Having about:blank issues, here is my hijack log.NEED HELP PLZ

[toddb]

Logfile of HijackThis v1.99.0
Scan saved at 9:14:23 PM, on 1/28/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\AMERICA ONLINE 4.0A\WAOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP4,0,2,8.DLL
O2 - BHO: (no name) - {172A00E1-6381-11D9-9866-4445FA5E91BE} - C:\WINDOWS\SYSTEM\FBID.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .m14: C:\PROGRA~1\INTERN~1\plugins\NPEdoc32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O18 - Filter: text/html - {172A00E0-6381-11D9-9866-444595123425} - C:\WINDOWS\SYSTEM\FBID.DLL
O18 - Filter: text/plain - {172A00E0-6381-11D9-9866-444595123425} - C:\WINDOWS\SYSTEM\FBID.DLL

I was told by free Xoftspy scan that i had 2 trojans in some place labeled protocols\filter. will you please help me to find out what i have and if i can fix it. Thanks for any help in advance.

[Helper_Sonny]

Most the R1 things look like most of the problem , ya know cuz they say about:blank

also get ad adware...it should clear ya up by itself

[Pancake]

Hi and Welcome
Make sure to work through the fixes in the exact order its listed. Please Keep your browser closed when you are carrying out the fixes.

Make sure to run CWShreader (check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs

Then....
Run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes and selecting "fix checked".Please post a new log when finished.


Have your system set to show hidden files and folders.. HOW TO SHOW FILES. When done download Cleanup to clean out your tempory files.



Files highlighted in BLACK in the log will need to be removed from your hard drive.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {172A00E1-6381-11D9-9866-4445FA5E91BE} - C:\WINDOWS\SYSTEM\FBID.DLL
O18 - Filter: text/html - {172A00E0-6381-11D9-9866-444595123425} - C:\WINDOWS\SYSTEM\FBID.DLL
O18 - Filter: text/plain - {172A00E0-6381-11D9-9866-444595123425} - C:\WINDOWS\SYSTEM\FBID.DLL

[toddb]

Just to make sure, when I run hjt in safe mode, do i checkmark everything that hjt lists or what you listed in your post? And do I delete that one highlighted in black manually or will hjt do it for me?

[toddb]

Followed the steps provided, then rescanned. Here are the results, please let me know if I got it all. Thanks for all the help.

Logfile of HijackThis v1.99.0
Scan saved at 12:19:47 AM, on 1/29/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP4,0,2,8.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: Reminder-hpc40608.lnk = C:\HP\register\REMIND32.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\America Online 4.0a\aoltray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .m14: C:\PROGRA~1\INTERN~1\plugins\NPEdoc32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll

[Pancake]

Remove all the ones I have listed. The highlighted files you will have to delete from your hard drive manually.