PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Windows XP > Windows XP Internet Explorer > about::blank and possible virus???

Reply
Thread Tools Rate Thread

about::blank and possible virus???

 
 
Michele
Guest
Posts: n/a
 
      24th May 2004
Hello -
i am pulling my hair out here and wondering if someone can help.
i am running windows xp on our home pc and have developed a nasty
virus.
i naively was in the "it won't happen to me camp", but now intend on
getting a subscription to anti-virus (norton) utility once we get out
of this mess.

symptoms:
about::blank screen in IE (6.0) even after repeatedly changing to
something else
pop-ups, mostly having to do with warnings of spyware on our machine
somewhat degraded performance

attempted fixes:
spyblaster
spy bot - each time i run this, it finds a thing or two (or 11) -
initially this fixed a much bigger problem we had where the machine
was grudgingly slow, but the about::blank thing remains
i tried to install the windows SP1, i get an error saying that there
is a dll being used by another program (even though nothing else is
open). i tried running in safe mode with networking and cannot get to
the MS site for the download

i did hijack this and tried to remove the about::blank, but i'm sure
there are others i could get rid of that i don't know about. here's
the log...
if anyone could point me in the right direction, I would be eternally
grateful!

Logfile of HijackThis v1.97.7
Scan saved at 9:32:15 AM, on 5/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\michele\local settings\temp\tn1y.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\ncompxp3.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\dhbrwsr.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\pstorsvc.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\System32\msgked.exe
C:\Documents and Settings\Michele\Application Data\ttuh.exe
C:\WINDOWS\System32\wnstssu.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ANGWRBKL.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\FkkE1.exe
C:\WINDOWS\System32\Juiw50.exe
C:\Documents and Settings\Michele\Local Settings\Temp\Temporary
Directory 6 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://search123.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
R3 - URLSearchHook: IncrediFindBHO Class -
{4FC95EDD-4796-4966-9049-29649C80111D} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} -
C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} -
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} -
C:\WINDOWS\System32\mskpkc.dll
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} -
C:\WINDOWS\System32\msibkd.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {B26FEAE7-5101-4CED-9868-A9B20AB3AEB3} -
C:\WINDOWS\System32\meafn.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -
C:\WINDOWS\dealhlpr.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -
C:\WINDOWS\System32\msnkmi.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10}
- C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -
C:\WINDOWS\dealhlpr.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program
Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program
Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tn1y] C:\documents and settings\michele\local
settings\temp\tn1y.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [wtsbwdcr] C:\WINDOWS\wtsbwdcr.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Preu0YNR.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [0Foh37P] ncompxp3.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [ANGWRBKL] C:\WINDOWS\System32\ANGWRBKL.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pstorsvc] C:\WINDOWS\System32\pstorsvc.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Michele\Application
Data\ttuh.exe
O4 - HKCU\..\Run: [WNSA] C:\WINDOWS\System32\wnstssu.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX
Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) -
http://mn101.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/173bd73c65a2b96...p/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.co...130.5124768519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software
XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
 
Reply With Quote
 
 
 
 
Jesse Hand
Guest
Posts: n/a
 
      24th May 2004
I read recently that when you run the latest version of adaware that
about:blank come up as a false positive. I would check their forums for more
info.

--

-Jesse

http://www.pixelpages.net/conservativemind

Disclaimer: Spelling & grammar errors are made on purpose for those who are
fulfilled by correcting others.


