• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
alelp

Crazy ABOUT:BLANK

14 posts in this topic

I have the about:blank problem. CWShredder appearentley fixed the problem, but it comes back. Spybot still detects DSO Exploit, and the internet dial-up windows appear every time I shutdown or start the PC. PLEASE I NEED HELP

 

 

Logfile of HijackThis v1.97.7

Scan saved at 8:01:03 PM, on 21-May-04

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\HPSYSDRV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MOTIVE\MOTMON.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\E_S10IC2.EXE

C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\MY DOCUMENTS\ALE\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.porloschicos.com/servlet/PorLos...ando=donarFrame

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe

O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Investigador (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/0387cc60eee5dd55f118/netzip/RdxIE.cab

O16 - DPF: Yahoo! PageBuilder - http://pagebuilder.yahoo.com/members/tools...code/client.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = unl.edu

O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = unl.edu

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 129.93.1.1

Share this post


Link to post
Share on other sites

Do this:

 

1.)

GoTo:

Start>run>Type:

msinfo32

*Expand: "Software Environment"

*Expand: "System hooks"

File may be listed As:

 

-Hook type: Window Procedure

-Hooked by: XXXXX.dll

-Application: RUNDLL32.EXE

-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll

-Application path: C:\WINDOWS\RUNDLL32.EXE

 

Where XXXXX..dll is the file name.

 

If So hilite And use edit>copy and post here

 

2.)

Download: "StartDreck", unzip!

*Don't be f00led by the site's 'unique' interface!!!

http://members.blackbox.net/hp_links/21/ni.../startdreck.htm

DoubleClick: 'StartDreck.exe'

Hit: -config

hit: -Unmark all

Check these boxes only:

Registry->run keys

Registry-> Browser helper objects

System/drivers-> Running processes

hit >ok.

 

Use the "save" tab, to save, name and post the log!

Share this post


Link to post
Share on other sites

My StartDreck log file:

 

StartDreck (build 2.1.5 public BETA) - 2004-05-23 @ 21:19:21

Platform: Windows ME (Win 4.90.3000 )

 

»Registry

»Run Keys

»Current User

»Run

*Taskbar Display Controls=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

»RunOnce

»Default User

»Run

*Taskbar Display Controls=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

»RunOnce

»Local Machine

»Run

*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun

*TaskMonitor=C:\WINDOWS\taskmon.exe

*PCHealth=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

*SystemTray=SysTray.Exe

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*hpsysdrv=c:\windows\system\hpsysdrv.exe

*Delay=C:\WINDOWS\delayrun.exe

*MotiveMonitor=C:\Program Files\Motive\motmon.exe

*WorksFUD=C:\Program Files\Microsoft Works\wkfud.exe

*Microsoft Works Portfolio=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

*Microsoft Works Update Detection=C:\Program Files\Microsoft Works\WkDetect.exe

*Adaptec DirectCD=C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE

*LoadQM=loadqm.exe

*NAV Agent=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

*wcmdmgr=C:\WINDOWS\wt\wcmdmgrl.exe -launch

*Installed=1

*NoChange=1

*Installed=1

*Installed=1

»RunOnce

»RunServices

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*SchedulingAgent=mstask.exe

*SSDPSRV=C:\WINDOWS\SYSTEM\ssdpsrv.exe

**StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe

*Keyboard Manager=c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

*RNBOStart=C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE

*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

»RunServicesOnce

**xzn=rundll32 C:\WINDOWS\SYSTEM\RESOF.DLL,StreamingDeviceSetup

»RunOnceEx

»RunServicesOnceEx

»Browser Helper Objects (LM)

*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}

`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll

*{53707962-6F74-2D53-2644-206D7942484F}

`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

*{340EEA9C-208E-43AB-A65D-FF33BF534312}

`InprocServer32=C:\WINDOWS\SYSTEM\AEG.DLL

»Files

»System/Drivers

»Running Processes

*FF8F68C9=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFFA099=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFFC0AD=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFFDAE9=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFE7589=C:\WINDOWS\SYSTEM\MSTASK.EXE

