• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Brian in VA

about:blank has control of my homepage

8 posts in this topic

I have read the FAQ's provided and went through each of the steps with IE screens closed, but I cannot get ride of about:blank. Here is my log:

 

Logfile of HijackThis v1.97.7

Scan saved at 1:00:05 PM, on 5/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE

C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\KGEEO.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\KGEEO.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\KGEEO.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\KGEEO.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\KGEEO.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\KGEEO.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {29FAB469-B230-11D8-BC29-AA0FF9573C50} - C:\WINDOWS\SYSTEM\KGEEO.DLL

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.att.net

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?url=http://66.117.38.54:80/dexUS616.exe

Share this post


Link to post
Share on other sites
I have

read the FAQ's provided and went through each

of the steps with IE screens closed, but I cannot

get ride of about:blank.  Here is my log:

 

Logfile of HijackThis v1.97.7

Scan saved at 1:00:05 PM, on 5/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Which steps did you follow?

 

FIRST, go here:

http://windowsupdate.microsoft.com

 

Scan and apply any and all security

patches on offer, including but not limited to

the latest and current version of IE6/SP1.

 

Your current and notably outdated version can't be fixed.

 

When you have done all that, rescan with

hijackthis and fix checked this Xpl0it:

 

*O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?url=http://66.117.38.54:80/dexUS616.exe

 

Next,

GoTo:

Start>run>Type:

msinfo32

*Expand: "Software Environment"

*Expand: "System hooks"

File may be listed As:

 

-Hook type: Window Procedure

-Hooked by: XXXXX.dll

-Application: RUNDLL32.EXE

-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll

-Application path: C:\WINDOWS\RUNDLL32.EXE

 

Where XXXXX..dll is the file name.

 

If So hilite And use edit>copy and post here

 

Next, Download both tools:

http://freeatlast.100free.com/StartDreck.zip

http://freeatlast.100free.com/Win98Fix.zip

 

Unzip and run StartDreck.exe:

Hit: -config

hit: -Unmark all

Check these boxes only:

*Registry->run keys

*Registry->Browser helper objects

*System/drivers> Running processes

hit >ok.

 

Use the "save" tab, to save, name and post the log!

Share this post


Link to post
Share on other sites

I did each download, although the http://freeatlast.100free.com/Win98Fix.zip was not available. Here is the information requested:

 

Keyboard Wnhooks.dll WNCONNECT.EXE C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\Wnhooks.dll C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE

Mouse Wnhooks.dll WNCONNECT.EXE C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\Wnhooks.dll C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE

 

 

StartDreck (build 2.1.5 public BETA) - 2004-05-30 @ 17:04:31

Platform: Windows 98 (Win 4.10.1998 )

 

»Registry

»Run Keys

»Current User

»Run

»RunOnce

»Default User

»Run

»RunOnce

»Local Machine

»Run

*EnsoniqMixer=starter.exe

»RunOnce

»RunServices

*SchedulingAgent=mstask.exe

»RunServicesOnce

»RunOnceEx

»RunServicesOnceEx

»Browser Helper Objects (LM)

*{29FAB469-B230-11D8-BC29-AA0FF9573C50}

`InprocServer32=C:\WINDOWS\SYSTEM\KGEEO.DLL

»Files

»System/Drivers

»Running Processes

*FFEFA03D=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFFF795=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFFE105=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFFCCE5=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFFCFBD=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFFD7BB5=C:\WINDOWS\SYSTEM\PSTORES.EXE

*FFFDFC59=C:\WINDOWS\SYSTEM\MSTASK.EXE

*FFFD6ED1=C:\WINDOWS\EXPLORER.EXE

*FFFD7485=C:\WINDOWS\STARTER.EXE

*FFFDEC79=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE

*FFFC643D=C:\WINDOWS\SYSTEM\SPOOL32.EXE

*FFFCED71=C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE

*FFFC9F61=C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE

*FFFB7551=C:\WINDOWS\SYSTEM\TAPISRV.EXE

*FFFB5C61=C:\WINDOWS\SYSTEM\RNAAPP.EXE

*FFFA9555=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE

*FFFA5801=C:\UNZIPPED\STARTDRECK[1]\STARTDRECK\STARTDRECK.EXE

*FFFBCEB1=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

»Application specific

Share this post


Link to post
Share on other sites

You don't seem to have the same problem

 

Downlod the 'Win98Fix.zip' from here:

http://freeatlast.100free.com/index.html

 

Unzip, -DoubleClick on: 'RunFix.reg' file, Answer 'yes'

to the prompt!

-Restart computer!

 

DoubleClick on the 'who.bat' file included.

'badfile.txt' should be found in the same

folder, unless empty, copy it's contents here.

 

 

Run these tools, have them fix all problems:

*Ad-Aware6:

http://www.lavasoftusa.com/software/adaware/

 

*Recent Updates:

http://www.lavasoftsupport.com/index.php?showtopic=28310

 

How To: Perform a "Full Scan" With Ad-aware 6 Build 181

 

*http://www.spywareinfo.com/~merijn/files/CWShredder.exe

 

 

When done with the above, restart in Safe mode and do 'find-files' for:

KGEEO.DLL

Delete when/if found.

 

Post another hijackthis log when done.

Share this post


Link to post
Share on other sites

I did everything. I did not find anything for the 'badfile.text' or KGEEO.DLL. Here is my log:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:42:31 PM, on 5/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE

C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8137.4680439815

Share this post


Link to post
Share on other sites

Well done

 

Just fix this in hijackthis:

*R1 - HKCU\Software\Microsoft\Internet Explorer\

Main,HomeOldSP = about:blank

 

Keep your Win98 out of trouble... :)

Share this post


Link to post
Share on other sites

Thank you for your patience with someone who turns on his desktop and expects it to work everytime without much thought into its care. I could never have corrected this without your help. Thank you again.

 

Brian :bounce:

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0