If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Internet Options, About Blank and MSN.
I always found 'school' painful. I have to say I would=20
have ignored 'me'in this case. Thanks for persisting and Well done, Noel (and Mike). vbg -----Original Message----- That looks a little healthier, Ben! - wasn't *that*=20 painful, was it? --=20 Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post=20 messages to NG's or http://www.microsoft.com/presspass/f...2001/Mar01/Mar 27pmvp.asp "Ben B" wrote in=20 message ... Humph! I know a couple of conspirators more devious than myself when I read their writing. Internet Explorer Q832894 (details...) Q837009 (details...) SP1 (SP1) Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 * Courtesy MM.NP and Belarc. Big sigh, Ben. -----Original Message----- Just get the IE6 update, Ben!! --=20 Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../2001/Mar01/Ma r 27pmvp.asp "Ben B" wrote in message .. . Hello Mike, I will respond to what I think you will agree is the most important issue here. The question of my version of I.E. I have a post made (regarding my using Windows Updates} immediately following my format and install in which I expressed my difficulty concerning the SP2 installation.=20 I copy it he "Subject: Updates will not install after PF and I. From: "Ben B" Sent: 6/25/2004 12:36:04 PM Hello, After a partition, format and install I went to the WU site and with a single exception (I.E.6) accepted all the available updates. I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex Belarc and my computer). Version of I.E. prior to PF and I : 5.51.4807.2300 (ex Belarc which also shows SP2). I have the downloaded updates for I.E. Q824145 and Q 832894 and for O.E. Q837009. None of these will install. The reason given "This update requires I.E.5.5 Service Pack 2 to be installed". The=20 same applies to the O.E. update (sustituting O.E. for I.E.). I cannot find this update. Help/guidance appreciated." **************************** I could not resolve that issue. Hence I am still using=20 the mentioned version. I didn't go to I.E.6 (having tried it out when it first came out I didn't like it). I use with regularity (daily and updated) the following: Lavasoft Adaware. SpybotS & D. CWShredder. HijackThis. SpywareBlaster. I will add BHODemon. Lavasoft regularly returns 2 registry entries=20 of "Possible Browser Hijack..." here they are (this half an hour after a previous scan showing them): Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Start Page" ("about:blank") Possible=20 browser hijack attempt Possible Browser Hijack attempt RegData Data Miner HKEY_USERS:.Default\Software\Microsoft\Interne t Explorer\Main"Start Page" ("about:blank") Possible=20 browser hijack attempt I cannot tell the real MSN page from a false one. I do appreciate your post and all it's detail, Mike. Ben. -----Original Message----- Are you sure about this Ben and that your homepage=20 hasn't been hijacked by something purporting to be MSN? Incidentally I feel=20 that as a matter of urgency you need to upgrade your copy of Internet Explorer to either IE5.5 SP2 or better to IE6 SP1. This would be a good time to download yourself a copy=20 of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would also suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip) .. Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/c...nicles.html=20 and also http://www.pestpatrol.com/pestinfo/c/cws.asp. Other useful tools include BHODemon (http://www.definitivesolutions.com/bhodemon.htm that checks for unwanted Browser Help Objects and SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can help prevent some parasites getting a grip on your PC. Finally if you still continue to experience problems download a copy of HijackThis from (http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. --=81 Mike Maltby MS-MVP Ben B wrote: Hello, I have always used 'About Blank' and I wish to=20 continue using it. However since a recent repartition, format and install of WinMe I find MSN declines to let me have=20 the priviledge of choice. My setting, 'About Blank' is arbitrarily changed to MSN. This after a a very few uses of I.E. (version 5.50.4134.100) I am puzzled by the fact that MSN is the 'Default' in Internet Options. I wish my choice of 'About Blank' to be the default! There must be a way of changing this. In the registry for instance, or, what would I.E.6 allow - were I to use it? . . . |
#12
|
|||
|
|||
Internet Options, About Blank and MSN.