*FFFEB179=C:\WINDOWS\SYSTEM\SSDPSRV.EXE

*FFFECE71=C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

*FFFE93F9=C:\WINDOWS\EXPLORER.EXE

*FFFD3569=C:\WINDOWS\RUNDLL32.EXE

*FFFDBB39=C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

*FFFDA3F9=C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE

*FFFB2DB5=C:\WINDOWS\TASKMON.EXE

*FFFC3F45=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

*FFFEF65D=C:\WINDOWS\SYSTEM\SYSTRAY.EXE

*FFFB7F0D=C:\WINDOWS\SYSTEM\HPSYSDRV.EXE

*FFFAA201=C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

*FFFB6CF1=C:\PROGRAM FILES\MOTIVE\MOTMON.EXE

*FFFBF201=C:\WINDOWS\SYSTEM\WMIEXE.EXE

*FFFBECF5=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

*FFFA100D=C:\WINDOWS\LOADQM.EXE

*FFFB8C85=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

*FFF90A09=C:\WINDOWS\RunDLL.exe

*FFFAFBB9=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

*FFF997C9=C:\WINDOWS\WT\WCMDMGR.EXE

*FFF8A219=C:\WINDOWS\SYSTEM\SPOOL32.EXE

*FFF8FB19=C:\WINDOWS\SYSTEM\E_S10IC2.EXE

*FFF8DB6D=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFF6331D=C:\WINDOWS\SYSTEM\RNAAPP.EXE

*FFF66CF9=C:\WINDOWS\SYSTEM\TAPISRV.EXE

*FFF420A9=C:\WINDOWS\SYSTEM\PSTORES.EXE

*FFF30751=C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE

*FFF562B9=C:\MY DOCUMENTS\ALE\HIJACKTHIS\STARTDRECK\STARTDRECK.EXE

*FFF4FA2D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

»Application specific

Share this post


Link to post
Share on other sites

Interesting.

Your villain is listed in StartDreck, but was not in System hooks?

 

That's it!

 

»RunServicesOnce

**xzn=rundll32 C:\WINDOWS\SYSTEM\

RESOF.DLL,StreamingDeviceSetup

 

Download and unzip:

http://freeatlast.100free.com/Win98Fix.zip

 

Because you are running WinME, I suggest you restart in Safe mode

to avoid conflicts with various protection,

DoubleClick on: 'RunFix.reg' file, hit 'yes'

on the prompt!

-Restart computer again, Directly into Safe Mode!

 

Search for:

C:\WINDOWS\SYSTEM\

RESOF.DLL< file, delete it!

 

While still in Safe mode, delete this file as well:

C:\WINDOWS\SYSTEM\AEG.DLL

 

Restart and run CWShredder and Ad-aware!

Share this post


Link to post
Share on other sites

Thank you for your help.

I should mention that, before I used 'runfix.reg', when I run msinfo32,

I got an error message: "Winoldap has caused an error in IPHLPAPI.dll. Winoldap will now close".

There I could find 'Software Environment', but there was no 'System Hook' to expand inside it.

When I closed the "Help and Support" window another error message appeared:

"Helpctr has caused an error in RESOF.dll"

These messages do not appear anymore after I run (in safe mode) 'runfix.reg' and

deleted 'resof.dll' (I did not find any AEG.dll to delete).

 

Finally, after following all those steps and restarting the PC,

I run CWShredder (it says the PC is clean) and Ad-Aware.

I think this last program, however, finds something,

but I do not know if I should fix everything. I am posting the log file below.

 

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Tuesday, May 25, 2004 1:18:07 PM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R310 23.05.2004

______________________________________________________

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

 

 

25-May-04 1:18:07 PM - Scan started. (Smart mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [kernel32.dll]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4287591085

Threads : 4

Priority : High

FileSize : 524 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1991-2000

CompanyName : Microsoft Corporation

FileDescription : Win32 Kernel core component

InternalName : KERNEL32

OriginalFilename : KERNEL32.DLL

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:2 [msgsrv32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294949629

Threads : 1

Priority : Normal

FileSize : 11 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1992-1998

CompanyName : Microsoft Corporation

FileDescription : Windows 32-bit VxD Message Server

InternalName : MSGSRV32

OriginalFilename : MSGSRV32.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:3 [mmtask.tsk]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294957769

Threads : 1

Priority : Normal

FileSize : 1 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Multimedia background task support module

InternalName : mmtask.tsk

OriginalFilename : mmtask.tsk

ProductName : Microsoft Windows

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:4 [mprexe.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294951053

Threads : 1

Priority : Normal

FileSize : 28 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1993-2000

CompanyName : Microsoft Corporation

FileDescription : WIN32 Network Interface Service Process

InternalName : MPREXE

OriginalFilename : MPREXE.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:5 [mstask.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294840337

