IE resets home page to "about blank" upon exit

Question

LSchwartz0 0 Newbie Poster

20 Years Ago

I have an old Gateway G6-350 Pentium II running Windows 98. The current version of Internet Explorer is 6.0.28. Additionally, I am using a D-Link router for a firewall, Norton Antivirus, and NoAdware.

The problem is that every time I exit Internet Explorer, the home page gets reset to "about blank". After researching this on Microsoft support, I followed the instructions for MS Knowledge Base Article 320159. Using their directions, I found that modifying the registry had no effect.

I realize that this is not a critical error; but, it is extremely frustrating. Any and all help you can provide would be very much welcomed.

Thanx!!

windows-virus

7 Contributors
16 Replies
494 Views
5 Days Discussion Span
Latest Post 20 Years Ago Latest Post by DMR

DaveSW 15 Master Poster

20 Years Ago

Sounds like some sort of virus/malware etc.

Try http://www.daniweb.com/techtalkforums/thread7507.html

You might prefer to try installing adaware, cwshredder, spybot s&d etc from this link http://www.daniweb.com/techtalkforums/thread5690.html first.

DMR 152 Wombat At Large

20 Years Ago

#1- Uninstall NoAdware; the program is bogus. More on the reasons why here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

You're fairly well infested; I'm moving this to our Security forum so that our virus/spyware experts can look through your log. (By the way, just for future reference you should be aware that the Security forum is the only forum on this site where HJT logs should be posted).

caperjack 875 I hate 20 Questions

20 Years Ago

Download and run this fully working 30 day trial version Trojan Hunter.
http://www.misec.net/trojanhunter/?aff=12129
.........................................................................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed
.................................................
Increase the strength of Ad-Aware by installing the VX2 Cleaner plug-in.
Close Ad-Aware 6.
Download the free VX2 Cleaner Here
Install the VX2 Cleaner.
Start Ad-Aware and click on "Plug-ins".
Select the VX2 Cleaner plug-in and click "Run Plugin".
If your computer isn’t infected, click "Close".
If your computer is infected:
Select "Clean System".
Reboot your computer.
Scan your computer with Ad-Aware.
Remove any VX2 objects detected.
Reboot your computer again.
Run a second scan to make sure the files have been removed from your computer.
.................................................................
Download SPYBOT

After installing Spybot S&D, update it by using the "Update" button on the left panel of the program. Search for updates and download anything it finds

How to setup Ad-Aware and Spy-Bot S&D Check my signature for details

And after that, please do the following:

........................................................................
Get The latest Version of Hijackthis 1.98.1

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe ,

Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save

Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for

hijackthis,most of what it lists will be harmless or even essential,

don't fix anything yet.

Reboot and post a new log

............................................................................................................

Silent 0 Light Poster

20 Years Ago

also... u might want to try and update ur hijack this becuase ur thing didnt find the 018 files like mine did...

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

LSchwartz0 0 Newbie Poster · Answer 1 · 2004-08-10T01:44:22+00:00

First I want to thank you for getting back to me so quickly. Since I am a newbie to this forum, I'll use that as an excuse for not researching this further prior to creating my own thread. I did try the provided solution and ran into a problem.

I am unable to access Apm. A message appears that informs me that "This program has performed an illegal operation and will be shut down". I have tried uninstalling and reinstalling to no success.

The following is the detail info from the error message:

APM caused an invalid page fault in
module <unknown> at 0000:00000009.
Registers:
EAX=0052063c CS=0177 EIP=00000009 EFLGS=00010202
EBX=0052063c SS=017f ESP=0064f8f4 EBP=0064fc5c
ECX=00000000 DS=017f ESI=00000000 FS=56f7
EDX=00000000 ES=017f EDI=00000000 GS=56e6
Bytes at CS:EIP:
00 87 cf 65 04 70 00 65 04 70 00 54 ff 00 f0 a4
Stack dump:
0064017f 00403ef8 00520538 01000104 00000100 00000100 00000000 00000001 00000000 000000ff 00000000 00000000 00000000 00000000 00000000 00000000

My HJT dump looks like this:

Logfile of HijackThis v1.97.7
Scan saved at 3:47:03 PM, on 08/09/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\SDPH20.DLL
O2 - BHO: (no name) - {5FB393C9-58BA-4AA2-9EA2-78C2F2D5AA57} - C:\WINDOWS\SYSTEM\FBP.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~3\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~3\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [NETZIP SMARTDOWNLOADER] C:\WINDOWS\SYSTEM\npnzdad.exe /t
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37910.5390509259
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/266069255642264dcf19/netzip/RdxIE601.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://www.plaxo.com/activex/PlaxoInstall.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

Without Apm, I'm not repeat the solution that was provided.

Thanks for your all your help.

LSchwartz0 0 Newbie Poster · Answer 2 · 2004-08-10T11:07:11+00:00

I wish that I had known about this forum sooner. All your help and support has been fantastic and is certainly appreciated. Please excuse my lack of protocol knowledge concerning the posting of the HJT log.

