Adware Popups and About Blank homepage hijack

Posted on 2005-05-09
Last Modified: 2008-03-10
I keep getting these popups.  So far I have done the following:
1. Deleted all temp\temp internet files
2. Updated and ran in Safe Mode - Spybot 1.3, MS AntiSpyware, Adware 6, CWShredder and PestPatrol
3. Virus scan with updated defs (none found)
4. msconfig - turned off all startups and rebooted to Windows

In Add Remove programs there is:
Home Seach Assistent and Shopping Wizard.  When I try to uninstall, it takes me to the following sites:

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:51:48 PM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bskpa.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bskpa.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bskpa.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bskpa.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bskpa.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bskpa.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {867653BB-CBDA-5ADF-86A5-ECF1FB3432E2} - C:\WINDOWS\netuz32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iezm.exe] C:\WINDOWS\system32\iezm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Acadm 6\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Acadm 6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Acadm 6\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Acadm 6\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hsml.local
O17 - HKLM\Software\..\Telephony: DomainName = hsml.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hsml.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hsml.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\syscx32.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Question by:mmacdougall
    LVL 57

    Accepted Solution

    about:blank Removal

    Automated Removal
    Then unzip all files from the zip folder to a folder or your desktop. Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it says it found an update hit Download Updates. If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot. Once rebooted run AboutBuster 4.0 once more to make sure everything is ok. The database will be updated very frequently so check your versions once a day.


    Remove about:blank Buddy is a powerful tool to get rid of about:blank home page parasites. Remove about:blank Buddy lets you keep about blank home page from changing by disabling home page hijackers and restoring original configuration.

    Manual Removal
    About:Blank Homepage Hijacker Removal Instructions and Help
    LVL 57

    Expert Comment

    by:Pete Long
    Browser Hijacking/Spyware/Adware/Malware Removal instructions

    Full removal and Prevention instructions are available on my website,

    Please don't "Gum up" the TA's here by posting Hijack This Logs
    go here and have it analysed.

    The EE Official Link to info is,
    LVL 57

    Expert Comment

    by:Pete Long

    Author Comment

    Pete, I had it analised and tried to fix it thanks, but although I delete what I should, it keeps coming back, thats why I posted.

    LVL 29

    Assisted Solution


    Adware Away claims cleaning up that nasty, and people on EE have confirmed that:

    The trial version usually is fully active for some sessions:

    Good luck,

    LVL 29

    Expert Comment


    And instructions on how to do it:

    LVL 10

    Assisted Solution

    XP....disable system restore, boot in safemode the use the removal tools.

    Author Comment

    Great job guys
    LVL 57

    Expert Comment

    by:Pete Long
    LVL 29

    Expert Comment



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Suggested Solutions

    Title # Comments Views Activity
    merging 12 mp4 files 33 95
    Percentage 6 43
    Graph Function 6 47
    How to ship powerbank/batteries from Amazon to Asia? 8 16
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
    Video by: Kyle
    After watching the Introduction to GIMP and additional tools to use in GIMP we are shown how to utilize multiple tools to create a 3D effect image.
    Introduction to GIMP:  GNU Image Manipulation Program. It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now