Threads : 3

Priority : Normal

FileSize : 124 KB

FileVersion : 4.71.2721.1

ProductVersion : 4.71.2721.1

Copyright : Copyright © Microsoft Corp. 2000

CompanyName : Microsoft Corporation

FileDescription : Task Scheduler Engine

InternalName : TaskScheduler

OriginalFilename : mstask.exe

ProductName : Microsoft

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:6 [ssdpsrv.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294843665

Threads : 4

Priority : Normal

FileSize : 54 KB

FileVersion : 4.90.3000.1

ProductVersion : 4.90.3000.1

Copyright : Copyright © Microsoft Corp. 1981-2000

CompanyName : Microsoft Corporation

FileDescription : SSDP Service on Windows Millennium

InternalName : ssdpsrv.exe

OriginalFilename : ssdpsrv.exe

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:7 [mmkeybd.exe]

FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\

ProcessID : 4294881829

Threads : 4

Priority : Normal

FileSize : 556 KB

FileVersion : 3.2.1.9

ProductVersion : 3.2.1.9

Copyright : Copyright

CompanyName : Netropa Corp.

FileDescription : One-touch Multimedia Keyboard

InternalName : MMKEYBD

OriginalFilename : MMKEYBD.EXE

ProductName : One-touch Multimedia Keyboard

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 24-Oct-00 3:10:22 PM

 

#:8 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 4294889313

Threads : 19

Priority : Normal

FileSize : 220 KB

FileVersion : 5.50.4134.100

ProductVersion : 5.50.4134.100

Copyright : Copyright © Microsoft Corp. 1981-2000

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:9 [keybdmgr.exe]

FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\

ProcessID : 4294888309

Threads : 1

Priority : Normal

FileSize : 99 KB

FileVersion : 3.0.0

ProductVersion : 3.0.0

Copyright : Copyright

CompanyName : Netropa Corp.

FileDescription : Keyboard Manager

InternalName : Keyboard Manager

OriginalFilename : KeybdMgr.exe

ProductName : Keyboard Manager

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 24-Oct-00 2:45:44 PM

 

#:10 [osd.exe]

FilePath : C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\

ProcessID : 4294846009

Threads : 1

Priority : Normal

FileSize : 84 KB

FileVersion : 2.01

ProductVersion : 2.01

Copyright : Copyright

CompanyName : Netropa Corp.

FileDescription : Netropa Onscreen Display

InternalName : OSD

OriginalFilename : osd.exe

ProductName : Onscreen Display

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 22-Sep-00 1:57:10 PM

 

#:11 [mmusbkb2.exe]

FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\

ProcessID : 4294771077

Threads : 1

Priority : Normal

FileSize : 44 KB

FileVersion : 1.1

ProductVersion : 1.1

Copyright : Copyright

CompanyName : Netropa Corporation

FileDescription : USB Multimedia Keyboard Driver 2

InternalName : mmusbkb2

OriginalFilename : mmusbkb2.exe

ProductName : USB Multimedia Keyboard Driver 2

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 15-Jun-99 2:46:48 PM

 

#:12 [taskmon.exe]

FilePath : C:\WINDOWS\

ProcessID : 4294816425

Threads : 1

Priority : Normal

FileSize : 28 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1998

CompanyName : Microsoft Corporation

FileDescription : Task Monitor

InternalName : TaskMon

OriginalFilename : TASKMON.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:13 [systray.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294736273

Threads : 2

Priority : Normal

FileSize : 36 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1993-2000

CompanyName : Microsoft Corporation

FileDescription : System Tray Applet

InternalName : SYSTRAY

OriginalFilename : SYSTRAY.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:14 [hpsysdrv.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294722177

Threads : 1

Priority : Normal

FileSize : 51 KB

FileVersion : 1, 7, 0, 0

ProductVersion : 1, 7, 0, 0

Copyright : Copyright

CompanyName : Hewlett-Packard Company

FileDescription : hpsysdrv

InternalName : hpsysdrv

OriginalFilename : hpsysdrv.exe

ProductName : hpsysdrv

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 07-May-98 12:04:38 PM

 

#:15 [motmon.exe]

FilePath : C:\PROGRAM FILES\MOTIVE\

ProcessID : 4294763753

Threads : 3

Priority : Idle

FileSize : 136 KB

FileVersion : 3.02.01.20000518_111104

ProductVersion : 3.02.01

Copyright : Copyright 1998, 1999, 2000

CompanyName : Motive Communications, Inc.

