• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Holdem

another about:blank problem

20 posts in this topic

Hey Guys-

I've got the about:blank problem and have tried all of the fixes without success...HELP...I'm a self taught, not talented

computer user...Any explanation not in 5th grade english will probably be over my head...Thanx for any help and I really appreciate

the site!

Logfile of HijackThis v1.97.7

Scan saved at 7:37:16 AM, on 5/29/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\PROGRAM FILES\ULTIMATEBUDDY\ULTIMATEBUDDY.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE

C:\PROGRAM FILES\ULTIMATEBET\ULTIMATEBET.EXE

 

 

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\NETSCAPE.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {3F64F7E0-B13E-11D8-AB37-00A02EFDD50F} - C:\WINDOWS\SYSTEM\ILLOFFA.DLL

O4 - HKCU\..\Run: [ultimateBuddy] C:\PROGRAM FILES\ULTIMATEBUDDY\ULTIMATEBUDDY.EXE

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background

O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelprocessing.com/SafeComm...s/WalletCab.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...38135.628599537

Share this post


Link to post
Share on other sites

GoTo:

Start>run>Type:

msinfo32

*Expand: "Software Environment"

*Expand: "System hooks"

File may be listed As:

 

-Hook type: Window Procedure

-Hooked by: XXXXX.dll

-Application: RUNDLL32.EXE

-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll

-Application path: C:\WINDOWS\RUNDLL32.EXE

 

Where XXXXX..dll is the file name.

 

If So hilite And use edit>copy and post here

 

Next, Download both tools:

http://freeatlast.100free.com/StartDreck.zip

http://freeatlast.100free.com/Win98Fix.zip

 

Unzip and run StartDreck.exe:

Hit: -config

hit: -Unmark all

Check these boxes only:

*Registry->run keys

*Registry->Browser helper objects

*System/drivers> Running processes

hit >ok.

 

Use the "save" tab, to save, name and post the log!

Share this post


Link to post
Share on other sites

Thanks Free! Here's what I found on the first directive:

 

Window Procedure Wdmcpl.dll RUNDLL32.EXE C:\WINDOWS\SYSTEM\Wdmcpl.dll C:\WINDOWS\RUNDLL32.EXE

Share this post


Link to post
Share on other sites

OK- originally had some trouble w/ the Dreck download, but now got it to work...Here's what I got....Thx again!

 

StartDreck (build 2.1.5 public BETA) - 2004-05-29 @ 09:40:13

Platform: Windows 98 SE (Win 4.10.2222 A)

 

»Registry

»Run Keys

»Current User

»Run

*UltimateBuddy=C:\PROGRAM FILES\ULTIMATEBUDDY\ULTIMATEBUDDY.EXE

*SpySweeper=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

*MSMSGS=C:\Program Files\Messenger\msmsgs.exe /background

»RunOnce

»Default User

»Run

*UltimateBuddy=C:\PROGRAM FILES\ULTIMATEBUDDY\ULTIMATEBUDDY.EXE

*SpySweeper=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

*MSMSGS=C:\Program Files\Messenger\msmsgs.exe /background

»RunOnce

»Local Machine

»Run

*Installed=1

*NoChange=1

*Installed=1

*Installed=1

»RunOnce

»RunServices

»RunServicesOnce

**qeqr=rundll32 C:\WINDOWS\SYSTEM\WDMCPL.DLL,StreamingDeviceSetup

»RunOnceEx

»RunServicesOnceEx

»Browser Helper Objects (LM)

*{3F64F7E0-B13E-11D8-AB37-00A02EFDD50F}

`InprocServer32=C:\WINDOWS\SYSTEM\ILLOFFA.DLL

»Files

»System/Drivers

»Running Processes

*FFEFC0E3=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFFF777=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFF8007=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFF99C7=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFEC01F=C:\WINDOWS\RUNDLL32.EXE

*FFFE8167=C:\WINDOWS\EXPLORER.EXE

*FFF963F3=C:\WINDOWS\SYSTEM\RPCSS.EXE

*FFF9E977=C:\PROGRAM FILES\ULTIMATEBUDDY\ULTIMATEBUDDY.EXE

*FFF9A94F=C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

*FFF8ED87=C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE

*FFFBD9C3=C:\PROGRAM FILES\ULTIMATEBET\ULTIMATEBET.EXE

*FFF5F16B=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFF114E7=C:\WINDOWS\SYSTEM\SPOOL32.EXE

*FFF52FDB=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE

*FFFA7A7B=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

*FFF55503=C:\UNZIPPED\STARTDRECK\STARTDRECK\STARTDRECK.EXE

»Application specific

Share this post


Link to post
Share on other sites

Easy fix, in your case! ;)

 

File was spotted in 2/2!

