about:blank Problem!!!!

Sure can: http://forums.majorgeeks.com/showthread.php?t=35407

Follow all of those steps please, making sure you download all of those tools and then check back with us if the problem persists and we will help you one on one to get rid of it.

 

Okay DiamondDave! Get HijackThis (link is in the READ ME) and following directions given in Hijack This Tutorial And How To Post Your Log File post your HJT log as a .txt file attachment.

 

I dont see Chaslang online, so going to get you started. Please remove:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {3DF009ED-54BF-4A31-AADC-679997254A74} - C:\WINDOWS\SYSTEM\AIGHKH.DLL
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.mt-download.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie
O18 - Filter: text/html - {7CC1DA6A-B893-4E55-997E-8046D9F77D8B} - C:\WINDOWS\SYSTEM\AIGHKH.DLL
O18 - Filter: text/plain - {7CC1DA6A-B893-4E55-997E-8046D9F77D8B} - C:\WINDOWS\SYSTEM\AIGHKH.DLL

 

Good, I am always glad to hear that. Come on back anytime.

 

I want you to download the following two programs
Win98Fix - http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm
StartDreck - http://members.blackbox.net/hp_links/21/nikolaus.rameis/download/startdreck.htm

Unzip them to a place where you can find them later to run. We are only going to run StartDreck right now.

This step is very important - you need to be completely disconnected from the internet (physically disconnecting the line to your analog modem or ethernet cable from your computer is best way to be positive).
What we are going to try to do is identify the hidden file that is causing the problem. So now we are ready.

- Run StartDreck.exe
- Click on: Config
- Click on: Unmark all
- Check only the following boxes:
- Registry | run keys
- System/drivers | Running processes
- Click on OK

Post the log of results AS A TEXT ATTACHMENT.

 

About:Blank and HSA hijacks come back all the time. They are very difficult to remove. While it is obviously a problem that can come back if you go back and do the same things that cause it in the first place, that is not typically the problem. The normal problem as to why it comes back is the the cleanup process did not find all the components of the hijacker (many of the them are super hidden).

 

First the Prep work:

The hidden installer is this one: C:\WINDOWS\SYSTEM\WDMK.DLL

Please download and unzip CWShredder but do not run - http://www.majorgeeks.com/download4086.html

Make sure you have downloaded and installed (do not run a scan yet) the current version of
Ad-aware SE - http://www.majorgeeks.com/download506.html
Make sure you immediately update to the current reference list by clicking
the "Check for updates now" button.

Now you must disconnect physically from the Internet and remain disconnected until I tell you to reconnect. You should therefore print or save this instructions locally.

Now we need to find the problem file:
Now use Windows Explorer to get to the directory where you saved the Win98Fix.zip
file I had you download in my last message. Unzipped the Win98Fix.zip to a folder.
Then doubleclick on RunFix.reg file and click Yes on the prompt.

Now you must Reboot your computer! Do not run Internet Explorer after
rebooting and remain disconnected from the Internet.

The hidden file should now be visible. Click on Start, Find, Files or
Folders and enter the name of the file (WDMK.DLLL). It will be located in
C:\WINDOWS\SYSTEM\WDMK.DLL Once you find it, right click on it and
select delete.

Now please run CWShredder and make sure you select the Fix button.
Next run Adaware by clicking on the Scan Now button and select "Perform full system scan".
When scan is finished, make sure you select all items found and have them fixed.

Now run HijackThis and have it fix the following lines (these came from your previous HijackThis log, hopefully they have not mutated. If so, see if you can locate the similar problem lines to fix. Otherwise we may need to start over again.)


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {3DF009ED-54BF-4A31-AADC-679997254A74} - C:\WINDOWS\SYSTEM\AIGHKH.DLL
O18 - Filter: text/html - {7CC1DA6A-B893-4E55-997E-8046D9F77D8B} - C:\WINDOWS\SYSTEM\AIGHKH.DLL
O18 - Filter: text/plain - {7CC1DA6A-B893-4E55-997E-8046D9F77D8B} - C:\WINDOWS\SYSTEM\AIGHKH.DLL

Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot again and reconnect to the internet. Come back here and post a new HijackThis log ATTACHMENT.

 

Questions:
1) Is this from your ISP:
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\PROGRAM FILES\ISP50\BIN\BANDOBJECT.DLL

2) And am I correct in assuming you still have system restore disabled?

I don't know where you are surfing but problems from your first HJT log have returned. You need to install some protection tools before we can fix this. I would recommed you download and install these two free tools:

http://majorgeeks.com/download2859.html SpyWare Blaster <--- enable all of its protections
http://majorgeeks.com/download3045.html SpyWare Guard

Then reboot! And run HijackThis and fix the below lines (make sure no browser windows are open):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12ee51d9cfedb46c7805/netzip/RdxIE601.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=230270dab455d0e176941480ba0fc85f2978d245429f93809c10f10b815c8a96c9ba5c54063f7603d4945ab86ee97ff22322f046:375a82d108ec2e9d584f880889783bc3

Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com (you can set it to your desired home page if you prefer something different). Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot. And before running anything else, run HJT and save an HJT log (log1.txt).
Now do some surfing opening and closing Internet Explorer sessions a few times.
Run HJT again and save an HJT log (log2.txt)

Post both HJT logs as attachments here.

 

You did not answer my questions!

 

Run HijackThis and put checks on the following lines BUT DO NOT CLICK FIX until all browsers sessions including the one you are reading in right now are closed:
O2 - BHO: (no name) - {260352B0-91F7-471B-BADB-6CF2B764D70E} - C:\WINDOWS\SYSTEM\AEOFB.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Filter: text/html - {68E94CDF-73FB-4445-8504-F2BF4B8C87E5} - C:\WINDOWS\SYSTEM\AEOFB.DLL
O18 - Filter: text/plain - {68E94CDF-73FB-4445-8504-F2BF4B8C87E5} - C:\WINDOWS\SYSTEM\AEOFB.DLL

Reboot and post a new HJT log. Tell me how things are working.

 

Log file looks squeaky clean. Only thing you could remove, though not harmful is

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)

Simply because of the no file at the end it is not useful.

 

Agreed!! Looking good now! Like a diamond, Dave!

 

You're welcome!