"Michele" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello -
> i am pulling my hair out here and wondering if someone can help.
> i am running windows xp on our home pc and have developed a nasty
> virus.
> i naively was in the "it won't happen to me camp", but now intend on
> getting a subscription to anti-virus (norton) utility once we get out
> of this mess.
>
> symptoms:
> about::blank screen in IE (6.0) even after repeatedly changing to
> something else
> pop-ups, mostly having to do with warnings of spyware on our machine
> somewhat degraded performance
>
> attempted fixes:
> spyblaster
> spy bot - each time i run this, it finds a thing or two (or 11) -
> initially this fixed a much bigger problem we had where the machine
> was grudgingly slow, but the about::blank thing remains
> i tried to install the windows SP1, i get an error saying that there
> is a dll being used by another program (even though nothing else is
> open). i tried running in safe mode with networking and cannot get to
> the MS site for the download
>
> i did hijack this and tried to remove the about::blank, but i'm sure
> there are others i could get rid of that i don't know about. here's
> the log...
> if anyone could point me in the right direction, I would be eternally
> grateful!
>
> Logfile of HijackThis v1.97.7
> Scan saved at 9:32:15 AM, on 5/24/2004
> Platform: Windows XP (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 (6.00.2600.0000)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\Microsoft Shared\Works
> Shared\WkUFind.exe
> C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
> C:\PROGRA~1\NORTON~1\navapw32.exe
> C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
> C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
> C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\documents and settings\michele\local settings\temp\tn1y.exe
> C:\WINDOWS\System32\IEHost.exe
> C:\WINDOWS\System32\ncompxp3.exe
> C:\Program Files\AutoUpdate\AutoUpdate.exe
> C:\WINDOWS\system32\pcs\pcsvc.exe
> C:\Program Files\Common Files\Dpi\dpi.exe
> C:\WINDOWS\dhbrwsr.exe
> C:\Program Files\Microsoft Money\System\Money Express.exe
> C:\WINDOWS\System32\ctfmon.exe
> C:\WINDOWS\System32\pstorsvc.exe
> C:\Program Files\Outlook Express\MSIMN.EXE
> C:\WINDOWS\System32\msgked.exe
> C:\Documents and Settings\Michele\Application Data\ttuh.exe
> C:\WINDOWS\System32\wnstssu.exe
> C:\Program Files\Common Files\Microsoft Shared\Works
> Shared\wkcalrem.exe
> C:\PROGRA~1\Iomega\System32\AppServices.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\System32\ANGWRBKL.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Iomega\AutoDisk\ADService.exe
> C:\WINDOWS\System32\FkkE1.exe
> C:\WINDOWS\System32\Juiw50.exe
> C:\Documents and Settings\Michele\Local Settings\Temp\Temporary
> Directory 6 for hijackthis.zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
> http://search123.biz/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dellnet.com
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
> = res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dellnet.com
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
> = res://C:\WINDOWS\System32\meafn.dll/sp.html (obfuscated)
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
> about:blank
> R3 - URLSearchHook: IncrediFindBHO Class -
> {4FC95EDD-4796-4966-9049-29649C80111D} -
> C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
> O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} -
> C:\Program Files\ClearSearch\CSIE.DLL
> O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} -
> C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
> O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} -
> C:\WINDOWS\System32\mskpkc.dll
> O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} -
> C:\WINDOWS\System32\msibkd.dll
> O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} -
> C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
> C:\WINDOWS\2_0_1browserhelper2.dll
> O2 - BHO: (no name) - {B26FEAE7-5101-4CED-9868-A9B20AB3AEB3} -
> C:\WINDOWS\System32\meafn.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -
> C:\WINDOWS\dealhlpr.dll
> O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -
> C:\WINDOWS\System32\msnkmi.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
> C:\Program Files\Microsoft Money\System\mnyviewer.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: Norton AntiVirus -
> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10}
> - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
> O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -
> C:\WINDOWS\dealhlpr.dll
> O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
> Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
> initialize
> O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
> Creator 5\DirectCD\DirectCD.exe"
> O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
> O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch
> Jukebox\mm_tray.exe
> O4 - HKLM\..\Run: [ADUserMon] C:\Program
> Files\Iomega\AutoDisk\ADUserMon.exe
> O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
> Files\Iomega\Common\ImgStart.exe
> O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
> Files\Iomega\DriveIcons\ImgIcon.exe
> O4 - HKLM\..\Run: [Deskup] C:\Program
> Files\Iomega\DriveIcons\deskup.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [tn1y] C:\documents and settings\michele\local
> settings\temp\tn1y.exe
> O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
> O4 - HKLM\..\Run: [wtsbwdcr] C:\WINDOWS\wtsbwdcr.exe
> O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Preu0YNR.exe
> O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
> O4 - HKLM\..\Run: [0Foh37P] ncompxp3.exe
> O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
> Files\AutoUpdate\AutoUpdate.exe"
> O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
> O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
> O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
> O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
> O4 - HKLM\..\Run: [ANGWRBKL] C:\WINDOWS\System32\ANGWRBKL.exe
> O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
> Money\System\Money Express.exe"
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
> O4 - HKCU\..\Run: [pstorsvc] C:\WINDOWS\System32\pstorsvc.exe
> O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
> O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Michele\Application
> Data\ttuh.exe
> O4 - HKCU\..\Run: [WNSA] C:\WINDOWS\System32\wnstssu.exe
> O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
> present
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
> present
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
> O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
> O9 - Extra button: Research (HKLM)
> O9 - Extra button: Related (HKLM)
> O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
> O9 - Extra button: MoneySide (HKLM)
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
> http://www.apple.com/qtactivex/qtplugin.cab
> O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX
> Control) - http://www.ipix.com/viewers/ipixx.cab
> O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) -
> http://mn101.coolsavings.com/download/cscmv5X.cab
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> http://207.188.7.150/173bd73c65a2b96...p/RdxIE601.cab
> O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
>
http://v4.windowsupdate.microsoft.co...130.5124768519
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
> Object) -
http://download.macromedia.com/pub/s...sh/swflash.cab
> O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software
> XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
 
Reply With Quote
Reply

« Internet Options on Tools Menu | AdultArtel »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
About:blank virus - my attemps to kill it zalek Windows XP General 2 28th May 2005 05:19 AM
about:blank virus/spyware =?Utf-8?B?SW5kaWFuRnJpZW5k?= Windows XP General 6 29th Mar 2005 07:05 AM
about blank virus-how to get rid of it! RiverMan Windows XP General 15 1st Mar 2005 01:43 PM
about:blank virus... =?Utf-8?B?QmVu?= Windows XP Internet Explorer 1 5th Jan 2005 02:43 PM
HELP About:blank virus... nothing seems to work! Barry Rothstein Anti-Virus 4 9th Dec 2004 04:11 AM


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 02:12 AM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top