 

*System hooks:

Window Procedure Wdmcpl.dll RUNDLL32.EXE

C:\WINDOWS\SYSTEM\Wdmcpl.dll C:\WINDOWS\RUNDLL32.EXE

 

 

*StartDreck log:

»RunServicesOnce

**qeqr=rundll32 C:\WINDOWS\SYSTEM\

WDMCPL.DLL,StreamingDeviceSetup

 

 

Now, unzip the

"Win98Fix.zip" you downloaded.

-DoubleClick on: 'RunFix.reg' file, Answer 'yes'

to the prompt!

-Restart computer!

 

Find and delete:

C:\WINDOWS\SYSTEM\WDMCPL.DLL file,

 

Consider the main problem solved! ;)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To fix all other, related/non related problems,

Run these tools, have them fix all problems:

*Ad-Aware6:

http://www.lavasoftusa.com/software/adaware/

 

*Updates:

http://www.lavasoftsupport.com/index.php?showtopic=28310

 

How To: Perform a "Full Scan" With Ad-aware 6 Build 181

 

*http://www.spywareinfo.com/~merijn/files/CWShredder.exe

 

Feel free to post follow up hijackthis log when done!

Good luck ;)

Share this post


Link to post
Share on other sites

The directions were awesome free, but I tried it and still got the hijack..Should I see anything on reboot to help me look for the file? I used "find files" and found it and deleted...but...no luck. I know, I know...I'm fairly certain i've done something wrong...Hang in there with me...

Share this post


Link to post
Share on other sites

You will continue and get hijacked, of course

since you have other problems.

 

If you deleted the file, your problem IS solved!

Everything else has to be taken care of by

the tools I listed above..

When done, post another hijackthis log,

and any remnants, if left can be handled then.

Share this post


Link to post
Share on other sites

OK did what u directed and here's the latest:

Logfile of HijackThis v1.97.7

Scan saved at 3:22:18 PM, on 5/29/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\PROGRAM FILES\ULTIMATEBUDDY\ULTIMATEBUDDY.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\ILLOFFA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {BBCA45F8-B15D-11D8-AB37-00A0176D6AD0} - C:\WINDOWS\SYSTEM\ILLOFFA.DLL (file missing)

O4 - HKCU\..\Run: [ultimateBuddy] C:\PROGRAM FILES\ULTIMATEBUDDY\ULTIMATEBUDDY.EXE

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background

O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelprocessing.com/SafeComm...s/WalletCab.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...38135.628599537

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Did you run both Ad-Aware and CWShredder?

Shredder would have removed these!

 

In hijackthis fix checked:

All-- *R1/*R0/*02- lines.

 

Restart computer, Run hijackthis and post another log.

Share this post


Link to post
Share on other sites

yeah Free...I ran all of it and it fixed ALOT of stuff...but i keep getting these. It's now to the point where spysweeper is blocking the homepage hijack each time it tries though it's still there. I'll do the above. Thanks again!

Share this post


Link to post
Share on other sites

SpySweeper is rather known to cause problems.

It will go on and alert you about any home page changes, and

yet unable to fix anything as advertised.

 

You should disable it till (and even after ) the

problem is resolved.

There is no need for it,

Ad Aware and Spybot are suffice, along with cwshredder.

 

When done with the steps above, reset IE options

to defaults as well as your preferred home opage.

 

FYI, this is what an infected and--later disinfected Win98

with --identical problem looks like! (minus Spy~Bloat~$weeper :ph34r:

 

http://www.spywareinfoforum.com/index.php?showtopic=2978&hl=

Share this post


Link to post
Share on other sites

Free-

THANX VERY VERY MUCH!!! The problem now appears fixed! I'm rerunning my ad aware and others to be sure but computer is alm

Share this post


Link to post
Share on other sites

almost acting normal! I may have inadvertently deleted my sound file as there is no longer an icon on my tool bar (Read: yes, Holdem is truly a computer donkey...) If you know how to change that little issue, great, if not...I can't thank you enough for the help!!! I WAS SO FRUSTRATED! Gracias...

Share this post


Link to post
Share on other sites

Free-

 

My computer is much happier now!!!! And so am I! Thanx so much!!! the problems seem to have been solved, and i've removed the spware sweeper as directed. I'm still a donkey though and somehow managed to delete my sound...No volume control, sound icon on toolbar, etc. I don't know how, but i've learned more about computers in the last several hours, so EVERYTHING is a stretch.(LOL). If you know how to fix, awesome...if no, no worries as you've been such a HUUUUUGE help! Either way, take care...Holdem

Share this post


Link to post
Share on other sites
I'm still a donkey though and somehow

managed to delete my sound...No volume

control, sound icon on toolbar, etc

Start menu->Settings->Control panel.

Multimedia-> under the audio tab: (lower panel)

"Show volume control on the task bar..."

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0