"search for" page has hijacked my home page

  lucy247 00:19 10 Oct 2004
Locked

whenever i go into explorer my home page consists of a whole page of search links - anerican. it is a white page with pl;ain blue text and has the simple heading "SEARCH FOR..." i have ran spybot adaware cw shredder and webroot spy sweeper to no avail - it just won go away

the home page address still shows as about:blank

any suggestions anyone?

thanks

  researcher 01:45 10 Oct 2004

Sorry I cannot help get rid of your problem, but when you do, try 'Start Page Gaurd' - it may even prevent the current page loading anyway if you install it.

Can't remember the link - try gooogle search.

  Andsome 07:47 10 Oct 2004

There are several experts on Windows Forum, who can definitely help with this problem. If you register there and mention your problem, they will direct you to a link called Hijack this. You will be told how to present them with a log file, and they will tell you what to delete by using this program. It sounds complicated but isn't really. The only problem is that at this very moment the website has crashed. Keep trying.

click here

  mark2 10:14 10 Oct 2004

Create a new folder in your "My Documents" folder, name it HJT so it's easily recognised you then download hijackthis from click here and download hijackthis.exe, save it to the new HJT folder

Once done double click Hijackthis.exe, it will run a scan and the scan button will change to a "save log" button, save the log (a .txt file) and post the results here double spacing each line, you'll likely need to post in 2 sections, we'll need all of the log including the headers, we'll then be able to help

A short tutorial is click here

  lucy247 13:21 10 Oct 2004

thanks for that

here is my hijack this log first half

Logfile of HijackThis v1.97.7
Scan saved at 13:15:50, on 10/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\ADSL\ADSL PCI Modem\CnxDslTb.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SpywareGuard\spywareguardcp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\SOFTWARE\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:14000

  lucy247 13:22 10 Oct 2004

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = click here
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CE369D5-A488-47AF-919B-4350E433BC34} - C:\WINDOWS\system32\eihei.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (disabled by BHODemon)
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\ADSL\ADSL PCI Modem\CnxDslTb.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Privacy Eraser Pro] C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /Startup
O4 - HKLM\..\RunOnce: [ Privacy Eraser Pro] C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /ErIEIndex
O4 - HKCU\..\RunOnce: [ Privacy Eraser Pro] C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /ErIEIndex
O4 - Startup: SpywareGuard Control Panel.lnk = C:\Program Files\SpywareGuard\spywareguardcp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Medion-UK (HKCU)
O14 - IERESET.INF: START_PAGE_URL=click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4CBECCA-C02B-4C4C-A7AA-CD7491EA72EF}: NameServer = 212.159.13.49 212.159.13.50

thanks for the help

  mark2 14:27 10 Oct 2004

I've asked nellie2 to take a look at this,

However your version of HJT looks to be outdated, did you get it from my 1st link, it should be V1.98.2, this gives us more information, could you recheck the properties of the file you downloaded particularly version no.
Also the formatting in this forum makes it difficult to read logs if each line of the log isn't double spaced, if you just hit enter at the end of each line of the log when posting it makes it easier to decipher.

  Nellie2 18:29 10 Oct 2004

Just bookmarking this... Lucy247 please post a fresh log with HJT version 1.98.2 as Mark2 has advised and if at all possible do not reboot your computer until we get this fixed.

  mr molly 19:17 10 Oct 2004

i had this search thing you talking about on mine tonight i just went in internet options in control panal erased it typed in my home page click on apply ok: its comes up now & again when kids play on here goes no problem

  french_always_sucked 19:46 10 Oct 2004

heres an idea, go into msconfig and remove all ticks then tick one and see if it has gone.
spybot usually finds it.

maybe try a virus scanner which updated

or if u have a thinkpad just restore the comp to before it happened

  mark2 19:58 10 Oct 2004

This is one of the nastiest about:blank infections the above 2 suggestions have all been tried in the past with no effect, it also changes itself with rebooting, which is why the request not to reboot, and also why nellie's expertise is required.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment utiliser Live Photos ?