[fernandes4]

I'm still having problems with my computer and am at my witts end. The about:blank has taken over. I emptied the temp folder but it keeps showing in this log that there's this sp.html? What's this? Does this have to do with the about:blank thing? As soon as I launch IE I get the about: blank thing and if I were to rerun this log it would show up in this log again. What should I do. The files with vanpipeline.cab and similar ones with van....I need for a vpn connection I with work. (Last time I deleted them I found out I needed them and reinstalled.) Any help is appreciated...I've about given up with this thing. I'd like to throw the computer out the window and just get a new one but my kids photos are all stored on here. Ugh!!!!!!!!!!!!!!!!!

Logfile of HijackThis v1.98.2
Scan saved at 9:46:24 PM, on 08/30/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {F84A7FB1-F747-11D8-873C-00041B30D54B} - C:\WINDOWS\SYSTEM\LKCIF.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O16 - DPF: {ABDE29F2-6F9C-11D1-9B21-0080C79EFE90} (VanLiteral.CodeSet) - file://c:\windows\TEMP\VanLiteral.CAB
O16 - DPF: {BE033B8C-722E-11D1-9B21-0080C79EFE90} (VanMessage.Message) - file://c:\windows\TEMP\VanMessage.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - file://c:\windows\TEMP\sscala32.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud13.sports....mlbst8408_x.cab
O16 - DPF: {60046ED9-8E77-11D0-9B21-0080C79EFE90} (VanGrid.VanGridCtrl) - file://c:\windows\TEMP\VanGrid.CAB
O16 - DPF: {3D82A12A-C1FA-11D0-9B21-0080C79EFE90} (VanFind.VanFindCtrl) - file://c:\windows\TEMP\vanfind.cab
O16 - DPF: {FB779381-F865-11D0-BFF8-00A024CA8C68} (VanForecastGraph.VanForecastGraphCtrl) - file://c:\windows\TEMP\vanfcast.cab
O16 - DPF: {FF1DACCD-3047-11D1-8028-00A024CA8C68} (VanPipelineGraph.VanPipelineGraphCtrl) - file://c:\windows\TEMP\vanpipeline.cab
O16 - DPF: {3CA57BA4-0497-11D2-A955-006008936C61} (VanRollupGraph.VanRollupGraphCtrl) - file://c:\windows\TEMP\vanrollup.cab
O16 - DPF: {E0DB982A-E986-11D0-B2F8-00A0247B9D10} (VanViewer.VanViewerCrtl) - file://c:\windows\TEMP\vanviewer.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = mathworks.com,dhcp.mathworks.com
O18 - Filter: text/html - {F84A7FB0-F747-11D8-873C-0004747C70D0} - C:\WINDOWS\SYSTEM\LKCIF.DLL
O18 - Filter: text/plain - {F84A7FB0-F747-11D8-873C-0004747C70D0} - C:\WINDOWS\SYSTEM\LKCIF.DLL

[Advertisements]

This hijack is more difficult to remove than most, and requires a three step process, but hang with us and we'll get rid of it.

Click here to download and install Registrar Lite. Install, run, copy and paste this line to reglite's address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

then hit the "go" tab. Find: "Appinit_Dlls" value on the right side panel, DoubleClick, copy and post here the information in the 'Value' field.

Click here or here to download FindnFix.exe by freeatlast. Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program takes a few minutes to collect the necessary information. When done post the contents of Log.txt in this thread.

[ditto]

This hijack is more difficult to remove than most, and requires a three step process, but hang with us and we'll get rid of it.

Click here to download and install Registrar Lite. Install, run, copy and paste this line to reglite's address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

then hit the "go" tab. Find: "Appinit_Dlls" value on the right side panel, DoubleClick, copy and post here the information in the 'Value' field.

Click here or here to download FindnFix.exe by freeatlast. Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program takes a few minutes to collect the necessary information. When done post the contents of Log.txt in this thread.

[fernandes4]

Thanks! I'll try the step you suggested tonight when I get home. I'm at work right now but will try the step later this evening. Hopefully my thread won't get buried by then and you'll see when I respond with the info.

