# About:Blank hijack



## dennis54 (May 29, 2004)

i am like many with the about:blank problem. I have used CWSshredder, spybot and ad aware 6.0 (all latest versions). they scan and "fix" the problem, but if i scan agian there are offending files agian
below is my ad aware log after scanning
thanksLavasoft Ad-aware Plus Build 6.181
Logfile created on :Saturday, May 29, 2004 1:48:00 AM
Using reference-file :01R311 27.05.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R311 27.05.2004
Internal build : 243
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1172560 Bytes
Signature data size : 1152893 Bytes
Reference data size : 19603 Bytes
Signatures total : 25723
Target categories : 10
Target families : 487

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:49 %
Total physical memory:523740 kb
Available physical memory:252740 kb
Total page file size:1277668 kb
Available on page file:1010472 kb
Total virtual memory:2097024 kb
Available virtual memory:2053140 kb
OS:Windows 2000

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include info about ignored objects in logfile, if detected in scan
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Include used command line parameters in logfile
Set : XP/2000: Allow unloading explorer to unload shell extensions prior deletion)
Set : Let windows remove files in use at next reboot
Set : Block Popups and banned sites
Set : Show splash screen
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result

5-29-2004 1:48:00 AM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-29-2004 5:10:26 AM
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 5-29-2004 5:10:34 AM
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 5-29-2004 5:10:37 AM
BasePriority : Normal
FileSize : 86 KB
FileVersion : 5.00.2195.2780
ProductVersion : 5.00.2195.2780
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 5/4/2001 6:05:02 PM

#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 5-29-2004 5:10:37 AM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 2/25/2004 11:59:07 PM

#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 5-29-2004 5:10:40 AM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 12/7/1999 12:00:00 PM

#:6 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 5-29-2004 5:10:40 AM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.4299
ProductVersion : 5.00.2195.4299
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 2/12/2002 3:29:55 AM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 10/30/2001 12:57:00 PM

#:7 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 5-29-2004 5:10:40 AM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName  : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 12/7/1999 12:00:00 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 12/7/1999 12:00:00 PM

#:8 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ThreadCreationTime : 5-29-2004 5:10:41 AM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 3.0.0.595
Copyright : Copyright 
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
OriginalFilename : Framework.exe
ProductName : McAfee Common Framework
Created on : 9/5/2003 9:55:24 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 2/25/2003 10:00:00 AM

#:9 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ThreadCreationTime : 5-29-2004 5:10:42 AM
BasePriority : High
FileSize : 228 KB
FileVersion : 7.0.0.237
ProductVersion : 7.0.0
Copyright : Copyright 
CompanyName : Network Associates, Inc.
FileDescription : On-Access Scanner service
ProductName : VirusScan Enterprise
Created on : 3/6/2003 12:00:00 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 3/6/2003 12:00:00 PM

#:10 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ThreadCreationTime : 5-29-2004 5:10:42 AM
BasePriority : Normal
FileSize : 124 KB
FileVersion : 7.0.0.511
ProductVersion : 7.0.0
Copyright : Copyright 
CompanyName : Network Associates, Inc.
FileDescription : Task Manager : scheduling and OAS alerting service
ProductName : VirusScan Enterprise
Created on : 3/6/2003 12:00:00 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 3/6/2003 12:00:00 PM

#:11 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 5-29-2004 5:10:45 AM
BasePriority : Normal
FileSize : 65 KB
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 2/12/2002 8:07:03 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 5/4/2001 6:05:02 PM

#:12 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 5-29-2004 5:10:46 AM
BasePriority : Normal
FileSize : 115 KB
FileVersion : 4.71.2195.1
ProductVersion : 4.71.2195.1
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft 
Created on : 2/12/2002 8:06:59 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 5/4/2001 6:05:02 PM

#:13 [stisvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 5-29-2004 5:10:46 AM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
Copyright : Copyright (C) Microsoft Corp. 1996-1997
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
OriginalFilename : STIMON.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 2/12/2002 8:07:05 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 5/4/2001 6:05:02 PM

#:14 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 5-29-2004 5:10:47 AM
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0029
ProductVersion : 1.50.1085.0029
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 2/12/2002 8:07:10 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 5/4/2001 6:05:02 PM

#:15 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 5-29-2004 5:10:48 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft (R) DRM
Created on : 11/22/2003 7:12:32 PM
Last accessed : 5/29/2004 6:22:07 AM
Last modified : 5/1/2001 11:06:22 PM

#:16 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 5-29-2004 5:11:03 AM
BasePriority : Normal
FileSize : 237 KB
FileVersion : 5.00.3315.2846
ProductVersion : 5.00.3315.2846
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 2/12/2002 8:07:07 PM
Last accessed : 5/29/2004 6:36:08 AM
Last modified : 5/4/2001 6:05:02 PM

#:17 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 5-29-2004 6:47:51 AM
BasePriority : Normal
FileSize : 671 KB
FileVersion : 6.0.1.182
ProductVersion : 6.0.0.0
Copyright : Copyright 
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/19/2004 8:00:53 PM
Last accessed : 5/29/2004 6:21:58 AM
Last modified : 7/13/2003 3:01:14 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 1

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1

1:49:00 AM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:00:59:703
Objects scanned :41567
Objects identified :1
Objects ignored :0
New objects :1


----------



## Flrman1 (Jul 26, 2002)

Hi dennis

Welcome to TSG! 

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue this in this new thread.

Please do this. Click here to download Hijack This. Click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.

*Note: When you download Hijack This *Do Not* download it to a temp folder or to the desktop. Create a permanent folder somewhere like in My Documents and name it Hijack This and put it in that folder.


----------

