amit123guy 0 Posted January 30, 2005 I have a question When i start up my windows 98SE, A message appears: TO VIEW THIS FILE YOU HAVE TO BE CONNECTED:((THEN TWO OPTIONS) WORK OFFLINE TRY AGAIN I CHOOSE WORK OFFLINE, BUT AFTER THAT I AM UNABLE TO FIND THE EXPLORER PROGRAM LISTED UNDER THE CLOSE PROGRAM DIALOG.(ALT+CTRL+DEL) Is this an error on my PC? Thankx. Amit Share this post Link to post
pbuckne 0 Posted February 1, 2005 It sounds to me as though a file in your system.ini or registry run keys is linked to something on the web, such as a picture or something. Unfortunately if this is the case it requires going into the registry and having a look. This requires some pretty decent computer knowledge and nerves of steel (not to mention backing up your registry first) Your run keys are located in the registry under \HKEY_CURRENT_USER\ software\Microsoft\Windows\CurrentVersion\Run in the same section of the registry you will find the runonce and runservices keys, with almost identical keys located at: \HKEY_LOCAL_MACHINE\ software\Microsoft\Windows\CurrentVersion\Run and runonce and runservices The problem is knowing what to delete. You have to be very careful rummaging around in your registry, else your computer may come up with an even more serious error. Share this post Link to post
amit123guy 0 Posted February 1, 2005 Originally posted by Alec§taar: Quote: What can make this EASIER to diagnose, following up on pbuckne's advice to the initial poster? 2 tools, 1 is in your Operating System, & the other is 3rd party: 1.) msconfig.exe &/or 2.) StartupCPL by Mike Linn * Better (for most folks imo) than manually screwing around in regedit.exe & safer, because they allow recovery/undo type work w/out having to export out .reg files & reimport of them if you screwup (IF that is possible & you don't mess up TOO much)... APK What is this StartupCPL??? Where can i get it from??? PBUCKNE::::. I do have a good PC knowledge....i messed around my Reg for a while and deleted a few keys, i found a culprit called Abode Photoshop..yes not Adobe but Abode i got it deleted and it removed a pop-up that i used to get when i started IE. Share this post Link to post
amit123guy 0 Posted February 2, 2005 I got a PC professional to cum an check up my PC. He said all was fine....well it was until an hour before he left...it was back again Could it be spyware or Adware??? I have Norton Internet Security 2003 with Anti-Virus...so i'm sure it cant be a virus... ANOTHER QUESTION:- Can anyone pls tell me how to increase my graphics card's memory via BIOS??? I have an Intel Desktop GFX card 82845G, on Intel Pentium 4... Share this post Link to post
amit123guy 0 Posted February 2, 2005 And oh...i got Startup CPL and removed all of my startup files....but still it continues.... Share this post Link to post
Wilhelmus 1 Posted February 5, 2005 Download "Hijack this" from: http://www.spywareinfo.com/~merijn/. Unzip and start it, then click "Do a system scan only" button. When it is finished scanning, click "Save log" button. Save the "hijackthis.log" file to desktop and post it contents to here. Share this post Link to post
amit123guy 0 Posted February 7, 2005 These are the contents of the log file made by HijackThis v1.99 Quote: Logfile of HijackThis v1.99.0 Scan saved at 10:17:17 PM, on 2/5/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\180AX.EXE C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\PROGRAM FILES\POP BLOCKER\UPDATED.DLL O3 - Toolbar: Game Bar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\WINDOWS\DOWNLO~1\GAMEBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing) O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.topconverting.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325 O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c11.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/del/loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/jenky.cab O18 - Filter: text/plain - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL O18 - Filter: text/html - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL Share this post Link to post
amit123guy 0 Posted February 7, 2005 These are the contents of the log file made by HijackThis v1.99 Quote: Logfile of HijackThis v1.99.0 Scan saved at 10:17:17 PM, on 2/5/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\180AX.EXE C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\PROGRAM FILES\POP BLOCKER\UPDATED.DLL O3 - Toolbar: Game Bar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\WINDOWS\DOWNLO~1\GAMEBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing) O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.topconverting.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325 O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c11.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/del/loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/jenky.cab O18 - Filter: text/plain - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL O18 - Filter: text/html - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL Share this post Link to post
Wilhelmus 1 Posted February 7, 2005 First of all, you have plenty of spy/adware Download Spybot - Search and Destroy, update it and scan your computer in safe mode and internet connection disabled(unplug modem,etc.). Repeat until you are clean. While you are downloading,try terminate this process(press Ctrl+Alt+Del): C:\WINDOWS\180AX.EXE and use hijack's Fix button, for items in quote box. Long version: Quote: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing) O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\PROGRAM FILES\POP BLOCKER\UPDATED.DLL O3 - Toolbar: Game Bar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\WINDOWS\DOWNLO~1\GAMEBAR.DLL O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing) O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing) O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU) O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.topconverting.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325 O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c11.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/del/loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/jenky.cab O18 - Filter: text/plain - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL O18 - Filter: text/html - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL Short version: everything except Yahoo, Google, Getright related... If I would have this much spy/adware in my PC: format c: Share this post Link to post
amit123guy 0 Posted February 8, 2005 Originally posted by Wilhelmus: Quote: First of all, you have plenty of spy/adware Download Spybot - Search and Destroy, update it and scan your computer in safe mode and internet connection disabled(unplug modem,etc.). Repeat until you are clean. While you are downloading,try terminate this process(press Ctrl+Alt+Del): C:\WINDOWS\180AX.EXE and use hijack's Fix button, for items in quote box. Long version: Quote: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing) O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\PROGRAM FILES\POP BLOCKER\UPDATED.DLL O3 - Toolbar: Game Bar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\WINDOWS\DOWNLO~1\GAMEBAR.DLL O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBDLG32.DLL (file missing) O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing) O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU) O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.topconverting.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325 O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c11.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://217.73.66.1/del/loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.tamilcinema.com/wfplayer/tdserver.cab O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/jenky.cab O18 - Filter: text/plain - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL O18 - Filter: text/html - {920EE8E6-ED00-4C0E-8E3D-32F5D5841412} - C:\WINDOWS\SYSTEM\LEFL.DLL Short version: everything except Yahoo, Google, Getright related... If I would have this much spy/adware in my PC: format c: Yeah tell me about it... i have formatted my drive 5 times now!!! and i dont want to repeat it.... Soo i'll try SpyBot... Thanks.... _________________________END OF THREAD___________________________ Share this post Link to post