Ah - so that's the excuse that MS is pushing out on WU for Win9x, then -
required for MDAC!!! -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Ben B" wrote in message ... Groaning DataAccess KB870669 Courtesy MM and Belarc (already done!) -----Original Message----- Now go back and make certain that you have installed the newly released 870669 patch. g This patch (see KB 870669 - "How to disable the ADODB.Stream object from Internet Explorer" (http://support.microsoft.com? kbid=870669) is essential to patch an exploit which is currently rampant on the net and that can have major security implications for those infected.. -- Mike Maltby MS-MVP Ben B wrote: Humph! I know a couple of conspirators more devious than myself when I read their writing. Internet Explorer Q832894 (details...) Q837009 (details...) SP1 (SP1) . |
#13
|
|||
|
|||
Internet Options, About Blank and MSN.
I don't get you? 870669 is for IE6 SP1 regardless of the OS platform and I
thought Ben was now running IE6 SP1. What is interesting is that I was also offered 870669 on a Win Me box with IE 5.5 SP2 although it did have MDAC 2.5 as a result of having the critical update 329414 - MS02-05 installed. What I can confirm is that a clean Win Me install is not offered 870669, just IE SP1. -- Mike Maltby MS-MVP Noel Paton wrote: Ah - so that's the excuse that MS is pushing out on WU for Win9x, then - required for MDAC!!! |
#14
|
|||
|
|||
Internet Options, About Blank and MSN.
Yes - but it's also involved in MDAC2.5-2.8
therefore if either are installed (and one or the other is bound to be installed in ME, pretty much), then you're offered the update. I suspect that it's MDAC that rules the magnanimity of MS in this case, rather than IE. (otherwise they'd have some users protected, and others not - and screaming blue murder) -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Mike M" wrote in message ... I don't get you? 870669 is for IE6 SP1 regardless of the OS platform and I thought Ben was now running IE6 SP1. What is interesting is that I was also offered 870669 on a Win Me box with IE 5.5 SP2 although it did have MDAC 2.5 as a result of having the critical update 329414 - MS02-05 installed. What I can confirm is that a clean Win Me install is not offered 870669, just IE SP1. -- Mike Maltby MS-MVP Noel Paton wrote: Ah - so that's the excuse that MS is pushing out on WU for Win9x, then - required for MDAC!!! |
#15
|
|||
|
|||
Internet Options, About Blank and MSN.
As I mentioned though 870669 is not offered on a clean Win Me in which case
you would still have some users not being offered the patch but then again what's one patch here or there when twenty others also need to be installed. As to whether it is IE5.5 0600 (the real RTM version not the 0100 included with Win Me), SP1, SP2 or MDAC that triggers 870669 some experimenting tomorrow will tell. :-) -- Mike M Noel Paton wrote: Yes - but it's also involved in MDAC2.5-2.8 therefore if either are installed (and one or the other is bound to be installed in ME, pretty much), then you're offered the update. I suspect that it's MDAC that rules the magnanimity of MS in this case, rather than IE. (otherwise they'd have some users protected, and others not - and screaming blue murder) |
#16
|
|||
|
|||
Internet Options, About Blank and MSN.
I might have a play - I have a virgin ME on VPC, if I can get it to talk to
the Host -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Mike M" wrote in message ... As I mentioned though 870669 is not offered on a clean Win Me in which case you would still have some users not being offered the patch but then again what's one patch here or there when twenty others also need to be installed. As to whether it is IE5.5 0600 (the real RTM version not the 0100 included with Win Me), SP1, SP2 or MDAC that triggers 870669 some experimenting tomorrow will tell. :-) -- Mike M Noel Paton wrote: Yes - but it's also involved in MDAC2.5-2.8 therefore if either are installed (and one or the other is bound to be installed in ME, pretty much), then you're offered the update. I suspect that it's MDAC that rules the magnanimity of MS in this case, rather than IE. (otherwise they'd have some users protected, and others not - and screaming blue murder) |
#17
|
|||
|
|||
Internet Options, About Blank and MSN.
However...
