Home Search Assistent/About:Blank Page Problem

[glassinthetrees]

My AOL Instant Messanger keeps crashing and as it turns out my computer has been infected by Home Search Assistent, Search Extender, and Shopping Wizard. When I open IE, my homepage is always reset to "about:blank" and I always get pop ups from "Only the Best". I ran ad-aware and it didn't get rid of the problem. If anyone could help me out with this and walk me through the steps I would really appreciate it. Here's my Hijackthis list:

Logfile of HijackThis v1.98.2
Scan saved at 7:31:08 PM, on 11/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\netnc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\adddp.exe
C:\Documents and Settings\khayes\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C8CA3BC0-2B1E-FD1D-3A00-E174FA3DEC18} - C:\WINDOWS\mfczn32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ntgn32.exe] C:\WINDOWS\system32\ntgn32.exe
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [ipsn32.exe] C:\WINDOWS\system32\ipsn32.exe
O4 - HKLM\..\Run: [adddp.exe] C:\WINDOWS\adddp.exe
O4 - HKLM\..\RunOnce: [apiep.exe] C:\WINDOWS\apiep.exe
O4 - HKLM\..\RunOnce: [d3vi.exe] C:\WINDOWS\system32\d3vi.exe
O4 - HKLM\..\RunOnce: [ntbm.exe] C:\WINDOWS\system32\ntbm.exe
O4 - HKLM\..\RunOnce: [iewm.exe] C:\WINDOWS\iewm.exe
O4 - HKLM\..\RunOnce: [msfp.exe] C:\WINDOWS\msfp.exe
O4 - HKLM\..\RunOnce: [d3wp32.exe] C:\WINDOWS\d3wp32.exe
O4 - HKLM\..\RunOnce: [crsg.exe] C:\WINDOWS\crsg.exe
O4 - HKLM\..\RunOnce: [ieby.exe] C:\WINDOWS\ieby.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\ieqi32.exe
O4 - HKLM\..\RunOnce: [mfcob32.exe] C:\WINDOWS\system32\mfcob32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\ietr32.exe
O4 - HKLM\..\RunOnce: [netux32.exe] C:\WINDOWS\system32\netux32.exe
O4 - HKLM\..\RunOnce: [netnm.exe] C:\WINDOWS\netnm.exe
O4 - HKLM\..\RunOnce: [apifv.exe] C:\WINDOWS\system32\apifv.exe
O4 - HKLM\..\RunOnce: [javaqb32.exe] C:\WINDOWS\javaqb32.exe
O4 - HKLM\..\RunOnce: [syski.exe] C:\WINDOWS\system32\syski.exe
O4 - HKLM\..\RunOnce: [ntpw.exe] C:\WINDOWS\ntpw.exe
O4 - HKLM\..\RunOnce: [netsz32.exe] C:\WINDOWS\system32\netsz32.exe
O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\crjx.exe
O4 - HKLM\..\RunOnce: [d3en32.exe] C:\WINDOWS\system32\d3en32.exe
O4 - HKLM\..\RunOnce: [appdg32.exe] C:\WINDOWS\appdg32.exe
O4 - HKLM\..\RunOnce: [javaeb32.exe] C:\WINDOWS\javaeb32.exe
O4 - HKLM\..\RunOnce: [mscl.exe] C:\WINDOWS\mscl.exe
O4 - HKLM\..\RunOnce: [winke32.exe] C:\WINDOWS\system32\winke32.exe
O4 - HKLM\..\RunOnce: [sdknc.exe] C:\WINDOWS\system32\sdknc.exe
O4 - HKLM\..\RunOnce: [atlvl32.exe] C:\WINDOWS\system32\atlvl32.exe
O4 - HKLM\..\RunOnce: [netmv32.exe] C:\WINDOWS\system32\netmv32.exe
O4 - HKLM\..\RunOnce: [sysdm32.exe] C:\WINDOWS\sysdm32.exe
O4 - HKLM\..\RunOnce: [d3dr.exe] C:\WINDOWS\d3dr.exe
O4 - HKLM\..\RunOnce: [mfcip32.exe] C:\WINDOWS\system32\mfcip32.exe
O4 - HKLM\..\RunOnce: [atlnj32.exe] C:\WINDOWS\system32\atlnj32.exe
O4 - HKLM\..\RunOnce: [appae.exe] C:\WINDOWS\appae.exe
O4 - HKLM\..\RunOnce: [apinv32.exe] C:\WINDOWS\apinv32.exe
O4 - HKLM\..\RunOnce: [iptu.exe] C:\WINDOWS\iptu.exe
O4 - HKLM\..\RunOnce: [d3at.exe] C:\WINDOWS\system32\d3at.exe
O4 - HKLM\..\RunOnce: [crhi.exe] C:\WINDOWS\crhi.exe
O4 - HKLM\..\RunOnce: [mfcyt32.exe] C:\WINDOWS\system32\mfcyt32.exe
O4 - HKLM\..\RunOnce: [syscb.exe] C:\WINDOWS\syscb.exe
O4 - HKLM\..\RunOnce: [iert.exe] C:\WINDOWS\system32\iert.exe
O4 - HKLM\..\RunOnce: [crmz.exe] C:\WINDOWS\system32\crmz.exe
O4 - HKLM\..\RunOnce: [mspn.exe] C:\WINDOWS\system32\mspn.exe
O4 - HKLM\..\RunOnce: [appep.exe] C:\WINDOWS\appep.exe
O4 - HKLM\..\RunOnce: [mfcev32.exe] C:\WINDOWS\system32\mfcev32.exe
O4 - HKLM\..\RunOnce: [winto.exe] C:\WINDOWS\winto.exe
O4 - HKLM\..\RunOnce: [atlpa32.exe] C:\WINDOWS\atlpa32.exe
O4 - HKLM\..\RunOnce: [atlkz.exe] C:\WINDOWS\atlkz.exe
O4 - HKLM\..\RunOnce: [d3td.exe] C:\WINDOWS\system32\d3td.exe
O4 - HKLM\..\RunOnce: [crcj.exe] C:\WINDOWS\system32\crcj.exe
O4 - HKLM\..\RunOnce: [atlvb32.exe] C:\WINDOWS\atlvb32.exe
O4 - HKLM\..\RunOnce: [javanr32.exe] C:\WINDOWS\system32\javanr32.exe
O4 - HKLM\..\RunOnce: [d3er.exe] C:\WINDOWS\d3er.exe
O4 - HKLM\..\RunOnce: [sdkav32.exe] C:\WINDOWS\sdkav32.exe
O4 - HKLM\..\RunOnce: [DelDirTree] C:\WINDOWS\UnInst32.exe C:\WINDOWS\DelDir.BEN
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {126D9184-71E9-42D0-9DE5-DEA8508E6ABF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe


I don't know which files I should delete. Someone please help me.

[southernlady]

glassinthetrees, I want you to turn off system restore and I am going to get help because you are beyond my ability. Do NOT reboot your system. Liz

[glassinthetrees]

Ok Liz I just turned off system restore. Can someone please help me out with my problem?

[Dave]

Yes, we'll definitely help with your problems. I'll be posting later about the log.

Dave

[glassinthetrees]

Ok thanks a lot Dave

[Dave]

You may want to print this out since you'll need all browser windows closed when fixing.

For your start and/or search page items, R0-R3, if you don't recognize the url, then fix it:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R3 - Default URLSearchHook is missing

There's going to be a little work to do here, so make sure to read the end of this post.

Fix the following:
O2 - BHO: (no name) - {C8CA3BC0-2B1E-FD1D-3A00-E174FA3DEC18} - C:\WINDOWS\mfczn32.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ntgn32.exe] C:\WINDOWS\system32\ntgn32.exe
O4 - HKLM\..\Run: [ipsn32.exe] C:\WINDOWS\system32\ipsn32.exe
O4 - HKLM\..\Run: [adddp.exe] C:\WINDOWS\adddp.exe
O4 - HKLM\..\RunOnce: [apiep.exe] C:\WINDOWS\apiep.exe
O4 - HKLM\..\RunOnce: [d3vi.exe] C:\WINDOWS\system32\d3vi.exe
O4 - HKLM\..\RunOnce: [ntbm.exe] C:\WINDOWS\system32\ntbm.exe
O4 - HKLM\..\RunOnce: [iewm.exe] C:\WINDOWS\iewm.exe
O4 - HKLM\..\RunOnce: [msfp.exe] C:\WINDOWS\msfp.exe
O4 - HKLM\..\RunOnce: [d3wp32.exe] C:\WINDOWS\d3wp32.exe
O4 - HKLM\..\RunOnce: [crsg.exe] C:\WINDOWS\crsg.exe
O4 - HKLM\..\RunOnce: [ieby.exe] C:\WINDOWS\ieby.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\ieqi32.exe
O4 - HKLM\..\RunOnce: [mfcob32.exe] C:\WINDOWS\system32\mfcob32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\ietr32.exe
O4 - HKLM\..\RunOnce: [netux32.exe] C:\WINDOWS\system32\netux32.exe
O4 - HKLM\..\RunOnce: [netnm.exe] C:\WINDOWS\netnm.exe
O4 - HKLM\..\RunOnce: [apifv.exe] C:\WINDOWS\system32\apifv.exe
O4 - HKLM\..\RunOnce: [javaqb32.exe] C:\WINDOWS\javaqb32.exe
O4 - HKLM\..\RunOnce: [syski.exe] C:\WINDOWS\system32\syski.exe
O4 - HKLM\..\RunOnce: [ntpw.exe] C:\WINDOWS\ntpw.exe
O4 - HKLM\..\RunOnce: [netsz32.exe] C:\WINDOWS\system32\netsz32.exe
O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\crjx.exe
O4 - HKLM\..\RunOnce: [d3en32.exe] C:\WINDOWS\system32\d3en32.exe
O4 - HKLM\..\RunOnce: [appdg32.exe] C:\WINDOWS\appdg32.exe
O4 - HKLM\..\RunOnce: [javaeb32.exe] C:\WINDOWS\javaeb32.exe
O4 - HKLM\..\RunOnce: [mscl.exe] C:\WINDOWS\mscl.exe
O4 - HKLM\..\RunOnce: [winke32.exe] C:\WINDOWS\system32\winke32.exe
O4 - HKLM\..\RunOnce: [sdknc.exe] C:\WINDOWS\system32\sdknc.exe
O4 - HKLM\..\RunOnce: [atlvl32.exe] C:\WINDOWS\system32\atlvl32.exe
O4 - HKLM\..\RunOnce: [netmv32.exe] C:\WINDOWS\system32\netmv32.exe
O4 - HKLM\..\RunOnce: [sysdm32.exe] C:\WINDOWS\sysdm32.exe
