I seem to have been infected with some type of virus, about:blank appears on my
homepage and i can not change it, along with ads and popups.
only i can't get rid of it.
I've read a lot about this about:blank hijacker and i have tried everything that has
been suggested, nothing has worked. therefor, I have run hijackthis and below i
will post my results, if anyone can tell me where the problems are. I thank you
for all of your help. Thanks, cwecke0102
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lbqmi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lbqmi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lbqmi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lbqmi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lbqmi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lbqmi.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lbqmi.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {0A01425A-FE96-A0ED-E1F3-04A6B2DBFCF6} - C:\WINDOWS\SYSTEM\JAVAXA.DLL
O2 - BHO: Class - {FE631542-5710-C655-B010-99FA69882349} - C:\WINDOWS\SYSTEM\JAVAXA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [AntiSpy] C:\PROGRAM FILES\DEFENDER PRO\ANTISPY\DPAS.EXE startup
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [ps2T36h] OCCET35.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [IEAT32.EXE] C:\WINDOWS\IEAT32.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [WINKM.EXE] C:\WINDOWS\WINKM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SYSON.EXE] C:\WINDOWS\SYSTEM\SYSON.EXE /s
O4 - HKLM\..\RunServices: [ATLHO32.EXE] C:\WINDOWS\SYSTEM\ATLHO32.EXE /s
O4 - HKLM\..\RunServices: [SYSXG32.EXE] C:\WINDOWS\SYSTEM\SYSXG32.EXE /s
O4 - HKLM\..\RunServices: [APIBU.EXE] C:\WINDOWS\SYSTEM\APIBU.EXE /s
O4 - HKLM\..\RunServices: [SDKTP32.EXE] C:\WINDOWS\SYSTEM\SDKTP32.EXE /s
O4 - HKLM\..\RunServices: [ADDTV32.EXE] C:\WINDOWS\ADDTV32.EXE /s
O4 - HKLM\..\RunServices: [APITM32.EXE] C:\WINDOWS\SYSTEM\APITM32.EXE /s
O4 - HKLM\..\RunServices: [CRWQ32.EXE] C:\WINDOWS\SYSTEM\CRWQ32.EXE /s
O4 - HKLM\..\RunServices: [ATLOQ.EXE] C:\WINDOWS\SYSTEM\ATLOQ.EXE /s
O4 - HKLM\..\RunServices: [NTVB.EXE] C:\WINDOWS\NTVB.EXE /s
O4 - HKLM\..\RunServices: [CRGU.EXE] C:\WINDOWS\SYSTEM\CRGU.EXE /s
O4 - HKLM\..\RunServices: [ATLRK32.EXE] C:\WINDOWS\SYSTEM\ATLRK32.EXE /s
O4 - HKLM\..\RunServices: [APPWV.EXE] C:\WINDOWS\APPWV.EXE /s
O4 - HKLM\..\RunServices: [JAVANB32.EXE] C:\WINDOWS\SYSTEM\JAVANB32.EXE /s
O4 - HKLM\..\RunServices: [IPAH32.EXE] C:\WINDOWS\IPAH32.EXE /s
O4 - HKLM\..\RunServices: [SDKYJ32.EXE] C:\WINDOWS\SYSTEM\SDKYJ32.EXE /s
O4 - HKLM\..\RunServices: [NTWS.EXE] C:\WINDOWS\SYSTEM\NTWS.EXE /s
O4 - HKLM\..\RunServices: [NETDJ32.EXE] C:\WINDOWS\SYSTEM\NETDJ32.EXE /s
O4 - HKLM\..\RunServices: [WINSR.EXE] C:\WINDOWS\SYSTEM\WINSR.EXE /s
O4 - HKLM\..\RunServices: [IPYK.EXE] C:\WINDOWS\SYSTEM\IPYK.EXE /s
O4 - HKLM\..\RunServices: [IPEN32.EXE] C:\WINDOWS\IPEN32.EXE /s
O4 - HKLM\..\RunServices: [NTGQ.EXE] C:\WINDOWS\SYSTEM\NTGQ.EXE /s
O4 - HKLM\..\RunServices: [CRRP32.EXE] C:\WINDOWS\SYSTEM\CRRP32.EXE /s
O4 - HKLM\..\RunServices: [IPXR32.EXE] C:\WINDOWS\SYSTEM\IPXR32.EXE /s
O4 - HKLM\..\RunServices: [JAVAQV32.EXE] C:\WINDOWS\SYSTEM\JAVAQV32.EXE /s
O4 - HKLM\..\RunServices: [SDKCC32.EXE] C:\WINDOWS\SDKCC32.EXE /s
O4 - HKLM\..\RunServices: [APPPW32.EXE] C:\WINDOWS\APPPW32.EXE /s
O4 - HKLM\..\RunServices: [MSLS32.EXE] C:\WINDOWS\SYSTEM\MSLS32.EXE /s
O4 - HKLM\..\RunServices: [ADDMS.EXE] C:\WINDOWS\ADDMS.EXE /s
O4 - HKLM\..\RunServices: [NETJS.EXE] C:\WINDOWS\SYSTEM\NETJS.EXE /s
O4 - HKLM\..\RunServices: [SYSWG.EXE] C:\WINDOWS\SYSWG.EXE /s
O4 - HKLM\..\RunServices: [IPOO32.EXE] C:\WINDOWS\SYSTEM\IPOO32.EXE /s
O4 - HKLM\..\RunServices: [SDKKP32.EXE] C:\WINDOWS\SDKKP32.EXE /s
O4 - HKLM\..\RunServices: [NTGL32.EXE] C:\WINDOWS\SYSTEM\NTGL32.EXE /s
O4 - HKLM\..\RunServices: [MFCQO.EXE] C:\WINDOWS\MFCQO.EXE /s
O4 - HKCU\..\Run: [Eoop] C:\Program Files\swpt\door.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\PROGRAM FILES\SPYWARE CLEANER\SPYWARECLEANER.Exe" /boot
O4 - Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender\Defender Pro Firewall\KAVPF.exe
O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - User Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender\Defender Pro Firewall\KAVPF.exe
O4 - User Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - User Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O13 - WWW. Prefix: http://
O15 - Trusted Zone: http://*.msn.com (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://presence.game...og/y/fs10_x.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v44/sol/sol.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...38774/enter.cab