FileDescription : Motive Monitor Service

InternalName : 3.02.01.20000518_111104

OriginalFilename : motmon

ProductName : Motive System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 18-May-00 2:56:44 PM

 

#:16 [stmgr.exe]

FilePath : C:\WINDOWS\SYSTEM\RESTORE\

ProcessID : 4294761821

Threads : 5

Priority : Normal

FileSize : 60 KB

FileVersion : 4.90.0.2533

ProductVersion : 4.90.0.2533

Copyright : Copyright © Microsoft Corp. 1981-2000

CompanyName : Microsoft Corporation

FileDescription : Microsoft ® PC State Manager

InternalName : StateMgr.exe

OriginalFilename : StateMgr.exe

ProductName : Microsoft ® PCHealth

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:17 [wmiexe.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294755477

Threads : 3

Priority : Normal

FileSize : 16 KB

FileVersion : 4.90.2452.1

ProductVersion : 4.90.2452.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : WMI service exe housing

InternalName : wmiexe

OriginalFilename : wmiexe.exe

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:18 [directcd.exe]

FilePath : C:\PROGRAM FILES\ADAPTEC\DIRECTCD\

ProcessID : 4294664877

Threads : 1

Priority : Normal

FileSize : 1100 KB

FileVersion : 3.01e (187S)

ProductVersion : 3.01e (187S)

Copyright : Copyright © 1996-2000 Adaptec, Inc.

CompanyName : Adaptec

FileDescription : DirectCD Application

InternalName : DirectCD

OriginalFilename : DirectCD.EXE

ProductName : DirectCD

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 12-Apr-01 8:06:02 PM

 

#:19 [loadqm.exe]

FilePath : C:\WINDOWS\

ProcessID : 4294640941

Threads : 3

Priority : Normal

FileSize : 7 KB

FileVersion : 5.4.1103.3

ProductVersion : 5.4.1103.3

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Microsoft QMgr

InternalName : LOADQM.EXE

OriginalFilename : LOADQM.EXE

ProductName : QMgr Loader

Created on : 04-Apr-02 11:30:10 PM

Last accessed : 25-May-04 3:00:00 AM

Last modified : 03-May-00 8:23:10 PM

 

#:20 [rundll.exe]

FilePath : C:\WINDOWS\

ProcessID : 4294655697

Threads : 1

Priority : Normal

FileSize : 4 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1991-1998

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

OriginalFilename : RUNDLL.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:21 [wcmdmgr.exe]

FilePath : C:\WINDOWS\WT\

ProcessID : 4294649025

Threads : 2

Priority : Idle

FileSize : 40 KB

FileVersion : 2.0.3.0

ProductVersion : 2.0.3.0

Copyright : Copyright © WildTangent Inc. 1999-2000

CompanyName : WildTangent, Inc.

FileDescription : wcmdmgr

InternalName : wcmdmgr

OriginalFilename : wcmdmgr.exe

ProductName : WildTangent wcmdmgr

Created on : 04-Oct-01 4:41:30 PM

Last accessed : 25-May-04 3:00:00 AM

Last modified : 15-Sep-00 12:13:58 PM

 

#:22 [msnmsgr.exe]

FilePath : C:\PROGRAM FILES\MSN MESSENGER\

ProcessID : 4294735613

Threads : 1

Priority : Normal

FileSize : 4572 KB

FileVersion : 6.1.0211

ProductVersion : Version 6.1

Copyright : Copyright © Microsoft Corporation 1997-2003

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msnmsgr

OriginalFilename : msnmsgr.exe

ProductName : Messenger

Created on : 04-Mar-04 6:01:00 PM

Last accessed : 25-May-04 3:00:00 AM

Last modified : 04-Mar-04 6:01:00 PM

 

#:23 [spool32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294584365

Threads : 2

Priority : Normal

FileSize : 44 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1994 - 1998

CompanyName : Microsoft Corporation

FileDescription : Spooler Sub System Process

InternalName : spool32

OriginalFilename : spool32.exe

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:24 [e_s10ic2.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294617209

Threads : 1

Priority : Normal

FileSize : 67 KB

FileVersion : 3.00

ProductVersion : 3.00

Copyright : Copyright © SEIKO EPSON CORP. 2001

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S10IC2

OriginalFilename : E_S10IC2.EXE

ProductName : EPSON Status Monitor 3

Created on : 04-Sep-02 10:11:39 PM

Last accessed : 25-May-04 3:00:00 AM

Last modified : 19-Jan-01 6:00:00 AM

 

#:25 [ddhelp.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294683585

Threads : 3

Priority : Realtime

FileSize : 45 KB

FileVersion : 4.07.01.3000

ProductVersion : 4.07.01.3000

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Microsoft DirectX Helper

InternalName : DDHelp.exe

OriginalFilename : DDHelp.exe

ProductName : Microsoft

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:26 [winmgmt.exe]

