Hi, I have a lot of syware on my computer that I need to get rid of. I have this about:blank page that comes up with pop ups everytime I open internet explorer. I've used HJT but when I remove the ones, they, re-appear. Any other suggestions would be great. I've used Adaware/CWSshreader/virus scanned with AVG. Anything else? Thanks!

Nick Relf, be aware that ME and XP both have a feature called 'Restore'. A nasty (virus, spyware, etc) can hide there and since it is a 'Windows' file, Windows won't allow any alteration so long as it is active. The registry gets re-written on the next bootup and the last successful boot is used and since nasties don't count, the boot appears to be sucessful, thus a 'nasty' gets replicated. The solution is simple (assuming that's the problem), TEMPORARILY disable Restore (in order to 'unprotect'), scan/clean, re-enable restore and try again. May have to reboot. During the disable process, you will destroy ALL your restore points, thus some folks disagree with that fix, feeling that any restore point (even a corrupted one!) is better than none at all. You can sidestep that pitfall by creating a new restore point as soon as you have a clean machine. FWIW, I have used it on both ME & XP Pro with no lasting ill effects. HTH. Ed in Texas.

http://www.freedownloadmanager.org/ I recently changed the download accelerator program I used for a copy of the Free Download Manager program.When I run AdAware or Spybot with this program installed, I now get an occasional cookie(generally harmless)to remove rather than a long list of registry modifications that reappear on the next computer boot to the web.I used to have DAP(Download Accelerator Plus)which makes a living from the publicity it carries.The program is 'good' if you can suffer the drawbacks.The free download manager version from above site has no marketing and makes no modifications to the registry while in use.I agree with ED about destroying old restore save points can help.You should not forget to re-enable the restore function on the next boot up.Good luck.

Hi, Thanks for your help so far. You say, "The solution is simple (assuming that's the problem), TEMPORARILY disable Restore" How do I disable it, and where is it on my computer?? Thanks. Nick

Ok, i've just found out how to disable it, and went to do so, and it was already disabled?!?! Weird. Could a virus/spyware etc have done it? My HJT log is as follows: (Notice the search bars!) Logfile of HijackThis v1.99.1 Scan saved at 19:07:38, on 23/03/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.exe C:\WINDOWS\SYSTEM\SSDPSRV.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PQSC\PROGRAM\SCTRAY.exe C:\WINDOWS\SYSTEM\HPZTSB05.exe C:\WINDOWS\RUNDLL32.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.exe C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.exe C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FDM.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe C:\PROGRAM FILES\BT VOYAGER\BT VOYAGER WIRELESS\WLM.exe C:\WINDOWS\DESKTOP\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {2847A984-C9AC-40C1-9987-AE99AD84F701} - C:\WINDOWS\SYSTEM\DCPK.DLL O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe O4 - HKLM\..\Run: [SharedFolder] C:\WINDOWS\TEMP\{34DB8A8D-73CD-11D6-BD16-0050BA11CC04}\NetShare.exe add SHARED "C:\Program Files\BT Voyager\BT Voyager Wireless\SHARED" O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.exe O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background O4 - Startup: BT Voyager Wireless Utility.lnk = C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O18 - Filter: text/html - {7CBCA769-DE97-459B-BABE-3DCFE470DB1C} - C:\WINDOWS\SYSTEM\DCPK.DLL O18 - Filter: text/plain - {7CBCA769-DE97-459B-BABE-3DCFE470DB1C} - C:\WINDOWS\SYSTEM\DCPK.DLL When I select "fix", it works fine. I then re-booted the machine, and scanned again, and they're still there. Any ideas? Thanks!

Nick, "I've used HJT but when I remove the ones, they, re-appear" What have you and/or any utilities removed? With knowing what it is, might help to eradicate it. Is your Ad-Aware updated? Have you tried Spybot Search & Destroy? What are the pop-ups?

RrRrRrRr I hate when that happens. Nothing there, and bam I post mine and there it is. Nick, I don't recall/see where anyone asked you to post your log. Have you tried an on-line scan of your system? Panda ActiveScan - Free Antivirus Online A quick look I see se.dll, filter text, ect. I'll repeat, what have you tried to removed?