I am infected with something cos Lavasoft still reports: Possible Browser Hijack attempt RegData Data Miner=20 HKEY_CURRENT_USER:Software\Microsoft\Internet=20 Explorer\Main"Start Page" ("about:blank") Possible browser=20 hijack attempt=20 Possible Browser Hijack attempt RegData Data Miner=20 HKEY_USERS:.Default\Software\Microsoft\Internet=20 Explorer\Main"Start Page" ("about:blank") Possible browser=20 hijack attempt=20 and HijackThis this: RO - HKLM\Software\Microsoft\Internet=20 Explorer\Main,Local Page =3D both in the last few minutes and since my capitulation! ? Ben. -----Original Message----- I always found 'school' painful. I have to say I would=20 have ignored 'me'in this case. Thanks for persisting and Well done, Noel (and Mike). vbg -----Original Message----- That looks a little healthier, Ben! - wasn't *that*=20 painful, was it? --=20 Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post=20 messages to NG's or http://www.microsoft.com/presspass/f.../2001/Mar01/Ma r 27pmvp.asp "Ben B" wrote in=20 message .. . Humph! I know a couple of conspirators more devious than myself when I read their writing. Internet Explorer Q832894 (details...) Q837009 (details...) SP1 (SP1) Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 * Courtesy MM.NP and Belarc. Big sigh, Ben. -----Original Message----- Just get the IE6 update, Ben!! --=20 Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f...s/2001/Mar01/M a r 27pmvp.asp "Ben B" wrote in message . .. Hello Mike, I will respond to what I think you will agree is the=20 most important issue here. The question of my version of I.E. I have a post made (regarding my using Windows Updates} immediately following my format and install in which I expressed my difficulty concerning the SP2=20 installation.=20 I copy it he "Subject: Updates will not install after PF and I. From: "Ben B" Sent: 6/25/2004 12:36:04 PM Hello, After a partition, format and install I went to the WU site and with a single exception (I.E.6) accepted all=20 the available updates. I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex Belarc and my computer). Version of I.E. prior to PF and I : 5.51.4807.2300 (ex Belarc which also shows SP2). I have the downloaded updates for I.E. Q824145 and Q 832894 and for O.E. Q837009. None of these will install. The reason given "This=20 update requires I.E.5.5 Service Pack 2 to be installed". The=20 same applies to the O.E. update (sustituting O.E. for I.E.). I cannot find this update. Help/guidance appreciated." **************************** I could not resolve that issue. Hence I am still using=20 the mentioned version. I didn't go to I.E.6 (having tried it out when it first came out I didn't like it). I use with regularity (daily and updated) the following: Lavasoft Adaware. SpybotS & D. CWShredder. HijackThis. SpywareBlaster. I will add BHODemon. Lavasoft regularly returns 2 registry entries=20 of "Possible Browser Hijack..." here they are (this half an hour=20 after a previous scan showing them): Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Start Page" ("about:blank") Possible=20 browser hijack attempt Possible Browser Hijack attempt RegData Data Miner HKEY_USERS:.Default\Software\Microsoft\Intern et Explorer\Main"Start Page" ("about:blank") Possible=20 browser hijack attempt I cannot tell the real MSN page from a false one. I do appreciate your post and all it's detail, Mike. Ben. -----Original Message----- Are you sure about this Ben and that your homepage=20 hasn't been hijacked by something purporting to be MSN? Incidentally I feel=20 that as a matter of urgency you need to upgrade your copy of Internet Explorer to either IE5.5 SP2 or better to IE6 SP1. This would be a good time to download yourself a copy=20 of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would also suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be=20 downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip ) .. Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/c...nicles.html=20 and also http://www.pestpatrol.com/pestinfo/c/cws.asp. Other useful tools include BHODemon (http://www.definitivesolutions.com/bhodemon.htm that checks for unwanted Browser Help Objects and SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can help prevent some parasites getting a grip on your PC. Finally if you still continue to experience problems download a copy of HijackThis from (http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can=20 including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to=20 the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. --=81 Mike Maltby MS-MVP Ben B wrote: Hello, I have always used 'About Blank' and I wish to=20 continue using it. However since a recent repartition, format and install of WinMe I find MSN declines to let me have=20 the priviledge of choice. My setting, 'About Blank' is arbitrarily changed to MSN. This after a a very few uses of I.E. (version 5.50.4134.100) I am puzzled by the fact that MSN is the 'Default' in Internet Options. I wish my choice of 'About Blank'=20 to be the default! There must be a way of changing this. In the registry for instance, or, what would I.E.6 allow - were I to use it? . . . . |
#18
|
|||
|
|||
Internet Options, About Blank and MSN.
