Gary_R_Snyder
asked on
about:blank
I keep getting this about:blank default home page when I open IE 6.0. I've run "Hijack this" and deleted the entry for about:blank and I've run CWShredder but it continues to return as the default home page when I open IE. Any ideas how I can get rid of this?
'about:blank' is IE's builtin standard blank page. If you want to change this, bring up the 'Internet Options' dialog (by chossing that from the 'Extras' menu) and enter the page you want to be the default there...
did you set a Home page?
go to a site, then in Tool - Internet Options, click 'Use Current' under the Home Page options.
Sorry if you've done this, but you never know.
Otherwise, is it possible that company policies are resetting your Home Page?
go to a site, then in Tool - Internet Options, click 'Use Current' under the Home Page options.
Sorry if you've done this, but you never know.
Otherwise, is it possible that company policies are resetting your Home Page?
ASKER
I've reset the home page in IE but once I close it and open it again it defaults back to about:blank again even though I entered OK to the internet option with the new page.
will you post a log for us.....
download
HijackThis
http://www.spychecker.com/program/hijackthis.html
I want to view your registry contents !
just copy and paste here next time you post
thanks,
wtrmk74
download
HijackThis
http://www.spychecker.com/program/hijackthis.html
I want to view your registry contents !
just copy and paste here next time you post
thanks,
wtrmk74
I have this issue solved couple of times using cwshredder.
Make sure to update it before running it
btw, have you checked these aswell
SpyBot-S&D : http://www.safer-networking.org/
Ad-aware : http://www.webattack.com/download/dladaware.shtml
Make sure to update it before running it
btw, have you checked these aswell
SpyBot-S&D : http://www.safer-networking.org/
Ad-aware : http://www.webattack.com/download/dladaware.shtml
ASKER
wtrmk74, how to you post a log or how can I dump the entries from the registry to post them here?
sunray, I have both the spyware products you mention and they don't detect anything.
sunray, I have both the spyware products you mention and they don't detect anything.
ASKER
Here is the log out of HijackThis if that helps:
Logfile of HijackThis v1.97.7
Scan saved at 3:04:00 PM, on 5/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon .exe
C:\WINNT\system32\services .exe
C:\WINNT\system32\lsass.ex e
C:\WINNT\system32\svchost. exe
C:\WINNT\system32\spoolsv. exe
C:\WINNT\System32\cpqalert .exe
C:\WINNT\Cpqdiag\Cpqdfwag. exe
C:\Program Files\COMPAQ\CpqWebDMI\web dmi.EXE
C:\WINNT\System32\svchost. exe
C:\Program Files\Compaq\LCRMS\LCRMS.E XE
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
C:\WINNT\system32\regsvc.e xe
C:\WINNT\system32\MSTask.e xe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZoneLabs \vsmon.exe
c:\dmi\win32\bin\Win32sl.e xe
C:\WINNT\System32\WBEM\Win Mgmt.exe
C:\WINNT\System32\mspmspsv .exe
C:\WINNT\system32\svchost. exe
C:\WINNT\System32\cpqdmi.e xe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.e xe
C:\WINNT\system32\CHKADMIN .EXE
C:\Program Files\Support.com\bin\tgcm d.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINNT\System32\spool\dr ivers\w32x 86\3\hpzts b04.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
c:\program files\mcafee.com\agent\mca gent.exe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\PROGRA~1\PANICW~1\POP-U P~1\PSFree .exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.e xe
C:\Program Files\Microsoft Office\Office\1033\msoffic e.exe
C:\PROGRA~1\Netscape\Netsc ape\Netscp .exe
C:\Documents and Settings\client\Desktop\Hi jackThis.e xe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKCU\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,AutoConfigURL = http:\\proxy:8080
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = http://proxy:8080
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,HomeOldSP = about:blank
N3 - Netscape 7: user_pref("browser.startup .homepage" , "http://www.msn.com"); (C:\Documents and Settings\client\Applicatio n Data\Mozilla\Profiles\defa ult\kxy1ge o1.slt\pre fs.js)
N3 - Netscape 7: user_pref("browser.search. defaulteng ine", "engine://C%3A%5CProgram%2 0Files%5CN etscape%5C Netscape%5 Csearchplu gins%5CSBW eb_01.src" ); (C:\Documents and Settings\client\Applicatio n Data\Mozilla\Profiles\defa ult\kxy1ge o1.slt\pre fs.js)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-D A09B51938A 6} - C:\WINNT\system32\n3tpa1.d ll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-0 7CFE51CFF1 0} - C:\Program Files\MySearch\bar\1.bin\S 4BAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIE Helper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\winnt\googletoolbar_en_ 2.0.107-bi g.dll
O2 - BHO: (no name) - {AF3EF9DF-5157-4A9E-80B7-F 96295ED909 A} - (no file)
O2 - BHO: (no name) - {D331350F-2956-43B4-8F17-5 E0488727C4 F} - C:\WINNT\system32\acdf.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radi o - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINNT\System32\msdxm.oc x
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-3 42DD80FA53 E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-0 7CFE51CFF1 0} - C:\Program Files\MySearch\bar\1.bin\S 4BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\winnt\googletoolbar_en_ 2.0.107-bi g.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcm d.exe" /server
