• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
BP2004

about blank as start page

17 posts in this topic

Any ideas? Here's my log.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:20:18 AM, on 6/20/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\ATI2EVXX.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\WINDOWS\DOWNLOADWIZARD\DOWNLOADWIZARD.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\PROGRAM FILES\ALURIA SOFTWARE\ASE\ASE SCHEDULER.EXE

C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\BIN\MPBTN.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\WUAUCLT.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\U5K3QX0X\HIJACKTHIS[1].EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spywareinfo.com/downloads.php?cat=sp

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spywareinfo.com/downloads.php?cat=sp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {9EE31137-999E-4A2F-8BF6-9C7B711696F2} - C:\WINDOWS\SYSTEM\NCLOICB.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON

O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\RunServices: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37874.4671875

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab

Share this post


Link to post
Share on other sites

Must add that I tried spybot, Norton, adaware, CWS Shredder, which did not detect about:blank. The only thing that made a difference was Spy Sweep, which continues to detect the trojan, but not eliminate it. But when I bring up Internet Explorer, the SpySweep software gives me the option of "restoring" my intended home page or to "keep new" about blank.

 

When I choose "restore," I am able to navigate the way I want, but the spyware keeps causing problems.

Share this post


Link to post
Share on other sites

The fix is a bit different for WinME.

I will be glad to help you after I close a few threads that I am currently working on.

In the meantime, please keep Adaware updated (There was one yesterday.) and I will get back to you.

Share this post


Link to post
Share on other sites

Hi, BP2004,

Thanks for being patient.

Be sure that your HJT is in its own permanent folder:

To create a folder:

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".

Now you have C:\HJT\ folder.

 

Also make sure your computer is configured to view all folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Reboot into Safemode.

Reboot into safe mode, this way:

Turn on the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Open HJT, scan, and check to fix the following items:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

 

Reboot.

 

Download: "StartDreck", from here:

http://www.niksoft.at/download/frames.htm?.../startdreck.htm

 

Unzip to its own folder and start the program,

 

Press 'Config'

Press 'Unmark All'

 

Check the following boxes only:

Registry -> Run Keys

System/drivers> Running processes

Press 'Ok'

 

Press 'Save' and select the location to save the log file

(default is the same folder as the application)

 

Post the log in this thread.

Then I should be able to see the hidden file, and we can proceed.

Share this post


Link to post
Share on other sites

Thanks bugbatter, I follow everything you are recommending, but being that I'm not a techie, just how does one open a zip file to another folder and then get it to work? I've tried that, but it seems I am missing a step.

 

Nevertheless, I have some good news and bad news to report on this trojan. The good news is that for now, it appears I've solved the problem, but the bad news is I am afraid it will come back in a few hours. The reason is based on the fact that my computer will not allow me access to spywareinfo.com's web site. I am writing this message from another uninfected machine.

 

That said, here's what I did to get this far: deleted the TEMP file contents, all cookies, recycle bin, temporary internet files, etc. while in SAFE Mode. Shut down the machine. Wait. Bring it back up, only going from the START menu into restoring the machine to its settings from last Thursday, the day before I was infected.

 

Immediately, everything went back to normal, the machine is running fast and it seems like there's no problem. I can access every web site I want with one exception -- spywareinfo.com. Last night when I was making headway, about:blank seemed to shut down all access to the tech support web sites, and then all web sites.

 

Is it possible for this bug to be programmed to detect users trying to visit spywareinfo.com and then reacting?

 

In any event, I will try to follow your recommendations here, just to be safe and to head off a return of this nasty bug.

 

Thank you.

Share this post


Link to post
Share on other sites

Not sure if this is the universal solution, but seems to have alleviated the problem:

 

Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resn...s/Safemode.html

Empty the contents of C:\WINDOWS\TEMP

------------------------------------------------------------------------

Go to "Start" > "All Programs" > "Accessories" > "System Tools" > "System Restore" and restore your computer to a date before the infection started.

 

Seems too simple, but it worked for three hours and counting.

Share this post


Link to post
Share on other sites

Well, things are looking up Bugbatter.

 

No sign of problems for a few hours. Ad-Aware and HJT did not detect any sign of CWS.