....and my I.E. page set to 'About Blank' is again showing=20
the MSN home page.!! -----Original Message----- However... I am infected with something cos Lavasoft still reports: Possible Browser Hijack attempt RegData Data Miner=20 HKEY_CURRENT_USER:Software\Microsoft\Internet=2 0 Explorer\Main"Start Page" ("about:blank") Possible=20 browser=20 hijack attempt=20 Possible Browser Hijack attempt RegData Data Miner=20 HKEY_USERS:.Default\Software\Microsoft\Internet=2 0 Explorer\Main"Start Page" ("about:blank") Possible=20 browser=20 hijack attempt=20 and HijackThis this: RO -=20 HKLM\Software\Microsoft\Internet=20 Explorer\Main,Local Page =3D both in the last few minutes and since my capitulation! ? Ben. -----Original Message----- I always found 'school' painful. I have to say I would=20 have ignored 'me'in this case. Thanks for persisting and Well done, Noel (and Mike). vbg -----Original Message----- That looks a little healthier, Ben! - wasn't *that*=20 painful, was it? --=20 Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to=20 post=20 messages to NG's or http://www.microsoft.com/presspass/f...s/2001/Mar01/M a r 27pmvp.asp "Ben B" wrote in=20 message . .. Humph! I know a couple of conspirators more devious than myself when I read their writing. Internet Explorer Q832894 (details...) Q837009 (details...) SP1 (SP1) Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 * Courtesy MM.NP and Belarc. Big sigh, Ben. -----Original Message----- Just get the IE6 update, Ben!! --=20 Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to=20 post messages to NG's or http://www.microsoft.com/presspass/features/2001/Mar01/ M a r 27pmvp.asp "Ben B" wrote in message .. . Hello Mike, I will respond to what I think you will agree is the=20 most important issue here. The question of my version of=20 I.E. I have a post made (regarding my using Windows Updates} immediately following my format and install in which I expressed my difficulty concerning the SP2=20 installation.=20 I copy it he "Subject: Updates will not install after PF and I. From: "Ben B" Sent: 6/25/2004 12:36:04 PM Hello, After a partition, format and install I went to the WU site and with a single exception (I.E.6) accepted all=20 the available updates. I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex=20 Belarc and my computer). Version of I.E. prior to PF and I : 5.51.4807.2300 (ex Belarc which also shows SP2). I have the downloaded updates for I.E. Q824145 and Q 832894 and for O.E. Q837009. None of these will install. The reason given "This=20 update requires I.E.5.5 Service Pack 2 to be installed". The=20 same applies to the O.E. update (sustituting O.E. for I.E.). I cannot find this update. Help/guidance appreciated." **************************** I could not resolve that issue. Hence I am still using=20 the mentioned version. I didn't go to I.E.6 (having tried=20 it out when it first came out I didn't like it). I use with regularity (daily and updated) the=20 following: Lavasoft Adaware. SpybotS & D. CWShredder. HijackThis. SpywareBlaster. I will add BHODemon. Lavasoft regularly returns 2 registry entries=20 of "Possible Browser Hijack..." here they are (this half an hour=20 after a previous scan showing them): Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Interne t Explorer\Main"Start Page" ("about:blank") Possible=20 browser hijack attempt Possible Browser Hijack attempt RegData Data Miner HKEY_USERS:.Default\Software\Microsoft\Interne t Explorer\Main"Start Page" ("about:blank") Possible=20 browser hijack attempt I cannot tell the real MSN page from a false one. I do appreciate your post and all it's detail, Mike. Ben. -----Original Message----- Are you sure about this Ben and that your homepage=20 hasn't been hijacked by something purporting to be MSN? Incidentally I feel=20 that as a matter of urgency you need to upgrade your copy of Internet Explorer to either IE5.5 SP2 or better to IE6 SP1. This would be a good time to download yourself a =20 copy=20 of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and=20 also SpyBot (http://www.safer-networking.org/) and scan your=20 system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would also suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be=20 downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zi p ) .. Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/c...nicles.html=20 and also http://www.pestpatrol.com/pestinfo/c/cws.asp. Other useful tools include BHODemon (http://www.definitivesolutions.com/bhodemon.htm that checks for unwanted Browser Help Objects and SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can help prevent some parasites getting a grip on your PC. Finally if you still continue to experience problems download a copy of HijackThis from (http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can=20 including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to=20 the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. --=81 Mike Maltby MS-MVP Ben B wrote: Hello, I have always used 'About Blank' and I wish to=20 continue using it. However since a recent repartition, format and install of WinMe I find MSN declines to let me have=20 the priviledge of choice. My setting, 'About Blank' is arbitrarily changed to MSN. This after a a very few uses of I.E. (version 5.50.4134.100) I am puzzled by the fact that MSN is the 'Default'=20 in Internet Options. I wish my choice of 'About Blank'=20 to be the default! There must be a way of changing this. In the=20 registry for instance, or, what would I.E.6 allow - were I to use it? . . . . . |
#19
|
|||
|
|||
Internet Options, About Blank and MSN.
