|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
03-16-2002, 10:10 PM
|
#1 |
|
Member (9 bit)
Join Date: Jan 2002
Location: Canada
Posts: 296
|
Blank webpage loads on startup
Hi, I hope you can help me out,
I downloaded a program off KaZaa about 3 weeks ago called fast download vain. I wasn't sure what it was and after I installed it I had a new dailup number in dail-up networking. I removed it from there and I uninstalled the program but I have continued to have problems with it. I've used MSCONFIG to stop anything to do with it from loading on startup, I searched my computer for "vain" and I came up with a program. I deleted that and I have run adware and deleted 196 entries of spyware (or suspected spyware). I can't think of anything else to do but I still get the blank webpage that loads on startup. I have deleted the webpage that loads (it was under C:\windows\temp\ but it just performs an HTML extraction upon startup and opens the page again. Worse yet, today I was playing a game over the net, with no browsers open, just the game and I kept getting porn advertisement popping up. This makes me think there is a program or some dll causing the prob. I have about 15 programs running in the background, some of which I have no idea what they are. Please help me out! |
|
|
|
03-16-2002, 11:34 PM
|
#2 |
|
Member (8 bit)
Join Date: May 2001
Posts: 221
|
Ok download Startlog.com from the link and run it. It'll create a text file on your desktop. Copy and paste the contents here so we can have a look.
http://home.earthlink.net/~rmbox/Ret...d/Only_IE.html |
|
|
|
|
03-17-2002, 09:27 PM
|
#3 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,791
|
I would do a virus and a trojan scan first........
|
|
|
|
|
03-18-2002, 11:39 AM
|
#4 |
|
Member (9 bit)
Join Date: Jan 2002
Location: Canada
Posts: 296
|
I already scanned for trojans with McAfee but it didn't find anything. Here is the text file it gave me, hope it helps.
---------- C:\WINDOWS\desktop\StartUp.Log Start-Ups checked at 03-18-2002 11:34:52.95a __________________________________________________________________________ __________________________________________________________________________ StartUp Log for Windows 95/98 - Freeware by rmbox __________________________________________________________________________ __________________________________________________________________________ Comments: This is a log of all the programs on your computer that are starting automatically every time you start Windows. Using this log can be a quick way to spot trojans. StartUp Log (version 1.56) - Release Date 3/11/2002 __________________________________________________________________________ __________________________________________________________________________ StartUp Log Index 1. HKLM Run 2. HKCU Run 3. HKLM RunOnce 4. HKCU RunOnce 5. HKLM RunServices 6. HKLM RunServicesOnce 7. WIN.INI file 8. SYSTEM.INI file 9. AUTOEXEC.BAT file 10. StartUp folder 11. All Users StartUp 12. Misc. StartUp Configurations __________________________________________________________________________ __________________________________________________________________________ The following is a list of your current Start-Ups __________________________________________________________________________ __________________________________________________________________________ 1. HKLM Run - Registry [RegPath] "StartUp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry"="c:\\windows\\scanregw.exe /autorun" "TaskMonitor"="c:\\windows\\taskmon.exe" "SystemTray"="SysTray.Exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "I81SHELL"="I81SHELL.EXE" "SoundFusion"="RunDll32 cwcprops.cpl,CrystalControlWnd" "AlogServEXE"="c:\\Program Files\\McAfee\\McAfee VirusScan\\AlogServ.exe" "AvconsoleEXE"="c:\\Program Files\\McAfee\\McAfee VirusScan\\avconsol.exe /minimize" "Vshwin32EXE"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE VIRUSSCAN\\VSHWIN32.EXE" "LoadQM"="loadqm.exe" "CriticalUpdate"="c:\\windows\\SYSTEM\\wucrtupd.exe -startup" "AtiPTA"="Atiptaxx.exe" "POINTER"="point32.exe" "McAfeeWebScanX"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE VIRUSSCAN\\WebScanX.Exe" "b3dUpdate"="C:\\WINDOWS\\BDE\\Update\\Zupdate.EXE -silent -p \"C:\\WINDOWS\\BDE\\Update\" -s setup.cab" "CallControl 4.5"="C:\\Program Files\\FaxTalk Communicator\\FTCtrl32.exe /autoload" "DXM6Patch_981116"="C:\\WINDOWS\\p_981116.exe /Q:A" "wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" ========================================================================== __________________________________________________________________________ 2. HKCU Run - Registry [RegPath] "StartUp" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="" "ctfmon.exe"="ctfmon.exe" "WebWasher"="C:\\PROGRAM FILES\\WEBWASHER\\WWASHER.EXE" ========================================================================== __________________________________________________________________________ 3. HKLM RunOnce - Registry [RegPath] "StartUp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] ========================================================================== __________________________________________________________________________ 4. HKCU RunOnce - Registry [RegPath] "StartUp" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] ========================================================================== __________________________________________________________________________ 5. HKLM RunServices - Registry [RegPath] "StartUp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "HC Reminder"="hc.exe" "Vshwin32EXE"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE VIRUSSCAN\\VSHWIN32.EXE" "VsecomrEXE"="c:\\Program Files\\McAfee\\McAfee