• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Teh Guest

Notepad app. nuked

2 posts in this topic

So yesterday I got infected with this About:blank thing. After getting rid of that problem I went to open a text file in notepad when I noticed it didn't open. I have since ran Trojan Hunter and Spysweeper and it still won't open. Any help or suggestions is greatly appreciated! here's my HijackThis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 2:23:03 PM, on 7/13/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\CTSvcCDA.EXE

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\soundman.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Microsoft Encarta\Encarta Reference Library DVD 2003\EDICT.EXE

C:\WINNT\system32\wuauclt.exe

C:\Documents and Settings\colin\Desktop\Internet Explorer.EXE

C:\Program Files\Winamp3\Winamp\winamp.exe

C:\Documents and Settings\colin\My Documents\My eBooks\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\colin\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\colin\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\colin\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\colin\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {26D43176-EED0-460E-AEBF-6BAC5B456A11} - C:\WINNT\system32\dckfo.dll (file missing)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: Sidesearch (HKLM)

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7520.9043402778

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2E15B639-1AE0-4EDD-AC11-9C8AA8022397}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2E15B639-1AE0-4EDD-AC11-9C8AA8022397}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{2E15B639-1AE0-4EDD-AC11-9C8AA8022397}: NameServer = 192.168.0.1

Share this post


Link to post
Share on other sites

Yes, it was a spyware problem. Some spyware/trojans, etc. directly target notepad.exe and other important windows files (.dll files, etc.)

and replace them with more trojans (pests).

It looks like you may still have the "about blank" traces in your computer.

Do you have Spybot S&D? If so, go to the advanced mode, click on Tools/Browser Pages. If you see any "About Blank" items (Or any others of which you don't approve), use the change button to put back

your original search pages.

You may need to run your anti-virus software and Ad-Aware in safe mode, delete accordingly, and when you're sure your system is clean, you can begin a repair on notepad. With that, you have two options:

1. You can delete what is left of the corrupt notepad.exe and download a new copy at http://www.spywareinfo.com/~merijn

(Click on Windows Files at the far left.) OR,

You can use your SFC tool (System File Checker) to examine your important windows files and replace/restore what has been damaged.

Then, you can retrieve a clean, valid copy of notepad.exe to paste into your

Windows/dllcache and Windows/system32 (Where it should be to begin with.) It looks like you may have some damaged .dll files anyway from looking at your log file.

Also, an extra tip: I noticed you have quite a few tasks running, which can hinder your computer's performance/speed. You can safely end

them to improve functioning. (You can go into start/run/msconfig/startup and see how many programs are running. It is up to you what you keep running. (For myself, I only keep my anti-virus running at startup.) Less=faster!

From task manager,

It is safe to disable CTSvcCDA.EXE

[because with modern CD-ROM drives (36-speed and above) this task is of no use to any system.]

It is o.k. to disable mspmspsv.exe because it uses a lot of memory.

Try these and hopefully, the prob. will be solved.

P.S. Here is a link to a free online virus scan:

http://www.pandasoftware.com/activescan/ac...2&Country=63&...

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0