Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT-bilbo


  • Please log in to reply
33 replies to this topic

#1 bilbo

bilbo

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 24 February 2005 - 02:00 PM

My Windows 95 system has its Internet Explorer 5.0 homepage hijacked by about:blank. I have used AVG 7.0 (free edition) but cannot load Spybot or Ad-aware. I need lots of help...please! Hikackthis log is below. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 10:40:39 AM, on 2/24/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\POINTER.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MAIL\EUDORA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: load=C:\WINDOWS\POINTER.EXE C:\MOUSE\POINTER.EXE
O2 - BHO: (no name) - {1D6D0271-8E86-4F3C-A4FC-3B6BFCD47AF4} - C:\WINDOWS\SYSTEM\HMCOE.DLL
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [Winkjb] C:\WINDOWS\SYSTEM\Winkjb.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Pop-Up Stopper.lnk = C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 95\DMHKEY.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .inp: C:\PROGRA~1\INTERN~1\PLUGINS\npincplg.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfromtheweb.com/install/iftwclix.cab
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.cancereducation.com/CFIDE/classes/CFJava.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v11/investor.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = gte.net
O18 - Filter: text/html - {65AF0E1B-0E04-4DC7-9245-CFD0B38305A4} - C:\WINDOWS\SYSTEM\HMCOE.DLL
O18 - Filter: text/plain - {65AF0E1B-0E04-4DC7-9245-CFD0B38305A4} - C:\WINDOWS\SYSTEM\HMCOE.DLL
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:05 PM

Posted 27 February 2005 - 11:08 PM

Please follow these steps:

Step 1:

1. Click on Start, then Run and type msinfo32 and press the OK button.
2. Expand the Software Environment section.
3. Expand the System Hooks Section.
4. Look for the which may be listed As:

-Hook type: Window Procedure
-Hooked by: XXXXX.dll
-Application: RUNDLL32.EXE
-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll
-Application path: C:\WINDOWS\RUNDLL32.EXE

Where XXXXX..dll is the file name.

If you find that file, highlight it with your mouse and click on edit then copy to copy the filename.

Then post that filename with the information in the next step in a reply to this post.

5. Continue to Step 2.

Step 2:

1. Download: "StartDreck" from:

http://www.niksoft.at/download/startdreck.htm

2. Extract the file into c:\startdreck.

3. Navigate to c:\startdreck and double-click on Startdreck.exe

4. When the program opens click on the Config button.

5. Then click on the unmark all button.

6. Then put checkmarks in the following checkboxes:

Under Registry put a checkmark in the Run Keys checkbox.

Under System/Drivers put a check in the Running Proccess checkbox.

7. Press the OK button.

8. Press the Save button. Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

9. Post a copy of the log as a reply to this post.

#3 bilbo

bilbo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 28 February 2005 - 05:49 PM

Thanks for your response.

When I tried to run msinfo32 I got a message that read " Cannot find the file 'msinfo32' (or one of its components). Make sure the path and filename are corredt and that all required libraries are available."

Is msinfo32 a file that should be present in my Win95 computer?

I did not proceed with the rest of your suggestions because I got stuck on Step 1.

Any other thoughts?

Thanks

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:05 PM

Posted 28 February 2005 - 07:03 PM

Dont worry about the msinfo...continue with the other isntructions

#5 bilbo

bilbo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 01 March 2005 - 12:52 AM

Her's the StartDreck log---I hope it helps to pinpoint the cure.


StartDreck (build 2.1.7 public stable) - 2005-02-28 @ 21:44:16 (GMT -08:00)
Platform: Windows 95 (Win 4.0.1111 :thumbsup:
Internet Explorer: 5.00.2919.6307
Logged in as Windows'95 at WINDOWS'95

舞egistry
舞un Keys
翟urrent User
舞un
+Disabled
舞unOnce
聞efault User
舞un
+Disabled
舞unOnce
腿ocal Machine
舞un
*BrowserWebCheck=loadwc.exe
*Microsoft IntelliType Pro="C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
*WinampAgent="C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
*sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
舞unOnce
舞unServices
舞unServicesOnce
**hf=rundll32 C:\WINDOWS\MSDFMBP.INI,DllGetClassObject
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
+FFCF4F85=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF60B5=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF1021=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF2A89=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFF0EAF9=C:\WINDOWS\EXPLORER.EXE
+FFF0E631=C:\WINDOWS\RUNDLL32.EXE
+FFF0CAE9=C:\WINDOWS\SYSTEM\LOADWC.EXE
+FFF0FC39=C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
+FFF0CDD5=C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
+FFF05BA5=C:\WINDOWS\SYSTEM\QTTASK.EXE
+FFF04C25=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FFF05A81=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FFF1C2E5=C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
+FFCF4255=C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
+FFF26C75=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFF22A6D=C:\WINDOWS\winfile.exe
+FFF3F365=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF35B51=C:\WINDOWS\RUNDLL32.EXE
+FFF40875=C:\WINDOWS\SYSTEM\RPCSS.EXE
+FFF6D885=C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
+FFF6F601=C:\STARDREK\STARTDRECK.EXE
翠pplication specific