 

Here is my latest HJT file. Please let me know if you see anything suspicious. If not, I think we have a simple solution for many:

 

Logfile of HijackThis v1.97.7

Scan saved at 2:36:58 PM, on 6/22/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\ATI2EVXX.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\WINDOWS\DOWNLOADWIZARD\DOWNLOADWIZARD.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\BIN\MPBTN.EXE

C:\WINDOWS\WUAUCLT.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\HIJACK THIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON

O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37874.4671875

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab

 

Here is my StartDreck file for your reference:

 

StartDreck (build 2.1.5 public BETA) - 2004-06-22 @ 14:33:12

Platform: Windows ME (Win 4.90.3000 )

 

»Registry

»Run Keys

»Current User

»Run

*Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

»RunOnce

»Default User

»Run

*Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

»RunOnce

»Local Machine

»Run

*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun

*PCHealth=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

*SystemTray=SysTray.Exe

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*AtiPTA=Atiptaxx.exe

*hpppta=C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON

*NAV DefAlert=C:\PROGRA~1\NORTON~1\DEFALERT.EXE

*Norton Auto-Protect=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

*Adaptec DirectCD=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE

*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

*Motive SmartBridge=C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe

*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

*CreateCD=C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

*Installed=1

*Installed=1

*NoChange=1

*Installed=1

»RunOnce

»RunServices

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

**StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe

*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE

*ATIPOLAB=ati2evxx.exe

*TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

*MiniLog=C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service

*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

»RunServicesOnce

»RunOnceEx

»RunServicesOnceEx

»Files

»System/Drivers

»Running Processes

*FF0F231B=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFFE587=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFF858B=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFF8FD7=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFE19DB=C:\WINDOWS\SYSTEM\STIMON.EXE

*FFFE0753=C:\WINDOWS\SYSTEM\ATI2EVXX.EXE

*FFFE0CBB=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

*FFFEEC87=C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE

*FFFDE383=C:\WINDOWS\EXPLORER.EXE

*FFFD3347=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

*FFFC9E27=C:\WINDOWS\SYSTEM\SYSTRAY.EXE

*FFF3517F=C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

*FFFCAFF7=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

*FFF3286B=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

*FFF343AB=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

*FFF3E96B=C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE

*FFFCD963=C:\WINDOWS\SYSTEM\QTTASK.EXE

*FFFC9013=C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE

*FFF3951B=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

*FFF27EE7=C:\WINDOWS\DOWNLOADWIZARD\DOWNLOADWIZARD.EXE

*FFF26E57=C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

*FFF25C9B=C:\WINDOWS\SYSTEM\WMIEXE.EXE

*FFF1F26F=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFF194D3=C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\BIN\MPBTN.EXE

*FFF07F83=C:\WINDOWS\WUAUCLT.EXE

*FFF2EACB=C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

*FFF080D3=C:\UNZIPPED\STARTDRECK\STARTDRECK.EXE

»Application specific

Share this post


Link to post
Share on other sites

Glad to see that you solved your unzipping problem.

 

The solution is usually not this simple.

I do not see the .DLL in there at the moment, but it could be "living" in your System Restore.

It would be best to flush System Restore if you are sure that everything is working well.

Do this:

1. Right click the My Computer icon on the Desktop.

2. Click on the Performance Tab.

3. Click on the File System button.

4. Click on the Troubleshooting Tab.

5. Put a check mark next to "Disable System Restore".

6. Click the Apply button.

7. Click the Close button.

8. Click the Close button again.

9. You will be prompted to restart the computer. Click Yes.

The Restore Utility will now be disabled.

Reboot, follow steps 1-5, remove the check mark next to "Disable System Restore". Then follow the rest of the steps.

That will create a new restore point.

Then reboot. System Restore will now be enabled with the new restore point.

 

I'll wait a few days, and if no additional problems appear, I will close this thread.

Good Luck. :wave:

Share this post


Link to post
Share on other sites

Thanks for the advice once again. I did as you mentioned and it seems to be fine still. Will let you know if there are any problems.

Share this post


Link to post
Share on other sites

:thumbsup:

 

Hey man, I had the exact same problem it seems, and I did the whole system restore plan you suggested, and so far so good. I just wanted to say thanks, and let's keep our fingers crossed!

Share this post


Link to post
Share on other sites

hi, i had about: blank grab me..check out my topic under mjcc.

 

I added all those progeams and they helped alittle..i finally dumped (i hope) IE and downloaded mozilla and that helped more but still having issues...

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0