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroChec k.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\dr ivers\w32x 86\3\hpzts b04.exe
O4 - HKLM\..\Run: [cfhjrpgr] C:\WINNT\System32\cfhjrpgr .exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs o\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs o\mcvsshld .exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age nt\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age nt\mcupdat e.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg. exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP- UP~1\PSFre e.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller. exe /startup
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Ne tscp.exe" -turbo
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.e xe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmsearch. html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmbacklin ks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmcache.h tml
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmsimilar .html
O8 - Extra context menu item: Translate Page - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmtrans.h tml
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {00000EF1-0786-4633-87C6-1 AA7A44296D A} - http://www.netpaloffers.net/NetpalOffers/Trancos/trnc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0 000C07D88C F} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B 518BB6A408 C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {52ADE293-85E8-11D2-BB22-0 0104B0EA28 1} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v7/ticker.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E B0E5584767 D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37888.3149074074
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C 18E1ADA438 9} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F B9E207A39E 6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4329/mcfscan.cab
O17 - HKLM\System\CS1\Services\T cpip\Param eters: SearchList = aerostructures.goodrich.co m,aerostru ctures.bfg .com,rohr. com
O17 - HKLM\System\CS2\Services\T cpip\Param eters: SearchList = aerostructures.goodrich.co m,aerostru ctures.bfg .com,rohr. com
O17 - HKLM\System\CCS\Services\T cpip\Param eters: SearchList = aerostructures.goodrich.co m,aerostru ctures.bfg .com,rohr. com
Logfile of HijackThis v1.97.7
Scan saved at 3:04:00 PM, on 5/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
C:\WINNT\system32\services
C:\WINNT\system32\lsass.ex
C:\WINNT\system32\svchost.
C:\WINNT\system32\spoolsv.
C:\WINNT\System32\cpqalert
C:\WINNT\Cpqdiag\Cpqdfwag.
C:\Program Files\COMPAQ\CpqWebDMI\web
C:\WINNT\System32\svchost.
C:\Program Files\Compaq\LCRMS\LCRMS.E
c:\PROGRA~1\mcafee.com\vso
C:\WINNT\system32\regsvc.e
C:\WINNT\system32\MSTask.e
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZoneLabs
c:\dmi\win32\bin\Win32sl.e
C:\WINNT\System32\WBEM\Win
C:\WINNT\System32\mspmspsv
C:\WINNT\system32\svchost.
C:\WINNT\System32\cpqdmi.e
c:\PROGRA~1\mcafee.com\vso
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.e
C:\WINNT\system32\CHKADMIN
C:\Program Files\Support.com\bin\tgcm
C:\Program Files\ahead\InCD\InCD.exe
C:\WINNT\System32\spool\dr
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\PROGRA~1\mcafee.com\vso
c:\program files\mcafee.com\agent\mca
c:\progra~1\mcafee.com\vso
C:\PROGRA~1\PANICW~1\POP-U
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.e
C:\Program Files\Microsoft Office\Office\1033\msoffic
C:\PROGRA~1\Netscape\Netsc
C:\Documents and Settings\client\Desktop\Hi
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\In
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-D
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-0
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (no name) - {AF3EF9DF-5157-4A9E-80B7-F
O2 - BHO: (no name) - {D331350F-2956-43B4-8F17-5
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radi
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-3
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcm
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroChec
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\dr
O4 - HKLM\..\Run: [cfhjrpgr] C:\WINNT\System32\cfhjrpgr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Ne
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.e
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolb
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolb
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolb
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolb
O8 - Extra context menu item: Translate Page - res://c:\winnt\GoogleToolb
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {00000EF1-0786-4633-87C6-1
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {52ADE293-85E8-11D2-BB22-0
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O17 - HKLM\System\CCS\Services\T
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
wtrmk74
I ran HiJackThis and checked the fix boxes in the items you said. And they were either fixed or removed and when I ran HiJackThis again they didn't show up. I changed the home page to be WWW.MSN.COM in the control panel which worked fine the first time, but when I went back into IE again to see if it would remain it returned back to about:blank again. When I ran HiJackThis again I noticed some of the entries came back. See the following. The entries I'm talking about are the acdf.dll entries and the about:blank entry. the others appeared to be fixed. Thanks for the help thus far.
