About blank problem....what should I take out of this hijack this log????

You need to follow some guidelines. HijackThis is the last step not the first. See the stickies on the main page of the Spyware Forum.

Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal > If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

NOTE: Per the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > your log file file has been removed.

Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

Do not to install Hijack This to the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT


Make sure you have the proper versions for each program! Pay particular attention to running the HSremove and About:Buster programs.

 

Okay! Let us know either way (success or failure)!

 

Just continue on. If you do not find it, it just means it is not running.

 

Run the TrendMicro and PandSoftware scans first!
Then do the following:
- install Ad-aware SE & SpyBot S&D. Make sure you update them immediately after installing. You do not need to run them yet.
- install Ccleaner and Run it and on the Windows tab (you'll see when you run it) leave the defaults and click Run Cleaner
- download and extract CWShredder to a directory you can find later
- download and extract about:Buster to a directory you can find later
- download and extract Kill2Me to a directory you can find later
- Run about:Buster once in normal boot mode (right now)

- immediately reboot in safe mode and run the following:
- about:Buster
- Ad-aware SE - fix what it finds
- SpyBot - fix what it finds
- Kill2Me
- CWShredder (be sure to click FIX)

Now reboot in normal mode and run about:Buster one more time.
Come back here and tell me how things are working. If still having a problem, post a new HijackThis log (as an attachment).

 

Try installing the Visual Basic 6 runtime files.

http://majorgeeks.com/download523.html

 

This is the typical behavior for About:Blank and HSA hijacker problems. They appear to be gone and they come back either after a couple reboots or after opening and closing a few Internet Explorer sessions. These buggers are very difficult to remove and always require repeatitive processes (and some new ones interleaved here and there).

Now it is time to post me a current HijackThis log (as an attachment).

 

You do not have the About:Blank hijack. You have the HSA hijack. You should start looking at my Generic Solution thread to see if you have any questions understanding what to do there. This procedure needs to be executed in one continuous flow (you should not stop and continue later) and absolutely do no reboot or shutdown once started (unless indicated in the steps) or you will have wasted all your time up to that point. I look at your current log and give you a few pointers while you look over the procedure (do not reboot or shutdown after I give you these pointers otherwise the names of files may change). I'll post that info in a little while.

 

This is your file for step 5: C:\WINDOWS\system32\gdaoe.dll
This is your line for step 7: O2 - BHO: (no name) - {FA991F0E-1BD9-6EAD-EFEC-2317207D5E37} - C:\WINDOWS\apitv32.dll
This is your line for step 8: O4 - HKLM\..\Run: [javaeb32.exe] C:\WINDOWS\javaeb32.exe

In step 10: you will be delete:
C:\WINDOWS\apitv32.dll
C:\WINDOWS\javaeb32.exe
and any file you may have found from step 6 with Network Security Service

In step 12: you lines are:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gdaoe.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gdaoe.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gdaoe.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gdaoe.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gdaoe.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gdaoe.dll/sp.html#

But also fix this line too right now:
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

See if you can take it from there.

 

I think it is due to this one line:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

It is possible this is one of the many forms of about:blank but it looks more like the original HSA hijack problems so that is why I said that and recommend the Generic Solution.