Jump to content


Photo

about blank


  • Please log in to reply
13 replies to this topic

#1 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 31 May 2004 - 11:50 PM

I have been running adaware, and spybot but still some how my homepage has got hijacked. I have done everything as far as I know how in instructions and still have it in the system. There don't appear to be any nasties hidden within "about blank" but one could never be sure. It is still a pain and i don't want or need it. Please help! Have included logfile and startup list from Hijack this.TIA.

Logfile of HijackThis v1.97.7
Scan saved at 2:14:41 PM, on 1/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Vet\VetTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Totem Shared\Uninstall0003\upd.exe
C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\Outlook Express\msimn.exe
C:\DOCUME~1\kristy\MYDOCU~1\MAILME~1\iexplore.exe
C:\Documents and Settings\kristy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nmmlnc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nmmlnc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nmmlnc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nmmlnc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nmmlnc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nmmlnc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0E0CE3DF-88B9-40CC-888E-6E801D1A14CD} - C:\WINDOWS\System32\nmmlnc.dll (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B04E870E-6654-4C7C-9D7F-F3473644B776} - C:\WINDOWS\System32\nmmlnc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [Uninstall0003] "C:\Program Files\Common Files\Totem Shared\Uninstall0003\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe " /AllUsers
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [C-Media Mixer] "Mixer.exe " /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1074856747157
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...280/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D99C0E1-69B7-4C3B-9C96-8F9830B5789C}: NameServer = 203.49.70.92 139.134.2.190

StartupList report, 1/06/2004, 2:28:50 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\kristy\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Vet\VetTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Totem Shared\Uninstall0003\upd.exe
C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\kristy\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WorksFUD = "C:\Program Files\Microsoft Works\wkfud.exe"
VetTray = C:\Vet\VetTray.exe
Uninstall0003 = "C:\Program Files\Common Files\Totem Shared\Uninstall0003\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
Uninstall0002 = "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
Share-to-Web Namespace Daemon = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
RealTray = C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Microsoft Works Portfolio = "C:\Program Files\Microsoft Works\WksSb.exe " /AllUsers
IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
HPDJ Taskbar Utility = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe"
C-Media Mixer = "Mixer.exe " /startup
AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
Ad-aware = "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\System32\nmmlnc.dll (disabled by BHODemon) - {0E0CE3DF-88B9-40CC-888E-6E801D1A14CD}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\System32\nmmlnc.dll - {B04E870E-6654-4C7C-9D7F-F3473644B776}

--------------------------------------------------

Enumerating Task Scheduler jobs:

{F897AA24-BDC3-11D1-B85B-00C04FB93981}_USER-776DZY9CBO_kristy.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.micros...tes/ieawsdc.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1074856747157

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akama...meInstaller.exe

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[MSN File Upload Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MsnUpld.dll
CODEBASE = http://sc.groups.msn...eUC/MsnUpld.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://sc.groups.msn...UC/MsnPUpld.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...280/mcfscan.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,206 bytes
Report generated in 0.079 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#2 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 03 June 2004 - 04:21 AM

I would like to add to above- I am using XP and when i click on "Control
Panel, User Accounts" the about blank web page appears in window. Does this give any clue as to where suspect code is hidden? Please, someone, help me!

#3 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 03 June 2004 - 03:05 PM

Bump.

#4 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 04 June 2004 - 06:22 PM

I have run dllfix progs 1 and 2. Message comes back all ok. On restart about ******blank still there! Please can someone help me?

#5 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 05 June 2004 - 01:04 AM

bump

#6 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 05 June 2004 - 06:41 AM

Is there anyone out there? This really is driving me nuts! I have read other forums. Hllfix doesn't come up with suspect files as it has in other cases but IT IS STILL THERE!

#7 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 05 June 2004 - 09:32 PM

bump again.

#8 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 07 June 2004 - 09:14 PM

bump yet again

#9 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 08 June 2004 - 06:54 AM

Hey guys- I'm still struggling with this! I can see that you are very busy but will continue to hang on.

#10 Subratam

Subratam

    Silent Assasinator

  • Retired Staff
  • PipPipPipPip
  • 284 posts

Posted 08 June 2004 - 07:02 AM

Download this file from http://downloads.sub....org/dllfix.exe .

Preferably to Desktop. Double click on it and it being a self -extractor, will create its own folder. Run Start.Bat from there. Run Option 1. which is "Run Find-All... ". Let it complete and there will be a pop-up window with a log.
Post that log here.

[ Tutorial - http://forums.subrat...p?showtopic=583 with screenshots for better understanding. Follow upto step 5 ]

Regards
http://blog.emsisoft.com
www.Emsisoft.com

#11 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 10 June 2004 - 05:08 AM

--==***@@@ FIND-ALL' VERSION MODIFIED -5/27 @@@***==--
--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

Thu 10/06/2004
08:06 PM

System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "" (D09E:2611) - FS:NTFS clusters:4k
Total: 41 159 266 304 [38G] - Free: 26 460 237 824 [25G]


*IE version and Service packs:
6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe
*Notepad version :
5.1.2600.0 C:\WINDOWS\system32\notepad.exe
5.1.2600.0 C:\WINDOWS\notepad.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;Q832894;Q831167;



Locked or 'Suspect' file(s) found...


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"Appinit_Dlls"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ReadMe-BHODemon]
@="This BHO has been enabled by BHODemon."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E0CE3DF-88B9-40CC-888E-6E801D1A14CD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E0CE3DF-88B9-40CC-888E-6E801D1A14CD}\ReadMe-BHODemon]
@="This BHO has been enabled by BHODemon."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ReadMe-BHODemon]
@="This BHO has been enabled by BHODemon."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1486CC3-6BED-4026-AFF0-CD5ED968A3F3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1486CC3-6BED-4026-AFF0-CD5ED968A3F3}\ReadMe-BHODemon]
@="This BHO has been disabled by BHODemon."

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{D43C6DC8-6A8D-497C-A24A-524BD4C1D7DD}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{D43C6DC8-6A8D-497C-A24A-524BD4C1D7DD}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ

*Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM




#12 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 12 June 2004 - 12:34 AM

Bump.

#13 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 13 June 2004 - 07:50 PM

please fellas- can I bump again. In hope and anticipation. About blank is still alive and well in australia!

#14 feral

feral

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 16 June 2004 - 04:56 AM

At long last i seem to be free of about blank. The latest update from Ad-aware identified some new objects. Dll fix ensured removal. Thanks to all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button