Hey all,
starting today I started getting this problem where I can't change my internet explorer
homepage from about_:blank to anything else. I usually use hotmail as my default page,
but now every time I change it it goes right back to about_:blank.

I've done the following to try and get rid of this problem (in order and multiple
times).

1. Updated my Windows XP
2. Ran CWShredder (updated version)
3. Rebooted my computer
4. Ran CWShredder (updated version)
5. Cleared my temporary internet files, cookies and offline files.
6. Searched and deleted all my *.tmp files
7. Emptied my C:\WINDOWS\Temp folder
8. Emptied my C:\Temp folder
9. Emptied my recycle bin
10. Ran SpyBot (updated version)
11. Ran Ad-Aware (updated version)
12. Ran Panda Antivirus (updated version)
13. Ran AVG Anitvirus (free updated version)

After this I still got the same problem that came up. Some of these programs found
some viruses and other things that I deleted and/or removed. But I still find myself
with the same problem at hand. I then decided to run "Hijack This" (offline) and
this is what it gave me:Logfile of HijackThis v1.97.7
Scan saved at 5:25:35 PM, on 08/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Documents and Settings\Emil\My Documents\Emil\Download\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about_:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FB9BA0F2-3A75-4666-A4A8-FF3E7D6EB5C4} - C:\WINDOWS\System32\ngeo.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: GraphicalChat Application - http://www.onchat.com/ChatWorld/chat-signed-ie.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7667.5103240741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pu...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...ireShowdown.cab

I did this several times, that's my latest Hijack This offline log. I fixed it once while fixing some Hijack This stuff and it worked, but the problem came back a few hours later. Then I did everything AGAIN and it got fixed again, this time with system restore off, and it worked again. Evern the next morning it was fine, but now I come home from school and the problem's back again. There you go. I'm really getting mad at this problem. It's really bugging me. Any help would be greatly apreciated. Thanks again...

Dump these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about_:blank
O2 - BHO: (no name) - {FB9BA0F2-3A75-4666-A4A8-FF3E7D6EB5C4} - C:\WINDOWS\System32\ngeo.dll

I'm not sure what this is:
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent

If anything, do a start -> run -> msconfig -> on the startup tab uncheck steam. This way, if you need re-enable "steam" you can just go back there and recheck it ;-).

Steam is used for Half-Life.

Dude haha about:blank is the best home page you can have I say leave it but, hey what do I know.

I second that!

haha I agree 100%.
Vote is approved end of topic sorry haha just kidding. Yeah man I don't know why people like Home Pages in some cases yeah but, for a hardcore guru about:blank is the best thing that came to IE and/or www.bink.nu as your home page haha oops did I say that. ha

Even though about:blank could be a good homepage I still don't like knowing that there's a virus on my machine. I got rid of it numerous times with different procedures, but it seems to always come back 1 or 2 days later... Any suggestions?

First update CWShredder as I am pretty sure it has a fix for this. As well, do this. Reboot into safe mode following the instructions here. http://service1.symantec.com/SUPPORT...01052409420406 & Close all (browser) windows & have HJT fix these entries=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ngeo.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about_:blank

O2 - BHO: (no name) - {FB9BA0F2-3A75-4666-A4A8-FF3E7D6EB5C4} - C:\WINDOWS\System32\ngeo.dll

In spybot settings have it check for available Beta versions & download 1.3.6 & update it online & run it immediately after doing the above. Update Adaware & run that also. It has had 3 updates in the last 2 days.
Obviously do these updates first, then do everything in safe mode.

I did what you told me, it worked and hopefully the problem won't come back this time. Thanks again.

It came back...