Jump to content


Photo

about blank as start page


  • This topic is locked This topic is locked
16 replies to this topic

#1 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 June 2004 - 08:57 AM

Any ideas? Here's my log.

Logfile of HijackThis v1.97.7
Scan saved at 12:20:18 AM, on 6/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\DOWNLOADWIZARD\DOWNLOADWIZARD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\ALURIA SOFTWARE\ASE\ASE SCHEDULER.EXE
C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\U5K3QX0X\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spywarein...oads.php?cat=sp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spywarein...oads.php?cat=sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {9EE31137-999E-4A2F-8BF6-9C7B711696F2} - C:\WINDOWS\SYSTEM\NCLOICB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalr...zard3.0.4.3.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate....nloads/outc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?37874.4671875
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.ho...ex/HMAtchmt.ocx
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab

#2 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 June 2004 - 09:20 AM

Must add that I tried spybot, Norton, adaware, CWS Shredder, which did not detect about:blank. The only thing that made a difference was Spy Sweep, which continues to detect the trojan, but not eliminate it. But when I bring up Internet Explorer, the SpySweep software gives me the option of "restoring" my intended home page or to "keep new" about blank.

When I choose "restore," I am able to navigate the way I want, but the spyware keeps causing problems.

#3 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 June 2004 - 10:14 PM

bump

#4 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 21 June 2004 - 08:09 AM

bump

#5 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 21 June 2004 - 10:04 AM

The fix is a bit different for WinME.
I will be glad to help you after I close a few threads that I am currently working on.
In the meantime, please keep Adaware updated (There was one yesterday.) and I will get back to you.
Microsoft MVP - Consumer Security

#6 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 21 June 2004 - 04:57 PM

Tried new version of Ad Aware and did not help. It seems that cause is hidden. Any help?

#7 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 21 June 2004 - 06:56 PM

Hi, BP2004,
Thanks for being patient.
Be sure that your HJT is in its own permanent folder:
To create a folder:
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have C:\HJT\ folder.

Also make sure your computer is configured to view all folders:
http://www.xtra.co.n...1916458,00.html

Reboot into Safemode.
Reboot into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Open HJT, scan, and check to fix the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank


Reboot.

Download: "StartDreck", from here:
http://www.niksoft.a.../startdreck.htm

Unzip to its own folder and start the program,

Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'

Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Post the log in this thread.
Then I should be able to see the hidden file, and we can proceed.
Microsoft MVP - Consumer Security

#8 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 22 June 2004 - 11:58 AM

Thanks bugbatter, I follow everything you are recommending, but being that I'm not a techie, just how does one open a zip file to another folder and then get it to work? I've tried that, but it seems I am missing a step.

Nevertheless, I have some good news and bad news to report on this trojan. The good news is that for now, it appears I've solved the problem, but the bad news is I am afraid it will come back in a few hours. The reason is based on the fact that my computer will not allow me access to spywareinfo.com's web site. I am writing this message from another uninfected machine.

That said, here's what I did to get this far: deleted the TEMP file contents, all cookies, recycle bin, temporary internet files, etc. while in SAFE Mode. Shut down the machine. Wait. Bring it back up, only going from the START menu into restoring the machine to its settings from last Thursday, the day before I was infected.

Immediately, everything went back to normal, the machine is running fast and it seems like there's no problem. I can access every web site I want with one exception -- spywareinfo.com. Last night when I was making headway, about:blank seemed to shut down all access to the tech support web sites, and then all web sites.

Is it possible for this bug to be programmed to detect users trying to visit spywareinfo.com and then reacting?

In any event, I will try to follow your recommendations here, just to be safe and to head off a return of this nasty bug.

Thank you.

#9 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 22 June 2004 - 12:24 PM

Not sure if this is the universal solution, but seems to have alleviated the problem:

Reboot into safe mode by following instructions here: http://helpdesk.its....s/Safemode.html
Empty the contents of C:\WINDOWS\TEMP
------------------------------------------------------------------------
Go to "Start" > "All Programs" > "Accessories" > "System Tools" > "System Restore" and restore your computer to a date before the infection started.

Seems too simple, but it worked for three hours and counting.

#10 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 22 June 2004 - 01:39 PM

Well, things are looking up Bugbatter.

No sign of problems for a few hours. Ad-Aware and HJT did not detect any sign of CWS.