I hope that I'm not jinxing myself... but... According to directions in the related referenced threads, using HJT, I removed the sp.html items, the HomeOldSP = about:blank, and the BHO for C:\WINDOWS\SYSTEM\FBP.DLL. (Upon researching FBP.DLL, I found no information about it in any database. I then took the assumption, as mentioned in one of the threads, that this was a randomly generated name that perpetuates the problem.) Then I removed FBP.dll from the C:\windows\temp sub dir. Finally, I ran Ad-aware and removed the offensive items.

After that completed, I rebooted the computer. It seemed to take forever and I started to worry that I messed things up. However, when the system finally came up, it appears that the about:blank issue has ceased to be.

I'm hopeful but wary. Again, any and all help that can be provided would be welcomed and appreciated. Thanks for the great work.

DMR 152 Wombat At Large Team Colleague · Answer 3 · 2004-08-10T11:36:33+00:00

also... u might want to try and update ur hijack this becuase ur thing didnt find the 018 files like mine did...

Good catch Silent; thanks. Yes- HJT is currently at version 1.98.

LSchwartz0,

Download and run the latest version of HJT and post a fresh log so that we can verify that you're clean; a lot of these nasties will pop back to life if you haven't removed every single bit of them.

LSchwartz0 0 Newbie Poster · Answer 4 · 2004-08-10T11:55:16+00:00

Downloaded the new version and here is the current log:

Logfile of HijackThis v1.98.2
Scan saved at 1:57:47 AM, on 08/10/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\SDPH20.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~3\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~3\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [NETZIP SMARTDOWNLOADER] C:\WINDOWS\SYSTEM\npnzdad.exe /t
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0522.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0522.DLL
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/266069255642264dcf19/netzip/RdxIE601.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://www.plaxo.com/activex/PlaxoInstall.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O18 - Filter: text/html - {70A3F011-A9C0-4929-A84E-CC1C6B92FEE6} - C:\WINDOWS\SYSTEM\FBP.DLL
O18 - Filter: text/plain - {70A3F011-A9C0-4929-A84E-CC1C6B92FEE6} - C:\WINDOWS\SYSTEM\FBP.DLL

Hmm, it seems that the 018's reference FBP.DLL. I searched my system and this DLL does not exist. Please let me know if there is anything else that I need to do.

DMR 152 Wombat At Large Team Colleague · Answer 5 · 2004-08-10T12:13:13+00:00

Sorry- don't have much time to reply right now, but have HJT fix these for starters:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/26606925564226...ip/RdxIE601.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://www.plaxo.com/activex/PlaxoInstall.cab
O18 - Filter: text/html - {70A3F011-A9C0-4929-A84E-CC1C6B92FEE6} - C:\WINDOWS\SYSTEM\FBP.DLL
O18 - Filter: text/plain - {70A3F011-A9C0-4929-A84E-CC1C6B92FEE6} - C:\WINDOWS\SYSTEM\FBP.DLL

Delete the contents of all Temp, Temporary Internet Files, and Cookie folders. Empty your recycle bin. reboot.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2004-08-10T17:34:44+00:00

Uninstall Webhancer from add\remove programs first please & that should remove those entries from the 010 section.

LSchwartz0 0 Newbie Poster · Answer 7 · 2004-08-12T03:09:57+00:00

After following your instructions, it appears that things are running just fine. Webhancer had been previously removed through the add/remove programs, but had apparently left some pieces of itself behind.

When I tried to remove the 010's from HJT, a message informed me that I had to remove it using a different tool. I downloaded SpyBot and used it to remove a whole bunch of other junk as well.

All folder contents mentioned were deleted and emptied from the recycle bin. I was also able to change the home page without any incident.

One question remains: Should I let HJT fix
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank ??

Your help, expertise, and timely responses have been great. Thank you so much for helping me get through this problem area.

DMR 152 Wombat At Large Team Colleague · Answer 8 · 2004-08-12T03:36:52+00:00

Webhancer had been previously removed through the add/remove programs, but had apparently left some pieces of itself behind.

Yes- the WebHancer uninstaller is bogus; it does leave pieces of itself on your system.

One question remains: Should I let HJT fix
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank ??

It would be safe to do that, yes.

Killer_Typo 82 Master Poster · Answer 9 · 2004-08-12T04:48:51+00:00

how to remove web hancer completely

What does remove WebHancer:

Use Ad-Aware to remove WebHancer, remove everything from the 'Communications' section in Windows Setup (Control Panel, Add/Remove software, Windows Setup), delete the Registry key HKLM\System\CurrentControlSet\Services\Winsock2, reboot, put removed items from 'Communications' section in Windows Setup back.

DMR 152 Wombat At Large Team Colleague · Answer 10 · 2004-08-13T00:41:39+00:00

camelNotation:

In your post you stated: "I was asked to read and post in this thread", but I think you misunderstood; what I had asked you to do was to read the suggestions in caperjack's post in this thread, not to put your own post here.

I've split your post into its thread located here:
http://www.daniweb.com/techtalkforums/showthread.php?t=9286

LSchwartz0 0 Newbie Poster · Answer 11 · 2004-08-14T11:51:43+00:00

It appears that everything is running just fine. Thank you so much for all of your help and support.

DMR 152 Wombat At Large Team Colleague · Answer 12 · 2004-08-14T23:01:14+00:00

DMR 152 Wombat At Large

20 Years Ago

You're welcome; glad we could help. :)