• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
plaing

about: blank constant reset of homepage

7 posts in this topic

Greetings All:

I have run Adaware, spy sweeper and Spybot S&D and AVG. Visiting www.rumormillnews.com seems to set this off even more.

 

Spy sweeper notifies me all the time that my homepage has been reset but about:blank often appears as a pop-up.

 

thank you for your help. My hijack this log is below:

 

Logfile of HijackThis v1.97.7

Scan saved at 7:25:03 PM, on 7/1/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\SYMANTEC\ACT\SIDEACT.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\MY DOCUMENTS\HIJACKTHIS FOLDER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL

O2 - BHO: (no name) - {4520A881-C004-11D8-B5A3-4445662203F5} - C:\WINDOWS\SYSTEM\AOK.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [spywareGuard] C:\WINDOWS\SYSTEM32\WINPROC32.EXE

O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe

O4 - Startup: Shockwave Init.lnk = C:\WINDOWS\SYSTEM\MACROMED\shockwave\swinit.exe

O4 - Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7996.0299537037

Share this post


Link to post
Share on other sites

Thank you Fist:

 

I had problems with the fix. I got as far as Step 5 in BobO's procedure. When I checked in System Hooks there were "no items to display in this catagory". It appears that I can not continue until I find out what or where I can find the offending file(s).

 

I also am not that computer saavy so I don't know about how to Command Safe Prompt Mode or reboot in Windows Safe Mode.

 

How should I proceed?

 

thank you to any one that can tell me what to do from here

 

Plaing

Share this post


Link to post
Share on other sites

plaing:

 

Try Rubber Ducky's fix - about:buster HERE. Post the about:buster log and a new hijack this log.

 

If that doesn't work your best option is to go into MSDOS mode (in windows ME it can be found in Start -> Programs -> Accessories -> MSDOS Prompt). That may work in '98 or you can try Start -> Run and type "cmd" (without the quotes).

 

From the MSDos prompt, type "cd c:\windows\system" (no quotes) and then type "dir *.dll |more" (no quotes). Note that there is a space between dir and * and a space between .dll and |. Also note that the | key is [shift]\ (e.g. hit the shift key and the \ key). Using the space bar to scroll through the list of files, look for a file that is dated recently (e.g. June 2004) and is 57,334 bytes. That will be your file. If you find the file, post back the name, size and date of the file and I will walk you through the process of deleting it.

 

Good Luck.

Share this post


Link to post
Share on other sites

Dear Fist:

I downloaded the About: Buster fix and ran the scan. The box that appeared in the white box said: "Run-time error '53' File not found".

 

The Hijack This log is:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:06:18 AM, on 7/3/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\SYMANTEC\ACT\SIDEACT.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\MY DOCUMENTS\HIJACKTHIS FOLDER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL

O2 - BHO: (no name) - {4520A881-C004-11D8-B5A3-4445662203F5} - C:\WINDOWS\SYSTEM\AOK.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [spywareGuard] C:\WINDOWS\SYSTEM32\WINPROC32.EXE

O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe

O4 - Startup: Shockwave Init.lnk = C:\WINDOWS\SYSTEM\MACROMED\shockwave\swinit.exe

O4 - Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7996.0299537037

 

Fist, I hope I did this right so far. Thank you for your help

 

plaing

Share this post


Link to post
Share on other sites

=== Find Name of Hidden dll ===

Download: "StartDreck", from here:

http://members.blackbox.net/hp_links/21/ni.../startdreck.htm

http://www.niksoft.at/download/startdreck.htm

 

Unzip to its own folder and start the program,

 

Press 'Config'

Press 'Unmark All'

 

Check the following boxes only:

Registry -> Run Keys

System/drivers> Running processes

Press 'Ok'

 

Press 'Save' and select the location to save the log file

(default is the same folder as the application)

 

Post the log in this thread.

Share this post


Link to post
Share on other sites

thank you Lo Phat:

Here is the log for StartDreck.log. How should I proceed now?

 

Plaing

 

 

 

StartDreck (build 2.1.5 public BETA) - 2004-07-06 @ 23:49:06

Platform: Windows 98 (Win 4.10.1998 )

 

»Registry

»Run Keys

»Current User

»Run

*SpySweeper=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

*SpywareGuard=C:\WINDOWS\SYSTEM32\WINPROC32.EXE

»RunOnce

»Default User

»Run

*SpySweeper=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

*SpywareGuard=C:\WINDOWS\SYSTEM32\WINPROC32.EXE

»RunOnce

»Local Machine

»Run

*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun

*TaskMonitor=C:\WINDOWS\taskmon.exe

*SystemTray=SysTray.Exe

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*QuickTime Task=C:\WINDOWS\SYSTEM\QTTASK.EXE

*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

*AVG_CC=C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

»RunOnce

»RunServices

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*SchedulingAgent=mstask.exe

*Avgserv9.exe=C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

»RunServicesOnce

»RunOnceEx

»RunServicesOnceEx

»Files

»System/Drivers

»Running Processes

*FFCF2FD9=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFFDB41=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFFECF1=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFFF9DD=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFE414D=C:\WINDOWS\SYSTEM\MSTASK.EXE

*FFFE54C9=C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

*FFFE7EDD=C:\WINDOWS\EXPLORER.EXE

*FFFD217D=C:\WINDOWS\TASKMON.EXE

*FFFD3169=C:\WINDOWS\SYSTEM\SYSTRAY.EXE

*FFFD9791=C:\WINDOWS\SYSTEM\QTTASK.EXE

*FFFDADC5=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

*FFFDBC21=C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

*FFFC5E71=C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

*FFFC1415=C:\PROGRAM FILES\SYMANTEC\ACT\SIDEACT.EXE

*FFFC036D=C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

*FFFCD219=C:\WINDOWS\SYSTEM\SPOOL32.EXE

*FFFB7829=C:\PROGRAM FILES\GRISOFT\AVG6\AVGW.EXE

*FFFB7DF1=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

*FFFBB4ED=C:\WINDOWS\SYSTEM\RNAAPP.EXE

*FFFEBEF9=C:\WINDOWS\SYSTEM\TAPISRV.EXE

*FFFBD0A5=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFFBA565=C:\WINDOWS\SYSTEM\PSTORES.EXE

*FFFABB9D=C:\UNZIPPED\STARTDRECK[1]\STARTDRECK.EXE

»Application specific

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0