Can't seem to shake loose from about:blank

In my quest to shake loose from about:blank, I went thru the steps in "READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal". One step I didn't do is the "Symantec Security Check". After 35 minutes of no sign of activity of any kind, I kicked out and started over. Then after an hour without any sign of activity, I kicked out for good and went on without it. I also didn't do the "Only the Best" aka "HSA" HIJACKER please view this thread by Chaslang". I'm not brave enough yet to attempt manual cleaning. Finally, after posting my Hijack this log on Help2Go Detective and Hijack This analysis and removing the nastys they found (nastys only, not any questionables), it seemed the symptoms were finally gone - until the next day. Now Spybot doesn't find anything. Neither does Adaware, AboutBuster, NoAdware, Spyhunter, or Spywareblaster. We shut down at night and startup again in the morning. Now, at least, IE doesn't start on its own like before the cleaning marathon, but when IE is clicked the home page has been changed to about:blank. I can go into Internet Options - General and reset our home page and it seems to stay until our next shut down. There for a day or two the home page was coming up Google instead of about:blank. We are back to about:blank now. With all the cleaning I've done, and because the malware cleaners aren't finding any nastys now but our home page keeps changing back to about:blank, I would enjoy any comments or suggestions anyone would care to offer about what may be a good next step to keep our home page from changing to about:blank. We are a Dell 333, Windows 98SE, current with critical downloads, IE 6. Thanks, K.

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Thank You bjgarrick, I appreciate your reply. After unzipping the hijackthis.exe file to C:\Program Files\HJT, I closed everything so nothing was open except HJT. I clicked scan and save log, then saved the notepad log to desktop. Since the upload function doesnt seem to like the .log, I transferred the HJT log to word document and attached that. Hope this process provides the proper information. K.

 

Look BJ I converted it for ya....aint I a nice guy....
and very bored at work..lol.... hope ya don't mind

 

Thanks tblue. How did you do that. When I tried to attach the .log HJT presented me in Notebook, I got a little red x even tho the instructions said .log was accepted. Where do you spose I went wrong? K.

 

Your welcome,

Sometimes it show a red x. But it still loads. Don't know why but if it uploads its attached.

T.Blue

 

Appreciate the response. Didnt even think to try to upload after getting the red x. Now I know. Thanks, K.

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O4 - HKCU\..\Run: [NoAdware3] "C:\PROGRAM FILES\ANTISPYWARE TOOLS\NOADWARE3\NOADWARE3.EXE"

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.vi ewpoint.com/cgi-bin/vet_install_popup.pl?2&04.00.04.03&http://www.space.com/zoom view/al_taji_march27.html

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above REBOOT, Scan with HijackThis and attach the new log.

 

After following your instructions, all symptions we were suffering seem to be gone. Its great to have those 8 days behind me. Thanks bjgarrick, couldnt have done it without you. K.

 

Go ahead and attach a fresh HJT log, to confirm your clean.