About:blank blues.

  Hammerstein 11:38 16 Feb 05
Locked

My internet homepage has been taken over by, alternately, "About:blank" and "your searcher.com". I have used Adaware SE professional, Spybot S&D, CW Shredder v2.13 and McAfee anti-spyware, all updated. Adaware, Spybot and CW Shredder all find problems and fix them, but, the problem re-surfaces when the computer is restarted. I have also tried the above in safe mode but to no avail.
Thanks in anticipation of help from an expert. ( bearing in mind that I am far from being one!!! )

  Scillonia 11:41 16 Feb 05

Hi, Had the same problem with a PC yesterday and ended up rebuilding. Used ad aware and ccleaner with out success. Good luck

  BH34 12:12 16 Feb 05

Have a look at this Hammerstein click here

  Hammerstein 12:39 16 Feb 05

BH34
Thanks for the pointer but some of this stuff looks way over my head. I'll download the progs and take it from there.

  VoG II 12:53 16 Feb 05

Can you post a HijackThis log please.

Latest version click here

Guidance click here

You will probably need to post your log in more than one section because of the 800 word limit here. Also, please double space it by adding a blank line every other line before clicking the Post response button.

Do not try to "fix" anything until advised by an expert. A lot of what is listed is essential to the running of your PC.

  Hammerstein 13:32 16 Feb 05

Thanks.
I've completed the log and saved it but could you possibly tell me how to split it into two,or more, sections for posting.
Thanks again.
P.S. Gotta go now so it might be a while before I get back to you.

  Yoda Knight 14:04 16 Feb 05

the microsoft anti-spyware beta (do a search on their homepage) has a feature to restore browser settings from hijacks, and save them in case of future attacks

  VoG II 16:47 16 Feb 05

Logfile of HijackThis v1.99.1

Scan saved at 16:05:30, on 16/02/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\shch.exe

C:\WINDOWS\nvsvca32.exe

C:\progra~1\mcafee\MCAFEE~1\MssCli.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

  VoG II 16:50 16 Feb 05

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\mike\My Documents\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = click here

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = click here

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecust.dll

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [DNSCacheBoost] C:\WINDOWS\System32\dnsping.exe

O4 - HKLM\..\Run: [msnmsgsgsfa] C:\WINDOWS\msnmsgsgsaf.exe

  VoG II 16:52 16 Feb 05

O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i

O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe

O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\RunOnce: [netssh.exe] netssh.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe

O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [bervrwv] c:\windows\xxwvcsg.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=click here

O15 - Trusted Zone: http://*.frame.crazywinnings.com

O15 - Trusted Zone: click here

O15 - Trusted Zone: click here

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - click here

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - click here

O17 - HKLM\System\CCS\Services\Tcpip\..\{94DC02A3-DEA8-490D-A7A8-7BCBA8A3CD12}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{BC4D7716-4448-4A5E-864A-5542F4B71E7E}: NameServer = 69.50.166.94,69.31.80.244

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  Hammerstein 16:53 16 Feb 05

I see you got my mail.
Thanks for the help!!!

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

The Pantone Colour of the Year 2017 is Green

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…