I've been doing that all afternoon. See my posts in dts and dts3. BTW MDAC
2.5 or above is not required for IE5.5 SP2 to be offered 870669. -- Mike Maltby MS-MVP Noel Paton wrote: I might have a play - I have a virgin ME on VPC, if I can get it to talk to the Host |
#20
|
|||
|
|||
Internet Options, About Blank and MSN.
Mike, here is the HijackThis log.
Logfile of HijackThis v1.98.0 Scan saved at 12:49:05 AM, on 04/07/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE E:\PROGRAM FILES\AVG\AVGSERV9.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE E:\PROGRAM FILES\AVG\AVGCC32.EXE E:\PROGRAM FILES\MSGTAG\MSGTAG.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE E:\PROGRAM FILES\BHODEMON.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\NOTEPAD.EXE C:\MY DOCUMENTS\HIJACKTHIS.EXE O4 - HKLM\..\Run: [ScanRegistry]=20 C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~2 \AVG\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common=20 Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\RunServices: [*StateMgr]=20 C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] E:\PROGRA~2 \AVG\Avgserv9.exe O4 - HKCU\..\Run: [MSGTAG] "E:\PROGRAM=20 FILES\MSGTAG\MSGTAG.EXE" /startup O4 - Startup: BHODemon 2.0.lnk =3D E:\Program=20 Files\BHODemon.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE- 00C0F0318AFE} - (no file) O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6- CA6EE38B68A8} - (no file) O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee- 9DF6-CA6EE38B68A8} - (no file) O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1 \Plugins\NPBelv32.dll O16 - DPF: HushEncryptionEngine -=20 https://mailserver3.hushmail.com/sha...ncryptionEngin e.cab Ben -----Original Message----- ....and my I.E. page set to 'About Blank' is again=20 showing=20 the MSN home page.!! -----Original Message----- However... I am infected with something cos Lavasoft still reports: Possible Browser Hijack attempt RegData Data Miner=20 HKEY_CURRENT_USER:Software\Microsoft\Internet= 20 Explorer\Main"Start Page" ("about:blank") Possible=20 browser=20 hijack attempt=20 Possible Browser Hijack attempt RegData Data Miner=20 HKEY_USERS:.Default\Software\Microsoft\Internet= 20 Explorer\Main"Start Page" ("about:blank") Possible=20 browser=20 hijack attempt=20 and HijackThis this: RO -=20 HKLM\Software\Microsoft\Internet=20 Explorer\Main,Local Page =3D both in the last few minutes and since my capitulation! ? Ben. -----Original Message----- I always found 'school' painful. I have to say I would=20 have ignored 'me'in this case. Thanks for persisting and Well done, Noel (and Mike). vbg -----Original Message----- That looks a little healthier, Ben! - wasn't *that*=20 painful, was it? --=20 Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to=20 post=20 messages to NG's or http://www.microsoft.com/presspass/features/2001/Mar01/ M a r 27pmvp.asp "Ben B" wrote in=20 message .. . Humph! I know a couple of conspirators more devious than=20 myself when I read their writing. Internet Explorer Q832894 (details...) Q837009 (details...) SP1 (SP1) Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 * Courtesy MM.NP and Belarc. Big sigh, Ben. -----Original Message----- Just get the IE6 update, Ben!! --=20 Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to=20 post messages to NG's or http://www.microsoft.com/presspass/features/2001/Mar01 / M a r 27pmvp.asp "Ben B" wrote in message . .. Hello Mike, I will respond to what I think you will agree is the=20 most important issue here. The question of my version of=20 I.E. I have a post made (regarding my using Windows=20 Updates} immediately following my format and install in which I expressed my difficulty concerning the SP2=20 installation.