Jump to content
Compatible Support Forums
Sign in to follow this  
amit123guy

QUESTION REAGRDING EXPLORER;

Recommended Posts

I have a question

When i start up my windows 98SE, A message appears:

TO VIEW THIS FILE YOU HAVE TO BE CONNECTED:((THEN TWO OPTIONS)

WORK OFFLINE TRY AGAIN

I CHOOSE WORK OFFLINE, BUT AFTER THAT I AM UNABLE TO FIND THE EXPLORER PROGRAM LISTED UNDER THE CLOSE PROGRAM DIALOG.(ALT+CTRL+DEL)

Is this an error on my PC?

Thankx.

Amit

Share this post


Link to post

It sounds to me as though a file in your system.ini or registry run keys is linked to something on the web, such as a picture or something.

 

Unfortunately if this is the case it requires going into the registry and having a look. This requires some pretty decent computer knowledge and nerves of steel (not to mention backing up your registry first) Your run keys are located in the registry under \HKEY_CURRENT_USER\

software\Microsoft\Windows\CurrentVersion\Run

in the same section of the registry you will find the runonce and runservices keys, with almost identical keys located at:

 

\HKEY_LOCAL_MACHINE\

software\Microsoft\Windows\CurrentVersion\Run and runonce and runservices

 

The problem is knowing what to delete. You have to be very careful rummaging around in your registry, else your computer may come up with an even more serious error.

Share this post


Link to post

Originally posted by Alec§taar:

Quote:
What can make this EASIER to diagnose, following up on pbuckne's advice to the initial poster? 2 tools, 1 is in your Operating System, & the other is 3rd party:

 

1.) msconfig.exe

 

&/or

 

2.) StartupCPL by Mike Linn

 

smile

 

* Better (for most folks imo) than manually screwing around in regedit.exe & safer, because they allow recovery/undo type work w/out having to export out .reg files & reimport of them if you screwup (IF that is possible & you don't mess up TOO much)...

 

APK

 

 

What is this StartupCPL??? Where can i get it from???

 

 

PBUCKNE::::.

I do have a good PC knowledge....i messed around my Reg for a while and deleted a few keys, i found a culprit called Abode Photoshop..yes not Adobe but Abode i got it deleted and it removed a pop-up that i used to get when i started IE.

 

 

Share this post


Link to post

I got a PC professional to cum an check up my PC. He said all was fine....well it was until an hour before he left...it was back again

 

 

Could it be spyware or Adware???

I have Norton Internet Security 2003 with Anti-Virus...so i'm sure it cant be a virus...

 

ANOTHER QUESTION:-

Can anyone pls tell me how to increase my graphics card's memory via BIOS???

I have an Intel Desktop GFX card 82845G, on Intel Pentium 4...

Share this post


Link to post

Download "Hijack this" from: http://www.spywareinfo.com/~merijn/.

Unzip and start it, then click "Do a system scan only" button. When it is finished scanning, click "Save log" button. Save the "hijackthis.log" file to desktop and post it contents to here.

 

Share this post


Link to post

These are the contents of the log file made by HijackThis v1.99

Quote:
Logfile of HijackThis v1.99.0

Scan saved at 10:17:17 PM, on 2/5/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\180AX.EXE

C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\PROGRAM FILES\POP BLOCKER\UPDATED.DLL

O3 - Toolbar: Game Bar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\WINDOWS\DOWNLO~1\GAMEBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing)

O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.topconverting.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.topconverting.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325

O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab

O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab

O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c11.cab

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/del/loader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/jenky.cab

O18 - Filter: text/plain - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL

O18 - Filter: text/html - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL

 

Share this post


Link to post

These are the contents of the log file made by HijackThis v1.99

Quote:
Logfile of HijackThis v1.99.0

Scan saved at 10:17:17 PM, on 2/5/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\180AX.EXE

C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\PROGRAM FILES\POP BLOCKER\UPDATED.DLL

O3 - Toolbar: Game Bar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\WINDOWS\DOWNLO~1\GAMEBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing)

O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.topconverting.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.topconverting.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325

O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab

O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab

O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c11.cab

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/del/loader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/jenky.cab

O18 - Filter: text/plain - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL

O18 - Filter: text/html - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL

 

Share this post


Link to post

First of all, you have plenty of spy/adware laugh

 

Download Spybot - Search and Destroy, update it and scan your computer in safe mode and internet connection disabled(unplug modem,etc.). Repeat until you are clean.

 

While you are downloading,try terminate this process(press Ctrl+Alt+Del):

 

C:\WINDOWS\180AX.EXE

 

and use hijack's Fix button, for items in quote box.

 

Long version:

Quote:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing)

O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\PROGRAM FILES\POP BLOCKER\UPDATED.DLL

O3 - Toolbar: Game Bar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\WINDOWS\DOWNLO~1\GAMEBAR.DLL

O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing)

O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)

O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.topconverting.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.topconverting.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325

O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab

O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab

O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c11.cab

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/del/loader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/jenky.cab

O18 - Filter: text/plain - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL

O18 - Filter: text/html - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL

 

Short version: everything except Yahoo, Google, Getright related...

 

If I would have this much spy/adware in my PC: format c:

 

smile

Share this post


Link to post

Originally posted by Wilhelmus:

Quote:
First of all, you have plenty of spy/adware laugh

 

Download Spybot - Search and Destroy, update it and scan your computer in safe mode and internet connection disabled(unplug modem,etc.). Repeat until you are clean.

 

While you are downloading,try terminate this process(press Ctrl+Alt+Del):

 

C:\WINDOWS\180AX.EXE

 

and use hijack's Fix button, for items in quote box.

 

Long version:

Quote:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing)

O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\PROGRAM FILES\POP BLOCKER\UPDATED.DLL

O3 - Toolbar: Game Bar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\WINDOWS\DOWNLO~1\GAMEBAR.DLL

O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing)

O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)

O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.topconverting.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.topconverting.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325

O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab

O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab

O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c11.cab

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/del/loader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/jenky.cab

O18 - Filter: text/plain - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL

O18 - Filter: text/html - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL

 

Short version: everything except Yahoo, Google, Getright related...

 

If I would have this much spy/adware in my PC: format c:

 

smile

 

Yeah tell me about it... i have formatted my drive 5 times now!!! and i dont want to repeat it....

Soo i'll try SpyBot... Thanks....

 

 

_________________________END OF THREAD___________________________

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×