6 on:** March 27, 2005, 05:29:39 AM »

hi there...im just new in this forum but i also experience this annoying homepage...please help me fix this...

Logfile of HijackThis v1.99.1
Scan saved at 6:18:20 PM, on 3/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\VIRTUAL CD V4\SYSTEM\VCDPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SADBLOCK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\VIRTUAL CD V4\SYSTEM\VCDTRAY.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\PROGRAM FILES\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL
O2 - BHO: (no name) - {1F02FBE4-9EEC-11D9-8CA2-00503356D095} - [SABInprocServer32] (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\SYSTEM\VCDPLAY.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [Caffe-Client] c:\program files\Caffe\Client.exe
O4 - HKCU\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Folder.htt
O4 - Global Startup: Folder.htt
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
O18 - Filter: text/html - {B9DE0860-9BF1-11D9-8CA2-00503D9C2581} - C:\WINDOWS\SYSTEM\CFMN.DLL
O18 - Filter: text/plain - {B9DE0860-9BF1-11D9-8CA2-00503D9C2581} - C:\WINDOWS\SYSTEM\CFMN.DLL

here's startdreck log...

StartDreck (build 2.1.7 public stable) - 2005-03-27 @ 18:31:30 (GMT -08:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2600.0000
Logged in as pc25 at PC25

»Registry
»Run Keys
»Current User
»Run
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
*NVIEW=rundll32.exe nview.dll,nViewLoadHook
*Yahoo! Pager=C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
*Caffe-Client=c:\program files\Caffe\Client.exe
*Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
»RunOnce
»Default User
»Run
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
*NVIEW=rundll32.exe nview.dll,nViewLoadHook
*Yahoo! Pager=C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
*Caffe-Client=c:\program files\Caffe\Client.exe
*Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*VCDPlayer=C:\PROGRA~1\VIRTUA~1\SYSTEM\VCDPLAY.EXE
*sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*SABBHO.SuperAdBlockerBHO.1/{00000000-6C30-11D8-9363-000AE6309654}
`InprocServer32=C:\PROGRAM FILES\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL
*{61B0FE6E-9EEC-11D9-8CA2-0050B33E15DC}
`InprocServer32=C:\WINDOWS\SYSTEM\CFMN.DLL
»Files
»System/Drivers
»Running Processes
+FFCF86F9=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFC6D9=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFFC849=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFE46F9=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFE49C5=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE8FD5=C:\WINDOWS\EXPLORER.EXE
+FFFED459=C:\WINDOWS\TASKMON.EXE
+FFFEDB25=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFD1B79=C:\WINDOWS\RUNDLL32.EXE
+FFFD63DD=C:\PROGRAM FILES\VIRTUAL CD V4\SYSTEM\VCDPLAY.EXE
+FFFDB4DD=C:\WINDOWS\RUNDLL32.EXE
+FFFD1EBD=C:\WINDOWS\RUNDLL32.EXE
+FFFC4039=C:\PROGRAM FILES\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SADBLOCK.EXE
+FFFCCECD=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFFB7D0D=C:\WINDOWS\RUNDLL32.EXE
+FFFDF0FD=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFFB540D=C:\PROGRAM FILES\VIRTUAL CD V4\SYSTEM\VCDTRAY.EXE
+FFFA336D=C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
+FFFC36AD=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFCF0DE9=C:\WINDOWS\NOTEPAD.EXE
+FFF506FD=C:\WINDOWS\TEMP\RAR$EX02.337\STARTDRECK.EXE
»Application specific

please help me get away with this

thanks in advance

guestolo · « **Reply #7 on:** March 27, 2005, 11:28:42 PM »

I'm locking this topic
Please charmagne, start your own topic and supply a fresh log and startdreck log
Thanks

TheTechGuide Forum

News:

Author Topic: about:blank homesearch (Read 2013 times)

Brian

about:blank homesearch

guestolo

about:blank homesearch

Guest

about:blank homesearch

guestolo

about:blank homesearch

Guest

about:blank homesearch

guestolo

about:blank homesearch

charmagne

about:blank homesearch

guestolo

about:blank homesearch