Jump to content


Photo

Crazy ABOUT:BLANK


  • This topic is locked This topic is locked
13 replies to this topic

#1 alelp

alelp

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 21 May 2004 - 06:14 PM

I have the about:blank problem. CWShredder appearentley fixed the problem, but it comes back. Spybot still detects DSO Exploit, and the internet dial-up windows appear every time I shutdown or start the PC. PLEASE I NEED HELP


Logfile of HijackThis v1.97.7
Scan saved at 8:01:03 PM, on 21-May-04
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\ALE\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.porloschi...ando=donarFrame
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Investigador (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43...etzip/RdxIE.cab
O16 - DPF: Yahoo! PageBuilder - http://pagebuilder.y...code/client.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = unl.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = unl.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 129.93.1.1

#2 alelp

alelp

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 22 May 2004 - 07:16 PM

Still having the problem. CWShredder is a temporal solution

#3 alelp

alelp

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 22 May 2004 - 07:26 PM

My browser is being directed to following web page
http://searchx.cc

#4 redfive

redfive

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 22 May 2004 - 07:29 PM

Run this SearchX uninstaller -> http://www.five-onli...s/uninstall.exe

Then reboot and run CWShredder again.

#5 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 22 May 2004 - 07:42 PM

Do this:

1.)
GoTo:
Start>run>Type:
msinfo32
*Expand: "Software Environment"
*Expand: "System hooks"
File may be listed As:

-Hook type: Window Procedure
-Hooked by: XXXXX.dll
-Application: RUNDLL32.EXE
-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll
-Application path: C:\WINDOWS\RUNDLL32.EXE

Where XXXXX..dll is the file name.

If So hilite And use edit>copy and post here

2.)
Download: "StartDreck", unzip!
*Don't be f00led by the site's 'unique' interface!!!
http://members.black.../startdreck.htm
DoubleClick: 'StartDreck.exe'
Hit: -config
hit: -Unmark all
Check these boxes only:
Registry->run keys
Registry-> Browser helper objects
System/drivers-> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log!
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#6 alelp

alelp

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 23 May 2004 - 07:12 PM

Freeatlast,
I can expand 'Software ENvironment', but I don't find any 'System Hook' to expand.

#7 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 23 May 2004 - 08:57 PM

You might not have the same variant.
Proceed with step#2.
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#8 alelp

alelp

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 24 May 2004 - 08:44 AM

My StartDreck log file:

StartDreck (build 2.1.5 public BETA) - 2004-05-23 @ 21:19:21
Platform: Windows ME (Win 4.90.3000 )

ğRegistry
ğRun Keys
ğCurrent User
ğRun
*Taskbar Display Controls=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ğRunOnce
ğDefault User
ğRun
*Taskbar Display Controls=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ğRunOnce
ğLocal Machine
ğRun
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*PCHealth=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*hpsysdrv=c:\windows\system\hpsysdrv.exe
*Delay=C:\WINDOWS\delayrun.exe
*MotiveMonitor=C:\Program Files\Motive\motmon.exe
*WorksFUD=C:\Program Files\Microsoft Works\wkfud.exe
*Microsoft Works Portfolio=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
*Microsoft Works Update Detection=C:\Program Files\Microsoft Works\WkDetect.exe
*Adaptec DirectCD=C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*LoadQM=loadqm.exe
*NAV Agent=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
*wcmdmgr=C:\WINDOWS\wt\wcmdmgrl.exe -launch
*Installed=1
*NoChange=1
*Installed=1
*Installed=1
ğRunOnce
ğRunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
*SSDPSRV=C:\WINDOWS\SYSTEM\ssdpsrv.exe
**StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe
*Keyboard Manager=c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
*RNBOStart=C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
ğRunServicesOnce
**xzn=rundll32 C:\WINDOWS\SYSTEM\RESOF.DLL,StreamingDeviceSetup
ğRunOnceEx
ğRunServicesOnceEx
ğBrowser Helper Objects (LM)
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
*{340EEA9C-208E-43AB-A65D-FF33BF534312}
`InprocServer32=C:\WINDOWS\SYSTEM\AEG.DLL
ğFiles
ğSystem/Drivers
ğRunning Processes
*FF8F68C9=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFFA099=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFFC0AD=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFFDAE9=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFE7589=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFFEB179=C:\WINDOWS\SYSTEM\SSDPSRV.EXE
*FFFECE71=C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
*FFFE93F9=C:\WINDOWS\EXPLORER.EXE
*FFFD3569=C:\WINDOWS\RUNDLL32.EXE
*FFFDBB39=C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
*FFFDA3F9=C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
*FFFB2DB5=C:\WINDOWS\TASKMON.EXE
*FFFC3F45=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
*FFFEF65D=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFB7F0D=C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
*FFFAA201=C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
*FFFB6CF1=C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
*FFFBF201=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*FFFBECF5=C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
*FFFA100D=C:\WINDOWS\LOADQM.EXE
*FFFB8C85=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
*FFF90A09=C:\WINDOWS\RunDLL.exe
*FFFAFBB9=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
*FFF997C9=C:\WINDOWS\WT\WCMDMGR.EXE
*FFF8A219=C:\WINDOWS\SYSTEM\SPOOL32.EXE
*FFF8FB19=C:\WINDOWS\SYSTEM\E_S10IC2.EXE
*FFF8DB6D=C:\WINDOWS\SYSTEM\DDHELP.EXE
*FFF6331D=C:\WINDOWS\SYSTEM\RNAAPP.EXE
*FFF66CF9=C:\WINDOWS\SYSTEM\TAPISRV.EXE
*FFF420A9=C:\WINDOWS\SYSTEM\PSTORES.EXE
*FFF30751=C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
*FFF562B9=C:\MY DOCUMENTS\ALE\HIJACKTHIS\STARTDRECK\STARTDRECK.EXE
*FFF4FA2D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
ğApplication specific