O4 - HKLM\..\RunOnce: [d3dr.exe] C:\WINDOWS\d3dr.exe
O4 - HKLM\..\RunOnce: [mfcip32.exe] C:\WINDOWS\system32\mfcip32.exe
O4 - HKLM\..\RunOnce: [atlnj32.exe] C:\WINDOWS\system32\atlnj32.exe
O4 - HKLM\..\RunOnce: [appae.exe] C:\WINDOWS\appae.exe
O4 - HKLM\..\RunOnce: [apinv32.exe] C:\WINDOWS\apinv32.exe
O4 - HKLM\..\RunOnce: [iptu.exe] C:\WINDOWS\iptu.exe
O4 - HKLM\..\RunOnce: [d3at.exe] C:\WINDOWS\system32\d3at.exe
O4 - HKLM\..\RunOnce: [crhi.exe] C:\WINDOWS\crhi.exe
O4 - HKLM\..\RunOnce: [mfcyt32.exe] C:\WINDOWS\system32\mfcyt32.exe
O4 - HKLM\..\RunOnce: [syscb.exe] C:\WINDOWS\syscb.exe
O4 - HKLM\..\RunOnce: [iert.exe] C:\WINDOWS\system32\iert.exe
O4 - HKLM\..\RunOnce: [crmz.exe] C:\WINDOWS\system32\crmz.exe
O4 - HKLM\..\RunOnce: [mspn.exe] C:\WINDOWS\system32\mspn.exe
O4 - HKLM\..\RunOnce: [appep.exe] C:\WINDOWS\appep.exe
O4 - HKLM\..\RunOnce: [mfcev32.exe] C:\WINDOWS\system32\mfcev32.exe
O4 - HKLM\..\RunOnce: [winto.exe] C:\WINDOWS\winto.exe
O4 - HKLM\..\RunOnce: [atlpa32.exe] C:\WINDOWS\atlpa32.exe
O4 - HKLM\..\RunOnce: [atlkz.exe] C:\WINDOWS\atlkz.exe
O4 - HKLM\..\RunOnce: [d3td.exe] C:\WINDOWS\system32\d3td.exe
O4 - HKLM\..\RunOnce: [crcj.exe] C:\WINDOWS\system32\crcj.exe
O4 - HKLM\..\RunOnce: [atlvb32.exe] C:\WINDOWS\atlvb32.exe
O4 - HKLM\..\RunOnce: [javanr32.exe] C:\WINDOWS\system32\javanr32.exe
O4 - HKLM\..\RunOnce: [d3er.exe] C:\WINDOWS\d3er.exe
O4 - HKLM\..\RunOnce: [sdkav32.exe] C:\WINDOWS\sdkav32.exe
O4 - HKLM\..\RunOnce: [DelDirTree] C:\WINDOWS\UnInst32.exe C:\WINDOWS\DelDir.BEN
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?

Fix:
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup This is a questionable spyware killer. I suggest getting rid of it and use Ad-Aware or SpyBot S&D.

You can get rid of this if you want, especially if you don't have a Presario:
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409

Next, download about: Buster from here. Run AboutBuster.exe, click OK, then start, then
OK. This will scan your computer for the files responsible for
hijacking your home and/or search settings/page, and produce a rreport.

Reboot and post a new HijackThis log along with the report from about:Buster.

Dave

[glassinthetrees]

Hey Dave I fixed all of the bad files in HijackThis but when I ran about:Buster it said "MsComCtl.ocx' " or one of its dependencies is not correctly registered and that a file was missing or invalid. What should I do?

[intercodes]

glassinthetrees,

okie. ..this helps I guess.

http://www.majorgeeks.com/faqshow.php?id=8

[Dave]

Also, you can try downloading and installing again.

Dave

[glassinthetrees]

Dave I'm having some trouble running the file from the majorgeeks site, it says "Load Library (MSCOMCTL.OCX) failed-The specific module could not be found. I also tried downloading about:Buster again and I got the same response as before. I have no idea what to do now. Please help!!