Logfile of HijackThis v1.97.7
Scan saved at 7:33:45 PM, on 5/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon .exe
C:\WINNT\system32\services .exe
C:\WINNT\system32\lsass.ex e
C:\WINNT\system32\svchost. exe
C:\WINNT\system32\spoolsv. exe
C:\WINNT\System32\cpqalert .exe
C:\WINNT\Cpqdiag\Cpqdfwag. exe
C:\Program Files\COMPAQ\CpqWebDMI\web dmi.EXE
C:\WINNT\System32\svchost. exe
C:\Program Files\Compaq\LCRMS\LCRMS.E XE
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
C:\WINNT\system32\regsvc.e xe
C:\WINNT\system32\MSTask.e xe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZoneLabs \vsmon.exe
c:\dmi\win32\bin\Win32sl.e xe
C:\WINNT\System32\WBEM\Win Mgmt.exe
C:\WINNT\System32\mspmspsv .exe
C:\WINNT\system32\svchost. exe
C:\WINNT\System32\cpqdmi.e xe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.e xe
C:\WINNT\system32\CHKADMIN .EXE
C:\Program Files\Support.com\bin\tgcm d.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINNT\System32\spool\dr ivers\w32x 86\3\hpzts b04.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
C:\PROGRA~1\mcafee.com\age nt\mcagent .exe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\PROGRA~1\PANICW~1\POP-U P~1\PSFree .exe
C:\Program Files\Netscape\Netscape\Ne tscp.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.e xe
C:\Program Files\Microsoft Office\Office\1033\msoffic e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\client\Desktop\Hi jackThis.e xe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKCU\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = res://C:\WINNT\system32\ac df.dll/sp. html (obfuscated)
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,HomeOldSP = about:blank
N3 - Netscape 7: user_pref("browser.startup .homepage" , "http://www.msn.com"); (C:\Documents and Settings\client\Applicatio n Data\Mozilla\Profiles\defa ult\kxy1ge o1.slt\pre fs.js)
N3 - Netscape 7: user_pref("browser.search. defaulteng ine", "engine://C%3A%5CProgram%2 0Files%5CN etscape%5C Netscape%5 Csearchplu gins%5CSBW eb_01.src" ); (C:\Documents and Settings\client\Applicatio n Data\Mozilla\Profiles\defa ult\kxy1ge o1.slt\pre fs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIE Helper.ocx
O2 - BHO: (no name) - {3784B3FF-DFD4-4A7E-B0F3-D 6C86E2D585 7} - C:\WINNT\system32\acdf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\winnt\googletoolbar_en_ 2.0.107-bi g.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radi o - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINNT\System32\msdxm.oc x
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-3 42DD80FA53 E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\winnt\googletoolbar_en_ 2.0.107-bi g.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcm d.exe" /server
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroChec k.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\dr ivers\w32x 86\3\hpzts b04.exe
O4 - HKLM\..\Run: [cfhjrpgr] C:\WINNT\System32\cfhjrpgr .exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs o\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs o\mcvsshld .exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age nt\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age nt\mcupdat e.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg. exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP- UP~1\PSFre e.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller. exe /startup
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Ne tscp.exe" -turbo
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.e xe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmsearch. html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmbacklin ks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmcache.h tml
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmsimilar .html
O8 - Extra context menu item: Translate Page - res://c:\winnt\GoogleToolb ar_en_2.0. 95-big.dll /cmtrans.h tml
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {00000EF1-0786-4633-87C6-1 AA7A44296D A} - http://www.netpaloffers.net/NetpalOffers/Trancos/trnc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0 000C07D88C F} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B 518BB6A408 C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {52ADE293-85E8-11D2-BB22-0 0104B0EA28 1} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v7/ticker.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E B0E5584767 D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37888.3149074074
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C 18E1ADA438 9} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F B9E207A39E 6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4329/mcfscan.cab
I ran HiJackThis and checked the fix boxes in the items you said. And they were either fixed or removed and when I ran HiJackThis again they didn't show up. I changed the home page to be WWW.MSN.COM in the control panel which worked fine the first time, but when I went back into IE again to see if it would remain it returned back to about:blank again. When I ran HiJackThis again I noticed some of the entries came back. See the following. The entries I'm talking about are the acdf.dll entries and the about:blank entry. the others appeared to be fixed. Thanks for the help thus far.