#9 alelp

alelp

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 24 May 2004 - 01:52 PM

My StartDreck log file is below. Thank you so much

#10 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 25 May 2004 - 04:08 AM

Interesting.
Your villain is listed in StartDreck, but was not in System hooks?

That's it!

ğRunServicesOnce
**xzn=rundll32 C:\WINDOWS\SYSTEM\
RESOF.DLL,StreamingDeviceSetup

Download and unzip:
http://freeatlast.10...om/Win98Fix.zip

Because you are running WinME, I suggest you restart in Safe mode
to avoid conflicts with various protection,
DoubleClick on: 'RunFix.reg' file, hit 'yes'
on the prompt!
-Restart computer again, Directly into Safe Mode!

Search for:
C:\WINDOWS\SYSTEM\
RESOF.DLL< file, delete it!

While still in Safe mode, delete this file as well:
C:\WINDOWS\SYSTEM\AEG.DLL

Restart and run CWShredder and Ad-aware!
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#11 alelp

alelp

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 25 May 2004 - 11:44 AM

Thank you for your help.
I should mention that, before I used 'runfix.reg', when I run msinfo32,
I got an error message: "Winoldap has caused an error in IPHLPAPI.dll. Winoldap will now close".
There I could find 'Software Environment', but there was no 'System Hook' to expand inside it.
When I closed the "Help and Support" window another error message appeared:
"Helpctr has caused an error in RESOF.dll"
These messages do not appear anymore after I run (in safe mode) 'runfix.reg' and
deleted 'resof.dll' (I did not find any AEG.dll to delete).

Finally, after following all those steps and restarting the PC,
I run CWShredder (it says the PC is clean) and Ad-Aware.
I think this last program, however, finds something,
but I do not know if I should fix everything. I am posting the log file below.


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, May 25, 2004 1:18:07 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R310 23.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


25-May-04 1:18:07 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4287591085
Threads : 4
Priority : High
FileSize : 524 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1991-2000
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294949629
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294957769
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:4 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294951053
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:5 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294840337
Threads : 3
Priority : Normal
FileSize : 124 KB
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
Copyright : Copyright © Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:6 [ssdpsrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294843665
Threads : 4
Priority : Normal
FileSize : 54 KB
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
Copyright : Copyright © Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
OriginalFilename : ssdpsrv.exe
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:7 [mmkeybd.exe]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4294881829
Threads : 4
Priority : Normal
FileSize : 556 KB
FileVersion : 3.2.1.9
ProductVersion : 3.2.1.9
Copyright : Copyright
CompanyName : Netropa Corp.
FileDescription : One-touch Multimedia Keyboard
InternalName : MMKEYBD
OriginalFilename : MMKEYBD.EXE
ProductName : One-touch Multimedia Keyboard
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 24-Oct-00 3:10:22 PM

