• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
trollafrogg

yes ! it's about/blank !!!!!!!!!

6 posts in this topic

gee i read everything and now i'm drawing an about/blank , please help.

 

after running spybot , and using my outpost firewall to give new rules to block this : 69.50.191.66 website ,and i have , at least temporarily ?? , stopped the pop-up ads when using IE6, although i am starting IE6 from windowsupdate icon, not the IE6 icon, and of course the about/blank still is refreshing itself as the homepage whenever it wants to.

[edit] i also ran GRC.com 's discombobulator and saw that DCOM had been enabled, idisabled DCOM again. also the GRC.com 's shootthemessenger reported that messenger had been enabled and i disabled messenger also.[end edit]

 

also, anti-virus keeps reporting a trojan, pandasoft online temporarily neutralized it, but upon machine reboot, it appears again in a new spot, each time as a .dll ?

 

trendmicro online virus detection is non-operable.

 

notepad was disabled. however after running a search (windows) for notepad and then running the hijackthis app, notepad appeared as the text file service for the hijackthis logfile. i was using wordpad before that for copy/paste items for review.

 

 

please help me,

 

oh yes FireFox Browser is unaffected. although niether pandasoft, trendmicro. or symantec online viruscan will work with FireFox.

 

 

i have run BHO deamon, ad-aware6, and spybot. have i left anything out of what you ask for ? please advise.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:26:31 AM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\oodag.exe

C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\URBANP~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\URBANP~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\URBANP~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\URBANP~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\URBANP~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\URBANP~1\LOCALS~1\Temp\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {BFA22763-81FB-4D91-AD5B-21153B7C8418} - C:\WINDOWS\System32\goannn.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe

O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKCU\..\Run: [uptime-Project] C:\Documents and Settings\urban peasant\My Documents\My Received Files\New Folder\client.exe

O4 - Startup: PowerReg Scheduler V3.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Trashcan (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.n....0_SILENT_2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37999.903587963

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1C243490-8BE8-49E7-866D-DCAE0C67F018}: NameServer = 206.13.28.12 206.13.31.12

O17 - HKLM\System\CS1\Services\Tcpip\..\{1C243490-8BE8-49E7-866D-DCAE0C67F018}: NameServer = 206.13.28.12 206.13.31.12

Edited by trollafrogg

Share this post


Link to post
Share on other sites

very interesting !!!!!!!!!!!

 

i checked the notepad.exe icon properties tag and have discovered that it is pointing to a new setup :

 

target type : application

 

target : C:\WINDOWS\system32\actmovie.exe

 

start in : %HOMEDRIVE%%HOMEPATH%

 

shortcut key : None

 

run : Normal window

 

also !!!!!!!!!!! under the General Tab it reports itself to be a DirectShow Setup Tool

 

 

have we a culprit ????????

Share this post


Link to post
Share on other sites

Problems with notepad and anti-virus software are a sure sign of a virus or

trojan. Many browser hijacks are also trojan driven. If you get rid of them

then the virus will reinstall them when you reboot. The dll is only part of the

problem.

Go to nai.com search for the stinger program and download and run it. If it finds

a virus delete it. You may have to reinstall your anti-virus software if it won't run.

Don't forget to update the virus data files to the latest version.

Scan your hard disks for futher viruses. Get rid of them. Then think about getting

rid of your browser hijack using ad-aware, spybot or hijackthis.

Remember if the hijack keeps returning this is a sure sign that you still have a

virus (or are visiting the same unsafe websites). Hope this helps

 

:techsupport:

Share this post


Link to post
Share on other sites

thanks for your input.

 

stinger prog did not locate a virus.

 

avg anti virus found backdoor.agent.ba trojan but will not clean it..

 

am going to use the findnfix solution given onthis forum page

 

am wondering what to do about the browser hijack located in the notepad shortcut properties.

 

wish me luck

Share this post


Link to post
Share on other sites

using the FINDnFIX prog in conjunction with the instructions found on this forum threadfollow "freeatlast" instructions seems to have worked, comp is running better and homepage is staying true as microsoft.com

 

also i did a DNS lookup on the server the pop-up ads were coming from and the office is only 30 miles from my house. the contact is named emil k. , sounds like a russian dude. should i call his home number ?

 

also to fix the NOTEPAD.EXE not found error

 

i went to START>ALL PROGRAMS>ACCESSORIES then RIGHT CLICK NOTEPAD which brings up a menu > click the "properties" tag in that menu which brings up a properties box/window> under the "SHORTCUT" tab replace "target" info with

C:\WINDOWS\NOTEPAD.EXE , then highlight and delete text in the "START IN" area { in mine it read "%HOMEDRIVE%%HOMEPATH%" > click "APPLY" button in lower lright corner of properties box/window. and NOTEPAD returns to life.

Edited by trollafrogg

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0