VirusScan\\VSEcomR.EXE" "VsStatEXE"="c:\\Program Files\\McAfee\\McAfee VirusScan\\VSSTAT.EXE /SHOWWARNING" "regsvr"="C:\\WINDOWS\\system\\regsver.exe" "McAfeeWebScanX"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE VIRUSSCAN\\WebScanX.Exe /RUNSERVICES" "SchedulingAgent"="mstask.exe" ========================================================================== __________________________________________________________________________ 6. HKLM RunServicesOnce - Registry [RegPath] "StartUp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] ========================================================================== __________________________________________________________________________ 7. WIN.INI File - (c:\windows\win.ini) Your win.ini run/load lines should look like run= and load= exclusively. There should be nothing to the right of the equal signs. These are the run and load lines in your WIN.INI file norun=hpfsched noload=C:\UTILIT~1\ZIP\REGISTER\remind.exe ========================================================================== __________________________________________________________________________ 8. SYSTEM.INI File - (c:\windows\system.ini) Your system.ini shell line should look like shell=Explorer.exe exclusively. You should only see Explorer.exe following the equal sign. This is the shell line in your SYSTEM.INI file shell=Explorer.exe openme.exe ========================================================================== __________________________________________________________________________ 9. AUTOEXEC.BAT File - (c:\autoexec.bat) (Some trojans have been known to start from this file) These are your program startups and set paths in your autoexec.bat file C:\PROGRA~1\NETWOR~1\MCAFEE~1\SCAN.EXE C:\ /NOEXPIRE @ECHO OFF c:\windows\cwcdata\cwcdos.exe SET GMAXLOC=C:\Program Files\gmax\ ========================================================================== __________________________________________________________________________ 10. StartUp Folder - (c:\windows\start menu\programs\startup) Shortcuts to any program will automatically start when placed here. These are the shortcuts located in your StartUp folder *(No start-ups found)* ========================================================================== __________________________________________________________________________ 11. All Users Folder - (c:\windows\all users\start menu\programs\startup) Shortcuts to any program will automatically start when placed here. These are the shortcuts located in your All Users StartUp folder *(No start-ups found)* ========================================================================== __________________________________________________________________________ 12. Miscellaneous StartUp Configurations -============================- Registry StartUp Directories -============================- Should show the Start Menu StartUp and All Users StartUp directories ..................................................................... [1] HKCU - Shell Folders HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders "Startup"="C:\\WINDOWS\\Start Menu\\Programs\\Accessories\\StartUp" ..................................................................... [2] HKCU - User Shell Folders HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders "Startup"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,74,61,72,74,20,4d,65,6e,\ ..................................................................... [3] HKLM - Shell Folders HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders "Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp" ..................................................................... [4] HKLM - User Shell Folders HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders ..................................................................... -=======================- Registry Shell Spawning -=======================- Open Commands for Executable File Types @="\"%1\" %*" (.exe file - RegPath = HKCR\exefile\shell\open\command) @="\"%1\" %*" (.com file - RegPath = HKCR\comfile\shell\open\command) @="\"%1\" /S" (.scr file - RegPath = HKCR\scrfile\shell\open\command) @="\"%1\" %*" (.bat file - RegPath = HKCR\batfile\shell\open\command) @="\"%1\" %*" (.pif file - RegPath = HKCR\piffile\shell\open\command) @="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*" (.hta file - RegPath = HKCR\htafile\shell\open\command) -=========================- HKLM RunOnceEx - Registry -=========================- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx] -=========================- HKU (.Default) Run - Registry -=========================- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="" "ctfmon.exe"="ctfmon.exe" "WebWasher"="C:\\PROGRAM FILES\\WEBWASHER\\WWASHER.EXE" -==============================- HKU (.Default) RunOnce - Registry -==============================- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce] -================================- StubPaths - Registry (Partial Listing) -================================- (Please see the StubPath.txt on your desktop for complete listing) HKLM\Software\Microsoft\Active Setup\Installed Components "OldStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE" "RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE" "StubPath"="c:\\windows\\msnmgsr1.exe" "StubPath"="" "StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L" "StubPath"="" "StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install" "StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install" "StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl" -=================- DOSSTART.BAT File - (c:\windows\dosstart.bat) -=================- @echo off REM Notes: REM DOSSTART.BAT is run whenenver you choose "Restart the computer REM in MS-DOS mode" from the Shutdown menu in Windows. It allows REM you to load programs that you might not want loaded in Windows, REM (because they have functional equivalents) but that you do REM want loaded under MS-DOS. The two primary candidates for REM this are MSCDEX and a real mode driver for the mouse you ship REM with your system. Commands that you want present in both Windows REM and MS-DOS should be placed in the Autoexec.bat in the REM \Image directory of your reference server. Please note that for REM MSCDEX you will need to load the corresponding real-mode CD REM driver in Config.sys. This driver won't be used by Windows 98 REM but will be available prior to and after Windows 98 exits. REM REM This file is also helpful if you want to F8 boot into MS-DOS 7.0 REM before Windows loads and access the CD-ROM. All you have to do REM is press F8 and then run DOSSTART to load MSCDEX and your real REM mode mouse driver (no need to remember the command line parameters REM for these two files. REM REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX. REM - The string following the /D: statement must explicitly match REM the string in CONFIG.SYS following your CD-ROM device driver. REM MSCDEX.EXE /D:OEMCD001 /l:d REM MOUSE.EXE c:\windows\cwcdata\CWCDOS.EXE c:\utilities\zip\GUEST LH C:\PROGRA~1\MICROS~3\MOUSE\MOUSE.EXE -=================- WININIT.BAK File - (c:\windows\wininit.bak) (name) (type) (size)(modified)(time) wininit bak 745 03-16-02 7:27p -=================- [Rename] NUL=C:\WINDOWS\SYSTEM\MSXML3.DLL C:\WINDOWS\SYSTEM\MSXML3.DLL=C:\WINDOWS\SYSTEM\SETA243.TMP NUL=C:\WINDOWS\SYSTEM\MSXML3A.DLL C:\WINDOWS\SYSTEM\MSXML3A.DLL=C:\WINDOWS\SYSTEM\SETA274.TMP NUL=C:\WINDOWS\SYSTEM\SHDOCLC.DLL C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\SETA356.TMP NUL=C:\WINDOWS\SYSTEM\WININET.DLL C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\SETA361.TMP NUL=C:\WINDOWS\SYSTEM\URLMON.DLL C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SETA363.TMP NUL=C:\WINDOWS\SYSTEM\SHDOCVW.DLL C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SETA370.TMP NUL=C:\WINDOWS\SYSTEM\MSHTML.DLL C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SETA373.TMP c:\windows\SYSTEM\vbscript.dll=c:\windows\SYSTEM\vbscript.001 -=========================- ICQ Inet Registry StartUp -=========================- Shows applications that start when connected to Inet [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps] "Launch Browser"="No" -=====================- Screen Saver Settings (Possible system.ini start-up) -=====================- scrnsave.exe=c:\Program Files\McAfee\McAfee VirusScan\SCRSCAN.EXE ========================================================================== __________________________________________________________________________ - Supplemental Environment Information - TMP=c:\windows\TEMP TEMP=C:\windows\TEMP winbootdir=C:\WINDOWS PATH=C:\WINDOWS;c:\windows;c:\windows\COMMAND COMSPEC=C:\WINDOWS\COMMAND.COM GMAXLOC=C:\Program Files\gmax\ windir=C:\WINDOWS File - c:\windows\Wininit.bak File - c:\windows\deletefi.ini ========================================================================== __________________________________________________________________________ - End - |
|
|
|
|
03-18-2002, 01:23 PM
|
#5 |
|
Member (8 bit)
Join Date: May 2001
Posts: 221
|
Click start--run--type sysedit and click ok. Open the system.ini screen and look for this line:
shell=Explorer.exe openme.exe It should just say shell=Explorer.exe with nothing typed to the right of it. Delete just the openme.exe part so that it just says shell=Explorer.exe with nothing typed to the right of it. (Be careful deleting so that you don't start deleting the system.drv line underneath.) Then close system.ini and click yes when prompted to save changes. Then restart and see if the problem is gone. What operating system do you have? Do you know what these are? Does anyone else know? regsvr"="C:\\WINDOWS\\system\\regsver.exe HC Reminder"="hc.exe I81SHELL"="I81SHELL.EXE Click start--find--files and search for regsver.exe, hc.exe, and I81shell.exe. Right click on them and select Properties. Under the version tab what's it say for the description and does it give a company name for each? Last edited by Kento; 03-18-2002 at 01:41 PM. |
|
|
|
|
03-18-2002, 10:30 PM
|
#6 |
|
Member (9 bit)
Join Date: Jan 2002
Location: Canada
Posts: 296
|
Problem Solved. Thanks for all your help.
I'm running Windows 98, I did a search on regsver.exe and found nothing, then just on regsver and I still found nothing so I have no idea what that is. HC.exe doesn't have a company name or anything so I don't know what that is. I81shell is something to do with the display driver for my Asus mobo. It run in the background and it is located under C:\windows\system and under C:\drivers\Asus Mew Video. The description under properties is NTShell MFC Application. |
|
|
|
|
03-19-2002, 05:33 PM
|
#7 |
|
Member (8 bit)
Join Date: May 2001
Posts: 221
|
You're welcome. But go into msconfig and uncheck both regsver.exe and hc.exe from under the startup tab then ok out and restart. (start--run--type msconfig--ok--startup tab) I doubt you'll miss them whatever they are.
 You can always go back and recheck them later if you find you need them loading at startup. Regsver.exe looks suspicious to me but since you can't find it you may have deleted it at some point. But go into folder options then to the view tab and see if 'show all files' is ticked. If it isn't then tick it then ok out and search for regsver.exe again and see if you find it. It may have been hidden.
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