Here is my latest HJT file. Please let me know if you see anything suspicious. If not, I think we have a simple solution for many:

Logfile of HijackThis v1.97.7
Scan saved at 2:36:58 PM, on 6/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\DOWNLOADWIZARD\DOWNLOADWIZARD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\BIN\MPBTN.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalr...zard3.0.4.3.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate....nloads/outc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?37874.4671875
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.ho...ex/HMAtchmt.ocx
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab

Here is my StartDreck file for your reference:

StartDreck (build 2.1.5 public BETA) - 2004-06-22 @ 14:33:12
Platform: Windows ME (Win 4.90.3000 )

舞egistry
舞un Keys
翟urrent User
舞un
*Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
舞unOnce
聞efault User
舞un
*Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
舞unOnce
腿ocal Machine
舞un
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*PCHealth=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*AtiPTA=Atiptaxx.exe
*hpppta=C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
*NAV DefAlert=C:\PROGRA~1\NORTON~1\DEFALERT.EXE
*Norton Auto-Protect=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
*Adaptec DirectCD=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Motive SmartBridge=C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*CreateCD=C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
*Installed=1
*Installed=1
*NoChange=1
*Installed=1
舞unOnce
舞unServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
**StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*ATIPOLAB=ati2evxx.exe
*TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
*MiniLog=C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
*FF0F231B=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFFE587=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFF858B=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFF8FD7=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFE19DB=C:\WINDOWS\SYSTEM\STIMON.EXE
*FFFE0753=C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
*FFFE0CBB=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
*FFFEEC87=C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
*FFFDE383=C:\WINDOWS\EXPLORER.EXE
*FFFD3347=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
*FFFC9E27=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFF3517F=C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
*FFFCAFF7=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
*FFF3286B=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*FFF343AB=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
*FFF3E96B=C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
*FFFCD963=C:\WINDOWS\SYSTEM\QTTASK.EXE
*FFFC9013=C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
*FFF3951B=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
*FFF27EE7=C:\WINDOWS\DOWNLOADWIZARD\DOWNLOADWIZARD.EXE
*FFF26E57=C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
*FFF25C9B=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*FFF1F26F=C:\WINDOWS\SYSTEM\DDHELP.EXE
*FFF194D3=C:\PROGRAM FILES\ADELPHIA ESUPPORT ASSISTANT\BIN\MPBTN.EXE
*FFF07F83=C:\WINDOWS\WUAUCLT.EXE
*FFF2EACB=C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
*FFF080D3=C:\UNZIPPED\STARTDRECK\STARTDRECK.EXE
翠pplication specific

#11 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 22 June 2004 - 02:39 PM

Glad to see that you solved your unzipping problem.

The solution is usually not this simple.
I do not see the .DLL in there at the moment, but it could be "living" in your System Restore.
It would be best to flush System Restore if you are sure that everything is working well.
Do this:
1. Right click the My Computer icon on the Desktop.
2. Click on the Performance Tab.
3. Click on the File System button.
4. Click on the Troubleshooting Tab.
5. Put a check mark next to "Disable System Restore".
6. Click the Apply button.
7. Click the Close button.
8. Click the Close button again.
9. You will be prompted to restart the computer. Click Yes.
The Restore Utility will now be disabled.
Reboot, follow steps 1-5, remove the check mark next to "Disable System Restore". Then follow the rest of the steps.
That will create a new restore point.
Then reboot. System Restore will now be enabled with the new restore point.

I'll wait a few days, and if no additional problems appear, I will close this thread.
Good Luck. :wave:
Microsoft MVP - Consumer Security

#12 BP2004

BP2004

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 23 June 2004 - 12:03 AM

Thanks for the advice once again. I did as you mentioned and it seems to be fine still. Will let you know if there are any problems.

#13 thewaronspyware

thewaronspyware

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 June 2004 - 12:41 AM

:thumbsup:

Hey man, I had the exact same problem it seems, and I did the whole system restore plan you suggested, and so far so good. I just wanted to say thanks, and let's keep our fingers crossed!

#14 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 23 June 2004 - 07:51 PM

You're welcome. :cool:
Microsoft MVP - Consumer Security

#15 mjcc

mjcc

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 June 2004 - 08:06 PM

hi, i had about: blank grab me..check out my topic under mjcc.

I added all those progeams and they helped alittle..i finally dumped (i hope) IE and downloaded mozilla and that helped more but still having issues...

#16 fugesi

fugesi

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 24 June 2004 - 11:46 AM

Hi BP2004,
Between you and Phantom , you seem to have solved it. Thanks for your help!

#17 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 03 August 2004 - 02:19 PM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button