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:05 PM

Posted 01 March 2005 - 08:55 AM

1. Download and extract into c:\win98fix the following:

http://www10.brinkster.com/expl0iter/freeatlast/Win98Fix.zip

2. Navigate to the c:\win98fix folder and double-click on the RunFix.reg. If it prompts you to allow it run, say Yes.

3. When that is done reboot your computer.

4. Now find C:\WINDOWS\MSDFMBP.INI which should be visible now and delete the file.

Then,

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1D6D0271-8E86-4F3C-A4FC-3B6BFCD47AF4} - C:\WINDOWS\SYSTEM\HMCOE.DLL
O4 - HKLM\..\Run: [Winkjb] C:\WINDOWS\SYSTEM\Winkjb.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1D6D0271-8E86-4F3C-A4FC-3B6BFCD47AF4} - C:\WINDOWS\SYSTEM\HMCOE.DLL
O4 - HKLM\..\Run: [Winkjb] C:\WINDOWS\SYSTEM\Winkjb.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -

Reboot your computer to go back to normal mode and post a new log.

#7 bilbo

bilbo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 01 March 2005 - 05:57 PM

I downloaded, unzipped, and tried to run RunFix.reg. I am not sure that this program works on my WINDOWS 95 computer because it did not prompt me to allow it to run; instead, it gave me the message "Information in C:\WIN98FIX\WIN98FIX\RUNFIX.REG has been successfully entered into the registry." Is this what we want?

Also, when searching the windows directory I could not find MSDFMBP.INI---the most similar entry which I did find is MSDFMAP.INI. I did not delete this because I am not sure that it is the correct thing to do.

Any suggestions?

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:05 PM

Posted 01 March 2005 - 06:07 PM

Your doing fine.

Download killbox here:

KillBox


Unzip the folder to your desktop.

Start Killbox.exe

When it is open, enter C:\WINDOWS\MSDFMBP.INI into the field labeled "Full path of file to delete".

Select the Delete on reboot option.

Then press the button that looks like a red circle with a white X in it.

Your computer will reboot and check to see if the file is gone.

#9 bilbo

bilbo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 02 March 2005 - 05:14 PM

I ran KillBox as you suggested. I deleted the file MSDFMBP.INI (even though I could not see it in the WINDOWS directory) and selected Delete on reboot

The computer did not automatically reboot, so I rebooted it and checked that C:\windows\msdfmbp.ini was not present. It was not present.

However, the about:blank problem is still with us. As soon as I open Internet Explorer, it hijacks the homepage and I find se.dll in the windows\temp directory and it cannot be removed except in Safe mode.

By deleting se.dll and resetting the homepage I can get the system to behave until the next time I shut off power, and then turn the computer on. If Internet Explorer is not selected, the windows\temp file can be emptied. But as soon as I select Internet Explorer, my homepage is hijacked by about:blank and I find se.dll in the windows\temp file and it cannot be removed except by rebooting in Safe mode.

Any thoughts?

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:05 PM

Posted 02 March 2005 - 05:29 PM

Ok lets do something a bit different. Reboot your computer and when its booting up, tape the F8 key. When the menu opens choose command prompt only.

At the dos prompt type this:

attrib C:\WINDOWS\MSDFMBP.INI and press enter.

It will give you some information. Write that down, reboot and post it here.

#11 bilbo

bilbo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 03 March 2005 - 03:05 PM

I ran attrib c:\windows\msdfmbp.ini using Safe Mode (command prompt only) and got the message "File not found."

What should we try next?

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:05 PM

Posted 04 March 2005 - 12:06 AM

Boot into safe mode and tell me if you can see that file

#13 bilbo

bilbo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 04 March 2005 - 01:15 AM

In safe mode I searched all directories and subdirectories on my computer for msdfmbp.ini and got the message "No matching files were found."

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:05 PM

Posted 04 March 2005 - 09:05 AM

Try this instead. Follow the steps here to delete the file on reboot:

http://www.bleepingcomputer.com/forums/tut...l42.html#delreb

C:\WINDOWS\MSDFMBP.INI

Then post a new log

#15 bilbo

bilbo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 04 March 2005 - 11:56 AM

I could not use the "delete on reboot' tool of HijackThis to remove c:\windows\msdfmbp.ini because when I tried to navigate to the file, it was not listed. When I typed in the file name anyway, I got the message "This file name is not valid." It seems to me that this file does not exist on my computer.

Logfile of HijackThis v1.99.1
Scan saved at 8:27:46 AM, on 3/4/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {EE19D19B-43E0-4681-8037-49B2136E1AD0} - C:\WINDOWS\SYSTEM\CMM.DLL
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - Startup: Pop-Up Stopper.lnk = C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 95\DMHKEY.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .inp: C:\PROGRA~1\INTERN~1\PLUGINS\npincplg.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v11/investor.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = gte.net
O18 - Filter: text/html - {5C3EDF62-46F2-465E-A8DF-5C209CC456F4} - C:\WINDOWS\SYSTEM\CMM.DLL
O18 - Filter: text/plain - {5C3EDF62-46F2-465E-A8DF-5C209CC456F4} - C:\WINDOWS\SYSTEM\CMM.DLL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users