Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

About Blank

Status
Not open for further replies.
s73880b

s73880b

Technical User
Dec 2, 2003
23
US
Well we have 2 pc's (1 running w2k pro and 1 xp home) that have been hijacked with the dreaded about blank homepage. Have run just about everything I can think of to remove it to no avail. We have lost the OS disc for the xp machine due to a flood-still have the OS disc for the w2k pro machine. Is there anything other than dumping the OS system I can do? Below is the file from Hijack this. Thanks, Art
Logfile of HijackThis v1.99.1
Scan saved at 1:52:56 PM, on 2/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\apiwn32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\atljm.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Documents and Settings\PAS\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kkxhr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kkxhr.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kkxhr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kkxhr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kkxhr.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kkxhr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A0B5AE4D-89E5-F22A-060E-06256A646F77} - C:\WINDOWS\mfchi32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [atlct.exe] C:\WINDOWS\system32\atlct.exe
O4 - HKLM\..\Run: [apiwn32.exe] C:\WINDOWS\apiwn32.exe
O4 - HKCU\..\Run: [EASEPAS] "C:\PASLaunch\PASLaunch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O17 - HKLM\System\CCS\Services\Tcpip\..\{8096DA83-090D-47D2-891F-432175BA6D29}: NameServer = 206.94.181.31
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Network Security Service (NSS) (?%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\atljm.exe
 
Sort by date Sort by votes
Thanks, I tried that site and there are 2 items that will not come out:
C:/WINDOWS/mfchi32.dll
C:/windows/system32/atljm.exe

I believe that the mfchi is the killer that hijacks my home page but I can not remove it! Please help! Thanks,Art
 
Upvote 0 Downvote
HijackThis (HT): Config > Misc Tools > Delete a file on reboot > navigate to and select:
C:/WINDOWS/mfchi32.dll
C:/windows/system32/atljm.exe

Leave HT this open and reboot.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sebastian42
  • Locked
  • Question
Firefox library is blank and just an icon
Replies
2
Views
134
Sebastian42
Sebastian42
debful
  • Locked
  • Question
IE9 - Favouites second level blank
Replies
2
Views
57
stentorian
stentorian
1DMF
  • Locked
  • Question
can't print twitter pages / even MS website is blank in print preview
Replies
5
Views
136
1DMF
1DMF
MichaelHooker
  • Locked
  • Question
Browser shows blank page
Replies
11
Views
91
MichaelHooker
MichaelHooker
pccarrick
  • Locked
  • Question
IE 7 A new window opened in Internet Explorer displays a blank page
Replies
3
Views
45
smah
smah

Part and Inventory Search

Sponsor

Back
Top