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294889313
Threads : 19
Priority : Normal
FileSize : 220 KB
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
Copyright : Copyright © Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:9 [keybdmgr.exe]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4294888309
Threads : 1
Priority : Normal
FileSize : 99 KB
FileVersion : 3.0.0
ProductVersion : 3.0.0
Copyright : Copyright
CompanyName : Netropa Corp.
FileDescription : Keyboard Manager
InternalName : Keyboard Manager
OriginalFilename : KeybdMgr.exe
ProductName : Keyboard Manager
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 24-Oct-00 2:45:44 PM

#:10 [osd.exe]
FilePath : C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\
ProcessID : 4294846009
Threads : 1
Priority : Normal
FileSize : 84 KB
FileVersion : 2.01
ProductVersion : 2.01
Copyright : Copyright
CompanyName : Netropa Corp.
FileDescription : Netropa™ Onscreen Display
InternalName : OSD
OriginalFilename : osd.exe
ProductName : Onscreen Display
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 22-Sep-00 1:57:10 PM

#:11 [mmusbkb2.exe]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4294771077
Threads : 1
Priority : Normal
FileSize : 44 KB
FileVersion : 1.1
ProductVersion : 1.1
Copyright : Copyright
CompanyName : Netropa Corporation
FileDescription : USB Multimedia Keyboard Driver 2
InternalName : mmusbkb2
OriginalFilename : mmusbkb2.exe
ProductName : USB Multimedia Keyboard Driver 2
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 15-Jun-99 2:46:48 PM

#:12 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294816425
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:13 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294736273
Threads : 2
Priority : Normal
FileSize : 36 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:14 [hpsysdrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294722177
Threads : 1
Priority : Normal
FileSize : 51 KB
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
Copyright : Copyright
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
OriginalFilename : hpsysdrv.exe
ProductName : hpsysdrv
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 07-May-98 12:04:38 PM

#:15 [motmon.exe]
FilePath : C:\PROGRAM FILES\MOTIVE\
ProcessID : 4294763753
Threads : 3
Priority : Idle
FileSize : 136 KB
FileVersion : 3.02.01.20000518_111104
ProductVersion : 3.02.01
Copyright : Copyright 1998, 1999, 2000
CompanyName : Motive Communications, Inc.
FileDescription : Motive Monitor Service
InternalName : 3.02.01.20000518_111104
OriginalFilename : motmon
ProductName : Motive System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 18-May-00 2:56:44 PM

#:16 [stmgr.exe]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294761821
Threads : 5
Priority : Normal
FileSize : 60 KB
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
Copyright : Copyright © Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
OriginalFilename : StateMgr.exe
ProductName : Microsoft ® PCHealth
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:17 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294755477
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:18 [directcd.exe]
FilePath : C:\PROGRAM FILES\ADAPTEC\DIRECTCD\
ProcessID : 4294664877
Threads : 1
Priority : Normal
FileSize : 1100 KB
FileVersion : 3.01e (187S)
ProductVersion : 3.01e (187S)
Copyright : Copyright © 1996-2000 Adaptec, Inc.
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : DirectCD.EXE
ProductName : DirectCD
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 12-Apr-01 8:06:02 PM

#:19 [loadqm.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294640941
Threads : 3
Priority : Normal
FileSize : 7 KB
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
OriginalFilename : LOADQM.EXE
ProductName : QMgr Loader
Created on : 04-Apr-02 11:30:10 PM
Last accessed : 25-May-04 3:00:00 AM
Last modified : 03-May-00 8:23:10 PM

#:20 [rundll.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294655697
Threads : 1
Priority : Normal
FileSize : 4 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1991-1998
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:21 [wcmdmgr.exe]
FilePath : C:\WINDOWS\WT\
ProcessID : 4294649025
Threads : 2
Priority : Idle
FileSize : 40 KB
FileVersion : 2.0.3.0
ProductVersion : 2.0.3.0
Copyright : Copyright © WildTangent Inc. 1999-2000
CompanyName : WildTangent, Inc.
FileDescription : wcmdmgr
InternalName : wcmdmgr
OriginalFilename : wcmdmgr.exe
ProductName : WildTangent wcmdmgr
Created on : 04-Oct-01 4:41:30 PM
Last accessed : 25-May-04 3:00:00 AM
Last modified : 15-Sep-00 12:13:58 PM

#:22 [msnmsgr.exe]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294735613
Threads : 1
Priority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04-Mar-04 6:01:00 PM
Last accessed : 25-May-04 3:00:00 AM
Last modified : 04-Mar-04 6:01:00 PM

