about blank problem

Hi, I am new here and I know other people have had this problem but I didn't want to copy their instructions if it is different for me.

We have been getting about:blank homepage for the past week now. No matter what I do it comes back. And now from deleting things I guess, when I type in posts it takes forever for the actual charaters to show up.

After I run the programs below I try to install spware blaster 6 and get this message: This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it.

I ran Adaware and got 11 new items. I also ran CW Shredder and got 6 items. I removed them all and ran hijack this. Here is my log.

Logfile of HijackThis v1.97.7
Scan saved at 11:16:31 AM, on 4/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\MFBLBP.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\MFBLBP.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\MFBLBP.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\MFBLBP.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\MFBLBP.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\MFBLBP.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {2050CA10-7760-4296-BE17-18B752D30541} - C:\WINDOWS\SYSTEM\MFBLBP.DLL
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bpt: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://209.10.141.166/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {F72A7B0E-0DD8-11D1-BD6E-00AA00B92AF1} (IE Active Setup Control) - http://www.microsoft.com/windows/ie/ie40/download/cdf/setupctl.cab
O16 - DPF: {6BD4FB43-470E-11D2-B99D-00104B02C956} (AtDownloadIE Class) - http://cpulse.webex.com/client/webex/atbootie.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.104/308ed8d6f1836be05721/netzip/RdxIE.cab
O16 - DPF: {AAD68411-5B98-11D3-9B52-00001C0007B3} (EonX 3.0.0) - http://www.realityobjects.com/download/3_0_1_135/eonx.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.5574421296
O16 - DPF: {7EF1788A-8C66-4A77-95D2-3341111E4ACD} (CouponsIncIECtl2 Class) - http://a19.g.akamai.net/7/19/7125/1404/ftp.coupons.com/v7/cpnsie2.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/MySignatureInitialSetup1.0.0.6.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\windows\win.exe
O19 - User stylesheet: C:\WINDOWS\win32.bmp

Any help would be appreciated as this is driving me crazy. Also, my husband and I have different logon names so whatever I do under my login doesn't seem to apply for his. So I think that may also be hurting me.

thanks
mountainmutts

 

Hi mountainmutts,Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/MySignatureInitialSetup1.0.0.6.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\windows\win.exe
O19 - User stylesheet: C:\WINDOWS\win32.bmp

Can you please mail
c:\windows\win.exe
C:\WINDOWS\win32.bmp
to the address I will send to your PM box?

Then go here:
http://www10.brinkster.com/expl0iter/freeatlast/PVtool.htm
And download "Xfind.zip" from there.
Unzip, run the 'find.bat' inside.
Wait till it terminates and find 'log.txt' inside which
you'd need to attach into your next reply.

Next, do this:
open the registry from start/run/regedit
And expand the following:
*HKEY_CLASSES_ROOT\PROTOCOLS\Filter
RightClick the 'filter' key, choose 'export' name it and save in location of choice

Navigate to this key next:
*HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\Windows
Find this value on the right panel:
"Appinit_Dlls"< RightClick and rename to:
->'Appinit_Dlls1'
Close regedit, reopen it to the same key, Hilite the
'Windows' key there,
Export it the same way and save in location of choice


Lastly, navigate to:
*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects<
Export that Subfolder the same way.
And proceed to do the following:

RightClick Security/permissions on 'Browser Helper Objects'
in 'advanced, de-select (uncheck) the
"inherit from parent...permissions" lower box.
Hit ok' and 'remove' on next prompts.

That will prevent it from spreading further.

Into your next reply, navigate to the .reg files
you saved, RightClick each -> edit, copy the
contents and post here, along with new hijackthis log.

Regards,

Pieter