=20 I copy it he "Subject: Updates will not install after PF and I. From: "Ben B" Sent: 6/25/2004 12:36:04 PM Hello, After a partition, format and install I went to the WU site and with a single exception (I.E.6) accepted all=20 the available updates. I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex=20 Belarc and my computer). Version of I.E. prior to PF and I : 5.51.4807.2300 (ex Belarc which also shows SP2). I have the downloaded updates for I.E. Q824145 and Q 832894 and for O.E. Q837009. None of these will install. The reason given "This=20 update requires I.E.5.5 Service Pack 2 to be installed". The=20 same applies to the O.E. update (sustituting O.E. for=20 I.E.). I cannot find this update. Help/guidance appreciated." **************************** I could not resolve that issue. Hence I am still=20 using=20 the mentioned version. I didn't go to I.E.6 (having tried=20 it out when it first came out I didn't like it). I use with regularity (daily and updated) the=20 following: Lavasoft Adaware. SpybotS & D. CWShredder. HijackThis. SpywareBlaster. I will add BHODemon. Lavasoft regularly returns 2 registry entries=20 of "Possible Browser Hijack..." here they are (this half an hour=20 after a previous scan showing them): Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Intern et Explorer\Main"Start Page" ("about:blank") Possible=20 browser hijack attempt Possible Browser Hijack attempt RegData Data Miner HKEY_USERS:.Default\Software\Microsoft\Intern et Explorer\Main"Start Page" ("about:blank") Possible=20 browser hijack attempt I cannot tell the real MSN page from a false one. I do appreciate your post and all it's detail, Mike. Ben. -----Original Message----- Are you sure about this Ben and that your homepage=20 hasn't been hijacked by something purporting to be MSN? Incidentally I feel=20 that as a matter of urgency you need to upgrade your copy of Internet Explorer to either IE5.5 SP2 or better to IE6 SP1. This would be a good time to download yourself a =20 copy=20 of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and=20 also SpyBot (http://www.safer-networking.org/) and scan your=20 system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would also suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be=20 downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip=20 or http://www.spywareinfo.com/~merijn/files/cwshredder.z i p ) .. Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html =20 and also http://www.pestpatrol.com/pestinfo/c/cws.asp. Other useful tools include BHODemon (http://www.definitivesolutions.com/bhodemon.htm that checks for unwanted Browser Help Objects and SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can help prevent some parasites getting a grip on your PC. Finally if you still continue to experience problems download a copy of HijackThis from (http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can=20 including all instances of Internet Explorer and then run hijackthis.exe and=20 post back the log, provided that it isn't too long, to this thread, otherwise to=20 the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. --=81 Mike Maltby MS-MVP Ben B wrote: Hello, I have always used 'About Blank' and I wish to=20 continue using it. However since a recent repartition,=20 format and install of WinMe I find MSN declines to let me=20 have=20 the priviledge of choice. My setting, 'About Blank' is arbitrarily changed to MSN. This after a a very few uses of I.E. (version 5.50.4134.100) I am puzzled by the fact that MSN is the 'Default'=20 in Internet Options. I wish my choice of 'About=20 Blank'=20 to be the default! There must be a way of changing this. In the=20 registry for instance, or, what would I.E.6 allow - were I to=20 use it? . . . . . . |
Thread Tools | |
Display Modes | |
|
|