#:23 [spool32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294584365
Threads : 2
Priority : Normal
FileSize : 44 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1994 - 1998
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
OriginalFilename : spool32.exe
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:24 [e_s10ic2.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294617209
Threads : 1
Priority : Normal
FileSize : 67 KB
FileVersion : 3.00
ProductVersion : 3.00
Copyright : Copyright © SEIKO EPSON CORP. 2001
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
OriginalFilename : E_S10IC2.EXE
ProductName : EPSON Status Monitor 3
Created on : 04-Sep-02 10:11:39 PM
Last accessed : 25-May-04 3:00:00 AM
Last modified : 19-Jan-01 6:00:00 AM

#:25 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294683585
Threads : 3
Priority : Realtime
FileSize : 45 KB
FileVersion : 4.07.01.3000
ProductVersion : 4.07.01.3000
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:26 [winmgmt.exe]
FilePath : C:\WINDOWS\SYSTEM\WBEM\
ProcessID : 4294561481
Threads : 3
Priority : Normal
FileSize : 192 KB
FileVersion : 1.50.1164.0000
ProductVersion : 1.50.1164.0000
Copyright : Copyright © Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:27 [rnaapp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294754237
Threads : 2
Priority : Normal
FileSize : 56 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1992-1996
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
OriginalFilename : RNAAPP.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:28 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294500321
Threads : 5
Priority : Normal
FileSize : 120 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright © Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Microsoft
InternalName : Telephony Service
OriginalFilename : TAPISRV.EXE
ProductName : Microsoft® Windows® Millennium Operating System
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 08-Jun-00 8:00:00 PM

#:29 [backweb.exe]
FilePath : C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\
ProcessID : 4294416985
Threads : 10
Priority : Normal
FileSize : 2804 KB
FileVersion : Version 5.5 SP1 (Build 5870R)
ProductVersion : Version 5.5 SP1 (Build 5870R)
CompanyName : BackWeb Technologies Inc.
FileDescription : BackWeb
InternalName : BackWeb
OriginalFilename : BACKWEB.EXE
ProductName : BackWeb
Created on : 01-Jan-01
Last accessed : 25-May-04 3:00:00 AM
Last modified : 09-Mar-00 9:21:54 AM

#:30 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294626657
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 25-May-04 4:14:40 PM
Last accessed : 25-May-04 3:00:00 AM
Last modified : 13-Jul-03 12:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{28f00b04-dc4e-11d3-abec-005004a44eeb}


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{28f00b20-dc4e-11d3-abec-005004a44eeb}


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{28f00b21-dc4e-11d3-abec-005004a44eeb}


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.configurator


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.configurator.1


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.transportcenter


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.transportcenter.1


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.userregrequest


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.userregrequest.1


Hi-Wire Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\HIWIRE


Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 12
Objects found so far: 12


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 13


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : alejandro onofri@adserver.terra[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 24-May-04 11:39:46 PM
Last accessed : 24-May-04 3:00:00 AM
Last modified : 24-May-04 11:39:48 PM



Tracking Cookie Object recognized!
Type : File
Data : alejandro onofri@as1.falkag[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 24-May-04 1:56:03 PM
Last accessed : 24-May-04 3:00:00 AM
Last modified : 24-May-04 1:56:04 PM



Tracking Cookie Object recognized!
Type : File
Data : alejandro onofri@adserver.terra.com[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 24-May-04 11:43:44 PM
Last accessed : 24-May-04 3:00:00 AM
Last modified : 24-May-04 11:43:46 PM


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout


Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 17


1:20:32 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:02:24:830
Objects scanned :43800
Objects identified :17
Objects ignored :0
New objects :17

#12 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 25 May 2004 - 12:01 PM

There are only 13 items listed for fixing in Ad-Aware!

*Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 13

The rest are tracking cookies!
Safely fix everything!
Ad-Aware quarantines the items and backs them up, anyway!

As for your errors,
Most were result of that super 'hidden'
villain. It tends to crash everything!
WinME has built in system protection that Win98
doesn't, I wasn't sure if the fix would be as succesful, but
by the fact you
were able to find and delete the RESOF.dll, it was! ;)


Consider yourself lucky now! :ph34r:
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#13 alelp

alelp

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 25 May 2004 - 03:04 PM

It seems the PC is clean now. Hope the About:blank page doesn't come back!

THANK YOU VERY MUCH!

#14 Daemon

Daemon

    Security Expert

  • Emeritus
  • PipPipPipPipPip
  • 3,350 posts

Posted 29 May 2004 - 08:04 AM

Glad we could help :D

As this problem has been resolved the topic will be closed. If you need this topic reopened, please click here to email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button