-N

[fernandes4]

I have one more question for now...I'm currently running Windows98SE and am planning to install Windows XP (I bought the full version, not the update). Will installing the new o/s resolve my about:blank problems without going through the steps you suggested? Or should I clean up my machine first before I start messing with the o/s. Let me know.

Thanks!!

N

[admin]

Actually, we don't recommend using the XP upgrade. You'll get much better results reformatting and doing a fresh install of XP. This is more work, and will require you to first backup all your data, contacts, etc. Also, you'll need to reinstall all your programs. However, it's worth it, as you'll have a much better running, more stable system.

And yes, that would clear this infection from your system.

[fernandes4]

Ok, since I was planning on installing the full version anyway, I guess I'll just take that approach. Thanks so much for your response. Now...I've never installed an o/s. Where should I take that question? Or is it pretty self explanatory?


-N

[admin]

It's pretty easy, but here's a very good step-by-step guide...
http://www.blackvipe...stallxppro1.htm

[fernandes4]

I'm not ready to upgrade my o/s since I need to locate all my applications to reinstall and what not. I also need to work from home tomorrow from this computer so I'm trying to clean my machine with these instructions you gave me.

I installed Registrar Lite, and Found: "Appinit_Dlls" value - it is blank. There is nothing in the value field. Now what do I do?

N

[admin]

Continue with the rest of the instructions:

Click here or here to download FindnFix.exe by freeatlast. Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program takes a few minutes to collect the necessary information. When done post the contents of Log.txt in this thread.

[fernandes4]

I've tried findnfix. I installed it and clicked on !LOG!.bat, but then within a few seconds I get a dialog box that says:
"are you sure you want to add the info in keys1\winkey.reg to the registry?
If I click yes, I get an error stating cannot import key1\winkey.reg error opening file. There may be a disk or system error. Then it goes on to ask the same question about another key and I get the same error.

Please advise.

N

[admin]

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
O2 - BHO: (no name) - {F84A7FB1-F747-11D8-873C-00041B30D54B} - C:\WINDOWS\SYSTEM\LKCIF.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O16 - DPF: {ABDE29F2-6F9C-11D1-9B21-0080C79EFE90} (VanLiteral.CodeSet) - file://c:\windows\TEMP\VanLiteral.CAB
O16 - DPF: {BE033B8C-722E-11D1-9B21-0080C79EFE90} (VanMessage.Message) - file://c:\windows\TEMP\VanMessage.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - file://c:\windows\TEMP\sscala32.cab
O16 - DPF: {60046ED9-8E77-11D0-9B21-0080C79EFE90} (VanGrid.VanGridCtrl) - file://c:\windows\TEMP\VanGrid.CAB
O16 - DPF: {3D82A12A-C1FA-11D0-9B21-0080C79EFE90} (VanFind.VanFindCtrl) - file://c:\windows\TEMP\vanfind.cab
O16 - DPF: {FB779381-F865-11D0-BFF8-00A024CA8C68} (VanForecastGraph.VanForecastGraphCtrl) - file://c:\windows\TEMP\vanfcast.cab
O16 - DPF: {FF1DACCD-3047-11D1-8028-00A024CA8C68} (VanPipelineGraph.VanPipelineGraphCtrl) - file://c:\windows\TEMP\vanpipeline.cab
O16 - DPF: {3CA57BA4-0497-11D2-A955-006008936C61} (VanRollupGraph.VanRollupGraphCtrl) - file://c:\windows\TEMP\vanrollup.cab
O16 - DPF: {E0DB982A-E986-11D0-B2F8-00A0247B9D10} (VanViewer.VanViewerCrtl) - file://c:\windows\TEMP\vanviewer.cab
O18 - Filter: text/html - {F84A7FB0-F747-11D8-873C-0004747C70D0} - C:\WINDOWS\SYSTEM\LKCIF.DLL
O18 - Filter: text/plain - {F84A7FB0-F747-11D8-873C-0004747C70D0} - C:\WINDOWS\SYSTEM\LKCIF.DLL

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\SYSTEM\LKCIF.DLL
C:\PROGRAM FILES\PARTYPOKER

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.