FilePath : C:\WINDOWS\SYSTEM\WBEM\

ProcessID : 4294561481

Threads : 3

Priority : Normal

FileSize : 192 KB

FileVersion : 1.50.1164.0000

ProductVersion : 1.50.1164.0000

Copyright : Copyright © Microsoft Corp. 1995-1999

CompanyName : Microsoft Corporation

FileDescription : Windows Management Instrumentation

InternalName : WINMGMT

ProductName : Windows Management Instrumentation

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:27 [rnaapp.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294754237

Threads : 2

Priority : Normal

FileSize : 56 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1992-1996

CompanyName : Microsoft Corporation

FileDescription : Dial-Up Networking Application

InternalName : RNAAPP

OriginalFilename : RNAAPP.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:28 [tapisrv.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294500321

Threads : 5

Priority : Normal

FileSize : 120 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1994-1998

CompanyName : Microsoft Corporation

FileDescription : Microsoft

InternalName : Telephony Service

OriginalFilename : TAPISRV.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 08-Jun-00 8:00:00 PM

 

#:29 [backweb.exe]

FilePath : C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\

ProcessID : 4294416985

Threads : 10

Priority : Normal

FileSize : 2804 KB

FileVersion : Version 5.5 SP1 (Build 5870R)

ProductVersion : Version 5.5 SP1 (Build 5870R)

CompanyName : BackWeb Technologies Inc.

FileDescription : BackWeb

InternalName : BackWeb

OriginalFilename : BACKWEB.EXE

ProductName : BackWeb

Created on : 01-Jan-01

Last accessed : 25-May-04 3:00:00 AM

Last modified : 09-Mar-00 9:21:54 AM

 

#:30 [ad-aware.exe]

FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\

ProcessID : 4294626657

Threads : 2

Priority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 25-May-04 4:14:40 PM

Last accessed : 25-May-04 3:00:00 AM

Last modified : 13-Jul-03 12:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{28f00b04-dc4e-11d3-abec-005004a44eeb}

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{28f00b20-dc4e-11d3-abec-005004a44eeb}

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{28f00b21-dc4e-11d3-abec-005004a44eeb}

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : hiwire.configurator

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : hiwire.configurator.1

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : hiwire.transportcenter

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : hiwire.transportcenter.1

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : hiwire.userregrequest

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : hiwire.userregrequest.1

 

 

Hi-Wire Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\HIWIRE

 

 

Alexa Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Internet Explorer\Main

Value : HOMEOldSP

 

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 12

Objects found so far: 12

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 13

 

 

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Tracking Cookie Object recognized!

Type : File

Data : alejandro onofri@adserver.terra[1].txt

Object : C:\WINDOWS\Cookies\

 

Created on : 24-May-04 11:39:46 PM

Last accessed : 24-May-04 3:00:00 AM

Last modified : 24-May-04 11:39:48 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : alejandro onofri@as1.falkag[2].txt

Object : C:\WINDOWS\Cookies\

 

Created on : 24-May-04 1:56:03 PM

Last accessed : 24-May-04 3:00:00 AM

Last modified : 24-May-04 1:56:04 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : alejandro onofri@adserver.terra.com[1].txt

Object : C:\WINDOWS\Cookies\

 

Created on : 24-May-04 11:43:44 PM

Last accessed : 24-May-04 3:00:00 AM

Last modified : 24-May-04 11:43:46 PM

 

 

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

Value : ITBarLayout

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 17

 

 

1:20:32 PM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:02:24:830

Objects scanned :43800

Objects identified :17

Objects ignored :0

New objects :17

Share this post


Link to post
Share on other sites

There are only 13 items listed for fixing in Ad-Aware!

 

*Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 13

 

The rest are tracking cookies!

Safely fix everything!

Ad-Aware quarantines the items and backs them up, anyway!

 

As for your errors,

Most were result of that super 'hidden'

villain. It tends to crash everything!

WinME has built in system protection that Win98

doesn't, I wasn't sure if the fix would be as succesful, but

by the fact you

were able to find and delete the RESOF.dll, it was! ;)

 

 

Consider yourself lucky now! :ph34r:

Share this post


Link to post
Share on other sites

Glad we could help :D

 

As this problem has been resolved the topic will be closed. If you need this topic reopened, please click here to email the moderating team - be sure to include the address of the thread and the name you posted under.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0