Logfile of HijackThis v1.97.7
Scan saved at 7:33:45 PM, on 5/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
C:\WINNT\system32\services
C:\WINNT\system32\lsass.ex
C:\WINNT\system32\svchost.
C:\WINNT\system32\spoolsv.
C:\WINNT\System32\cpqalert
C:\WINNT\Cpqdiag\Cpqdfwag.
C:\Program Files\COMPAQ\CpqWebDMI\web
C:\WINNT\System32\svchost.
C:\Program Files\Compaq\LCRMS\LCRMS.E
c:\PROGRA~1\mcafee.com\vso
C:\WINNT\system32\regsvc.e
C:\WINNT\system32\MSTask.e
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZoneLabs
c:\dmi\win32\bin\Win32sl.e
C:\WINNT\System32\WBEM\Win
C:\WINNT\System32\mspmspsv
C:\WINNT\system32\svchost.
C:\WINNT\System32\cpqdmi.e
c:\PROGRA~1\mcafee.com\vso
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.e
C:\WINNT\system32\CHKADMIN
C:\Program Files\Support.com\bin\tgcm
C:\Program Files\ahead\InCD\InCD.exe
C:\WINNT\System32\spool\dr
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\PROGRA~1\mcafee.com\vso
C:\PROGRA~1\mcafee.com\age
c:\progra~1\mcafee.com\vso
C:\PROGRA~1\PANICW~1\POP-U
C:\Program Files\Netscape\Netscape\Ne
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.e
C:\Program Files\Microsoft Office\Office\1033\msoffic
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\client\Desktop\Hi
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {3784B3FF-DFD4-4A7E-B0F3-D
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radi
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-3
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcm
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroChec
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\dr
O4 - HKLM\..\Run: [cfhjrpgr] C:\WINNT\System32\cfhjrpgr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Ne
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.e
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolb
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolb
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolb
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolb
O8 - Extra context menu item: Translate Page - res://c:\winnt\GoogleToolb
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {00000EF1-0786-4633-87C6-1
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {52ADE293-85E8-11D2-BB22-0
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sunray 2003,
I did what you said in the order you said, except I had to get msconfig from a site that had it for win2K, although I didn't delete the Copernic or Party Poker entries listed just above and I didn't delete all the start up entries for applications such as McAfee, ChkAdmin and HPDJ. Cleared the entries for the acdf.dll's above and rebooted. The about:blank entry went away and MY default home page came in everytime even after logging off and rebooting. I then went back and enabled each application one and a time, logging off, loggin on, going in and out of IE and even rebooting each time and the problem never surfaced again. All applications are active again at startup and the bogus acdf.dll entries and the about:blank entried never returned. I'm assuming all these steps purged something out that was cached.
In any case thank you and wtrmk74 for all your help.
I did what you said in the order you said, except I had to get msconfig from a site that had it for win2K, although I didn't delete the Copernic or Party Poker entries listed just above and I didn't delete all the start up entries for applications such as McAfee, ChkAdmin and HPDJ. Cleared the entries for the acdf.dll's above and rebooted. The about:blank entry went away and MY default home page came in everytime even after logging off and rebooting. I then went back and enabled each application one and a time, logging off, loggin on, going in and out of IE and even rebooting each time and the problem never surfaced again. All applications are active again at startup and the bogus acdf.dll entries and the about:blank entried never returned. I'm assuming all these steps purged something out that was cached.
In any case thank you and wtrmk74 for all your help.
excellant
Wonderful results,
Glad it is working well !
Just a bit further....I would permanently remove those bogus files form your harddrive !
ACDF.DLL
N3TPA1.DLL
S4BAR.DLL
CFHJRPGR.EXE
Take Care ,
wtrmk74
Glad it is working well !
Just a bit further....I would permanently remove those bogus files form your harddrive !
ACDF.DLL
N3TPA1.DLL
S4BAR.DLL
CFHJRPGR.EXE
Take Care ,
wtrmk74
ASKER
wtrmk74,
I did, and thanks again.
Gary
I did, and thanks again.
Gary