• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mikedry

about:blank problems

16 posts in this topic

I cannot get rid of about:blank.

I have used CWShredder but it keeps coming back. At the moment SpyGuard is picking it up as the homepage changes but it is still very annoying. AVG also detects it but it comes back again soon afterwards.

I have posted the Hijack This! log below to see if anyone can help?

 

 

Logfile of HijackThis v1.97.7

Scan saved at 12:05:39 PM, on 5/29/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\DOWNLOADS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\LMOCEA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GDKAKAA.DLL/sp.html (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\LMOCEA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\LMOCEA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

O2 - BHO: (no name) - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\SYSTEM\pmxinit.exe -SetupRunOnce

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKLM\..\RunOnce: [PMXInit] C:\WINDOWS\SYSTEM\pmxinit.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8061.6409606481

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

 

Please help

Share this post


Link to post
Share on other sites

Hey

 

You have a dll hijacker, let's do this:

 

Step 1. Download the file from

http://downloads.subratam.org/dllfix.exe

or

http://tools.zerosrealm.com/dllfix.exe

and save it in a place you like.

 

 

-----------------------------

Step 2. The file when downloaded will be dllfix.exe.

 

 

-----------------------------

Step 3. Double-Click or Open the self-extracting file. It will ask for installation and change location. Please Keep it in BOOT drive and not in any place else. Preferable in Desktop.

 

 

-----------------------------

Step 4. Navigate to the folder with the contents of the file. You will see there are two more folders inside and two BAT files.

 

 

 

-----------------------------

Step 5. Run start.bat and you should get a screen like below.

 

Run the Option 1. for report. Which when run will have a screen like

 

Once the search is complete a ".txt" file should pop up with the name "Output.txt". Keep it. You will see there is a random dll named there if found. If you are not sure Post the log for Expert View.

Share this post


Link to post
Share on other sites

I'm sorry about that.

 

Please do this:

 

1.)

GoTo:

Start>run>Type:

msinfo32

*Expand: "Software Environment"

*Expand: "System hooks"

File may be listed As:

 

-Hook type: Window Procedure

-Hooked by: XXXXX.dll

-Application: RUNDLL32.EXE

-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll

-Application path: C:\WINDOWS\RUNDLL32.EXE

 

Where XXXXX..dll is the file name.

 

If So hilite And use edit>copy and post here

 

2.)

Download: "StartDreck", unzip!

*Don't be f00led by the site's 'unique' interface!!!

http://members.blackbox.net/hp_links/21/ni.../startdreck.htm

DoubleClick: 'StartDreck.exe'

Hit: -config

hit: -Unmark all

Check these boxes only:

Registry->run keys

System/drivers> Running processes

hit >ok.

 

Use the "save" tab, to save, name and post the log!

Share this post


Link to post
Share on other sites

Hi Again

 

1) When I went to System Hooks it said there were no items to display in this category.

 

 

2) Here is my log from startdreck

 

StartDreck (build 2.1.5 public BETA) - 2004-05-30 @ 21:01:48

Platform: Windows 98 SE (Win 4.10.2222 A)

 

»Registry

»Run Keys

»Current User

»Run

»RunOnce

»Default User

»Run

»RunOnce

»Local Machine

»Run

*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*PMXInit=C:\WINDOWS\SYSTEM\pmxinit.exe -SetupRunOnce

*AVG_CC=C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

*CriticalUpdate=C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

*Installed=1

*NoChange=1

*Installed=1

*Installed=1

»RunOnce

*PMXInit=C:\WINDOWS\SYSTEM\pmxinit.exe

»RunServices

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*SchedulingAgent=mstask.exe

*Avgserv9.exe=C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

»RunServicesOnce

»RunOnceEx

»RunServicesOnceEx

»Files

»System/Drivers

»Running Processes

*FFCF7E2F=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFF8ACB=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFFBD5B=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFFA813=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFE0D07=C:\WINDOWS\SYSTEM\MSTASK.EXE

*FFFE015F=C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

*FFFE9B4F=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFFE7E53=C:\WINDOWS\EXPLORER.EXE

*FFFEE207=C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

*FFF93947=C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE

*FFF9CB03=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

*FFF9EB4F=C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

*FFF8BEB7=C:\WINDOWS\SYSTEM\RNAAPP.EXE

*FFF8DD3B=C:\WINDOWS\SYSTEM\TAPISRV.EXE

*FFFACE2B=C:\WINDOWS\SYSTEM\PSTORES.EXE

*FFFBD6B3=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE

*FFFA0CD3=C:\PROGRAM FILES\WINRAR\WINRAR.EXE

*FFFA578B=C:\WINDOWS\TEMP\RAR$EX00.665\STARTDRECK.EXE

»Application specific

 

Hope you can Help

Thanks

Mike

Share this post


Link to post
Share on other sites

Hey

 

Ok, have hijackthis fix the following with no browser windows open:

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\LMOCEA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GDKAKAA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\LMOCEA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\LMOCEA.DLL/sp.html (obfuscated)

O2 - BHO: (no name) - {834261E1-DD97-4177-853B-C907E5D5BD6E} -C:\DPE.DLL

 

REBOOT computer. While its booting, keep tapping F8 and go into safe mode.

 

Now find the following files (if there) :

 

C:\DPE.DLL

C:\WINDOWS\SYSTEM\GDKAKAA.DLL

C:\WINDOWS\SYSTEM\LMOCEA.DLL

 

Empty recycling bin.

 

Reboot back into normal mode and post a new log.

Share this post


Link to post
Share on other sites

Yes, it's to be a little safe too, so nothing is loaded. Anyway those dll's are bad. especially dpe.dll (might already be deleted) after fixing it in hjt, which is a cws hijacker.

Share this post


Link to post
Share on other sites

Thanks Pomp,

I think this is the way to go. I had the same problem. I followed your advice and I think it worked.

Share this post


Link to post
Share on other sites

Hi Pomp

 

Did all you suggested

Could not find the 3 files to delete in safe mode.

 

Here is my new hijack this log

 

 

Logfile of HijackThis v1.97.7

Scan saved at 6:18:24 PM, on 5/31/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\DOWNLOADS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\LMOCEA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GDKAKAA.DLL/sp.html (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\SYSTEM\pmxinit.exe -SetupRunOnce

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKLM\..\RunOnce: [PMXInit] C:\WINDOWS\SYSTEM\pmxinit.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8061.6409606481

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

 

Cheers

Mike

Share this post


Link to post
Share on other sites

have hijackthis fix the following with no browser windows open:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\LMOCEA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GDKAKAA.DLL/sp.html (obfuscated)

 

Then go here http://www.spywareinfo.com/~merijn/files/CWShredder.exe download it to the desktop. Open it up. make sure its version 1.57.0 .. Uncheck the thing about the recyccling bin and then click fix--> with no browser windows open.

 

When done, restart your computer. And post a new log.

Share this post


Link to post
Share on other sites

New log file

 

 

Logfile of HijackThis v1.97.7

Scan saved at 9:28:18 PM, on 5/31/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\DOWNLOADS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\SYSTEM\pmxinit.exe -SetupRunOnce

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKLM\..\RunOnce: [PMXInit] C:\WINDOWS\SYSTEM\pmxinit.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8061.6409606481

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0