|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
01-06-2008, 06:29 AM
|
#21 (permalink) |
|
Registered User
Join Date: Aug 2006
Posts: 31
OS: Win98SE
|
Re: IE browser hijacked - home page problem
Oh Ried I'm so embarrassed......
My son paid one of his bi-annual visits after the new year. He's not an expert by any means but compared to me he is Einstein! With the benefit of hands-on to the computer he found that 'some how' an IE shortcut was (re?)placed on my Start bar, when he right clicked on it and selected Properties there it was, the offending URL which he was able to change... I am soooo sorry to have wasted your time especially when there are so many others needing your valuable expertise. I appreciate greatly your perseverance and help. I wish you and the team a Happy and Prosperous New Year. Thanks and regards, CB. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-06-2008, 08:59 PM
|
#22 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,962
OS: WinXP and Vista
|
Re: IE browser hijacked - home page problem
Hi CB,
Quote:
 Please, do not be embarrassed--not at all. You're correct that only so much can be done from my end without being in front of your computer. Thank you so much for posting the solution to this. I'm not likely to forget it, and I'm sure it will help anyone who may come across this sort of issue in the future.  By any chance, did you run Strartdreck.exe before your son deleted that? I'd be interested in knowing if that website showed up in that scan. Last edited by Ried; 01-06-2008 at 09:00 PM. |
|
|
|
|
|
01-22-2008, 10:15 AM
|
#23 (permalink) |
|
Registered User
Join Date: Aug 2006
Posts: 31
OS: Win98SE
|
Re: IE browser hijacked - home page problem
Hi Ried, I'm sorry to be so late in replying. Santa came late and brought me a nice shiny new Toshiba laptop
 so I've been playing with that. I hadn't done either of the things that you asked me to do before it arrived but I the least I can do is give them a whirl so I did just that. The two logs are below:"Silent Runners.vbs", revision 55, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CountrySelection" = "pctptt.exe" ["PCtel, Inc."] "PTSNOOP" = "ptsnoop.exe" [file not found] "LoadQM" = "loadqm.exe" [MS] "TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS] "SystemTray" = "SysTray.Exe" [MS] "Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "vptray" = "C:\PROGRA~1\SYMANT~1\VPTRAY.EXE" ["Symantec Corporation"] "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "GSICONEXE" = "GSICON.EXE" [null data] "DSLAGENTEXE" = "DSLAGENT.EXE" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakLogon" [MS] "ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] "ccSetMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] "(Default)" = (empty string) [file not found] "defwatch" = "C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE" ["Symantec Corporation"] "rtvscn95" = "C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE" ["Symantec Corporation"] "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "SchedulingAgent" = "C:\WINDOWS\SYSTEM\mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {604B283A-4E26-4504-98E7-72859F949547}\(Default) = (no title provided) -> {HKLM...CLSID} = "Hitware Popup Killer Lite" \InProcServer32\(Default) = "C:\PROGRA~1\HITWAR~1\SYPCMS.DLL" ["RIGHT Utilities Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet" -> {HKLM...CLSID} = "Nero Shell Extension Property Sheet" \InProcServer32\(Default) = "C:\Program Files\ahead\Nero\neroshx.dll" ["ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de"] "{7850a720-705f-11d0-a9eb-0080488625e5}" = "BestCrypt Shell Extension" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Exchange" -> {HKLM...CLSID} = "Inbox" \InProcServer32\(Default) = "C:\Program Files\Windows Messaging\mlshext.dll" [MS] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode" -> {HKLM...CLSID} = "Microsoft Office Binder Explode" \InProcServer32\(Default) = "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\olkfstub.dll" [MS] "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" = "Evidence Eliminator Shell Extension" -> {HKLM...CLSID} = "Eeshellx.ShellExt" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\EESHELLX.DLL" ["evidence-eliminator.com"] "{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera" -> {HKLM...CLSID} = "My Digital Camera" \InProcServer32\(Default) = "C:\Program Files\PhotoDeluxe HE 3.1\FotoNation Explorer\camview.dll" ["FotoNation Inc."] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ WinZip\(Default) = "{e0d79300-84be-11ce-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\wzshlext.dll" ["Nico Mak Computing, Inc."] BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] Evidence Eliminator\(Default) = "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" -> {HKLM...CLSID} = "Eeshellx.ShellExt" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\EESHELLX.DLL" ["evidence-eliminator.com"] 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] Evidence Eliminator\(Default) = "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" -> {HKLM...CLSID} = "Eeshellx.ShellExt" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\EESHELLX.DLL" ["evidence-eliminator.com"] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] System Policies {policy setting}: --------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoStartBanner" = (REG_BINARY) hex:00 00 00 00 {Remove "Click here to begin" from Start button} "CDRAutoRun" = (REG_BINARY) hex:00 00 00 00 {unrecognized setting} "EditLevel" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoRun" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoClose" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoFileMenu" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_BINARY) hex:01 00 00 00 {unrecognized setting} "NoBandCustomize" = (REG_DWORD) dword:0x00000000 {Disable customizing browser toolbars} "NoToolbarCustomize" = (REG_DWORD) dword:0x00000000 {Disable customizing browser toolbar buttons} "ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoBandCustomize" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoToolbarCustomize" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "NoDispCPL" = (REG_DWORD) dword:0x00000000 {Disable Display in Control Panel} "DisableTaskMgr" = (REG_DWORD) dword:0x00000000 {Remove Task Manager} "NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000 {Hide Background tab} HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ "NoSplash" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoJITSetup" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ "NoSplash" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoJITSetup" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by System Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Displayed if Active Desktop disabled and wallpaper not set by System Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "FriendlyName" = "" "Source" = "C:\WINDOWS\TEMP\8e1e20c71.html" "SubscribedURL" = "C:\WINDOWS\TEMP\8e1e20c71.html" WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\3DMAZE~1.SCR" (3D Maze.scr) [MS] Enabled Scheduled Tasks: ------------------------ "Systray" -> launches: "C:\WINDOWS\SYSTEM\Systray.exe" [MS] "Explorer" -> launches: "C:\WINDOWS\Explorer.exe" [MS] "Integrity Client" -> launches: "C:\PROGRA~1\ZONELA~1\INTEGR~1\ICLIENT.EXE" [file not found] "Windows Critical Update Notification" -> launches: "C:\WINDOWS\SYSTEM\WUCRTUPD.EXE" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark X73 LanguageMonitor\Driver = "lxarlmon.dll" ["Lexmark International Inc. "] Lexmark Network Printer Monitor\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] ---------- (launch time: 2008-01-22 17:03:51) + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 23 seconds. ---------- (total run time: 70 seconds) "Silent Runners.vbs", revision 55, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CountrySelection" = "pctptt.exe" ["PCtel, Inc."] "PTSNOOP" = "ptsnoop.exe" [file not found] "LoadQM" = "loadqm.exe" [MS] "TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS] "SystemTray" = "SysTray.Exe" [MS] "Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "vptray" = "C:\PROGRA~1\SYMANT~1\VPTRAY.EXE" ["Symantec Corporation"] "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "GSICONEXE" = "GSICON.EXE" [null data] "DSLAGENTEXE" = "DSLAGENT.EXE" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakLogon" [MS] "ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] "ccSetMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] "(Default)" = (empty string) [file not found] "defwatch" = "C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE" ["Symantec Corporation"] "rtvscn95" = "C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE" ["Symantec Corporation"] "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "SchedulingAgent" = "C:\WINDOWS\SYSTEM\mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {604B283A-4E26-4504-98E7-72859F949547}\(Default) = (no title provided) -> {HKLM...CLSID} = "Hitware Popup Killer Lite" \InProcServer32\(Default) = "C:\PROGRA~1\HITWAR~1\SYPCMS.DLL" ["RIGHT Utilities Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet" -> {HKLM...CLSID} = "Nero Shell Extension Property Sheet" \InProcServer32\(Default) = "C:\Program Files\ahead\Nero\neroshx.dll" ["ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de"] "{7850a720-705f-11d0-a9eb-0080488625e5}" = "BestCrypt Shell Extension" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Exchange" -> {HKLM...CLSID} = "Inbox" \InProcServer32\(Default) = "C:\Program Files\Windows Messaging\mlshext.dll" [MS] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode" -> {HKLM...CLSID} = "Microsoft Office Binder Explode" \InProcServer32\(Default) = "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\olkfstub.dll" [MS] "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" = "Evidence Eliminator Shell Extension" -> {HKLM...CLSID} = "Eeshellx.ShellExt" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\EESHELLX.DLL" ["evidence-eliminator.com"] "{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera" -> {HKLM...CLSID} = "My Digital Camera" \InProcServer32\(Default) = "C:\Program Files\PhotoDeluxe HE 3.1\FotoNation Explorer\camview.dll" ["FotoNation Inc."] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ WinZip\(Default) = "{e0d79300-84be-11ce-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\wzshlext.dll" ["Nico Mak Computing, Inc."] BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] Evidence Eliminator\(Default) = "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" -> {HKLM...CLSID} = "Eeshellx.ShellExt" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\EESHELLX.DLL" ["evidence-eliminator.com"] 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] Evidence Eliminator\(Default) = "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" -> {HKLM...CLSID} = "Eeshellx.ShellExt" \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\EESHELLX.DLL" ["evidence-eliminator.com"] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] System Policies {policy setting}: --------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoStartBanner" = (REG_BINARY) hex:00 00 00 00 {Remove "Click here to begin" from Start button} "CDRAutoRun" = (REG_BINARY) hex:00 00 00 00 {unrecognized setting} "EditLevel" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoRun" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoClose" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoFileMenu" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_BINARY) hex:01 00 00 00 {unrecognized setting} "NoBandCustomize" = (REG_DWORD) dword:0x00000000 {Disable customizing browser toolbars} "NoToolbarCustomize" = (REG_DWORD) dword:0x00000000 {Disable customizing browser toolbar buttons} "ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoBandCustomize" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoToolbarCustomize" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "NoDispCPL" = (REG_DWORD) dword:0x00000000 {Disable Display in Control Panel} "DisableTaskMgr" = (REG_DWORD) dword:0x00000000 {Remove Task Manager} "NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000 {Hide Background tab} HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ "NoSplash" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoJITSetup" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ "NoSplash" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoJITSetup" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by System Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Displayed if Active Desktop disabled and wallpaper not set by System Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "FriendlyName" = "" "Source" = "C:\WINDOWS\TEMP\8e1e20c71.html" "SubscribedURL" = "C:\WINDOWS\TEMP\8e1e20c71.html" WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\3DMAZE~1.SCR" (3D Maze.scr) [MS] Enabled Scheduled Tasks: ------------------------ "Systray" -> launches: "C:\WINDOWS\SYSTEM\Systray.exe" [MS] "Explorer" -> launches: "C:\WINDOWS\Explorer.exe" [MS] "Integrity Client" -> launches: "C:\PROGRA~1\ZONELA~1\INTEGR~1\ICLIENT.EXE" [file not found] "Windows Critical Update Notification" -> launches: "C:\WINDOWS\SYSTEM\WUCRTUPD.EXE" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark X73 LanguageMonitor\Driver = "lxarlmon.dll" ["Lexmark International Inc. "] Lexmark Network Printer Monitor\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] ---------- (launch time: 2008-01-22 17:03:51) + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 23 seconds. ---------- (total run time: 70 seconds) StartDreck (build 2.1.7 public stable) - 2008-01-22 @ 17:10:01 (GMT +00:00) Platform: Windows 98 SE (Win 4.10.2222 A) Internet Explorer: 6.0.2800.1106 Logged in as Arwen at EVENSTAR »Registry »Run Keys »Current User »Run »RunOnce »Default User »Run »RunOnce »Local Machine »Run *CountrySelection=pctptt.exe *PTSNOOP=ptsnoop.exe *LoadQM=loadqm.exe *TaskMonitor=C:\WINDOWS\taskmon.exe *SystemTray=SysTray.Exe *Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *vptray=C:\PROGRA~1\SYMANT~1\VPTRAY.EXE *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *GSICONEXE=GSICON.EXE *DSLAGENTEXE=DSLAGENT.EXE +KeyMaestro *PowerEnable= +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices *Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakLogon *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" *defwatch=C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE *rtvscn95=C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *SchedulingAgent=C:\WINDOWS\SYSTEM\mstask.exe »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %* +.htm *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.html *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.js *JSFile=C:\WINDOWS\WScript.exe "%1" %* +.jse *JSEFile=C:\WINDOWS\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=C:\WINDOWS\NOTEPAD.EXE %1 +.vbs *VBSFile=C:\WINDOWS\WScript.exe "%1" %* +.vbe *VBEFile=C:\WINDOWS\WScript.exe "%1" %* +.wsh *WSHFile=C:\WINDOWS\WScript.exe "%1" %* +.wsf *WSFFile=C:\WINDOWS\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Windows Setup - Applets/AppletsPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf +Windows Setup - Fonts/FontsPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf +Internet Connection Wizard/{5A8D6EE0-3E18-11D0-821E-444553540000} *StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36 +PerUser_ICW_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf +Internet Explorer 6 and Internet Tools/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383} +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395} *StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36 +Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06} *StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf +Windows Setup - System Information/PerUser_Msinfo *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf +Windows Setup - System Information/PerUser_Msinfo2 *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf +Windows Setup - Multimedia/MotownMmsysPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Multimedia/MotownAvivideoPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Multimedia/MmoptPreferredAudioDevices *StubPath=rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,@0,SPCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\BUS_00&DEV_09&FUNC_00 +Windows Setup - Messaging/PerUser_Base *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf +Windows Setup - Shell/ShellPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf +Windows Setup - Color Schemes/Shell2PerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf +Windows Setup - Start Menu/PerUser_winbase_Links *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf +Windows Setup - Start Menu/PerUser_winapps_Links *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf +Windows Setup - Links Bar/PerUser_LinkBar_URLs *StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe /L +Windows Setup - Telephony Support/TapiPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf +Windows Setup - More Applets/PerUserOldLinks *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf +Windows Setup - Sound Schemes/MmoptRegisterPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf +Windows Setup - Online Services/OlsPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - Paint/PerUser_Paint_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf +Windows Setup - Calculator/PerUser_Calc_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf +Windows Setup - FAT32 Converter/PerUser_CVT_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf +Windows Setup - Multimedia/MotownRecPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Volume Control/PerUser_Vol *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Multimedia/MotownMPlayPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf +Windows Setup - Wordpad/PerUser_MSWordPad_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf +Windows Setup - Dial-Up Networking/PerUser_RNA_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf +Windows Setup - Phone Dialer/PerUser_Dialer_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C} +Microsoft FrontPage Express/{E4066320-E4AE-11CF-B1B0-00AA00BBAD66} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpxprs16.inf,PerUserStub +Windows Setup - CD Player/PerUser_CDPlayer_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf +NetMeeting 3.0/{44BBA842-CC51-11CF-AAFA-00AA00B6015C} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95 +Windows Setup - America Online/OlsAolPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - AT&T WorldNet Service/OlsAttPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - CompuServe/OlsCompuservePerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - Prodigy Internet/OlsProdigyPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - The Microsoft Network/OlsMsnPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf +Default Channel Setup/Chlen-us *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chlen-us.inf,InstallUser +Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplay98.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02} +Web Folders/{73FA19D0-2D75-11D2-995D-00C04F98BBC9} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1 +MSN-Migration/>PerUser_MSN_Clean *StubPath=C:\WINDOWS\msnmgsr1.exe +Windows Setup - Direct Cable Connection/PerUser_DCC_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf +Windows Setup -- Themes/Theme_Windows_PerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS\INF\themes.inf +Windows Setup -- Themes/Theme_MoreWindows_PerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf +CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} *StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub +>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} *StubPath=C:\WINDOWS\inf\unregmp2.exe /ShowWMP +{89B4C1CD-B018-4511-B0A1-5476DBF70820} *StubPath=C:\WINDOWS\SYSTEM\Rundll32.exe C:\WINDOWS\SYSTEM\mscories.dll,Install +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP »Browser Helper Objects (LM) *RUPK.RUPK/{604B283A-4E26-4504-98E7-72859F949547} `InprocServer32=C:\PROGRA~1\HITWAR~1\SYPCMS.DLL *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL »Internet Explorer »Current User *Local Page=C:\WINDOWS\SYSTEM\blank.htm *Search Bar=http://search.msn.com/spbasic.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.google.com/ *Window Title= +SearchUrl *=http://home.microsoft.com/access/autosearch.asp?p=%s * =+ *&=%26 *+=%2B *#=%23 *?=%3F *==%3D *Provider= »Default User *Local Page=C:\WINDOWS\SYSTEM\blank.htm *Search Bar=http://search.msn.com/spbasic.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.google.com/ *Window Title= +SearchUrl *=http://home.microsoft.com/access/autosearch.asp?p=%s * =+ *&=%26 *+=%2B *#=%23 *?=%3F *==%3D *Provider= »Local Machine *Default_Page_URL=http://www.msn.com *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=C:\WINDOWS\SYSTEM\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home *Window Title= *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=C:\WINDOWS\SYSTEM\WEBCHECK.DLL »Special NT Values »Current User *Load= *Run= *Programs= *SHELL= »Default User *Load= *Run= *Programs= *SHELL= »Local Machine *AppInit_DLLs= *SHELL= *Userinit= »Files »Autostart Folders »Current User »Default User »Local Machine »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\msdos.sys `;FORMAT `[Paths] `WinDir=C:\WINDOWS `WinBootDir=C:\WINDOWS `HostWinBootDrv=C `UninstallDir=C:\ `[Options] `BootMulti=1 `BootGUI=1 `DoubleBuffer=1 `AutoScan=1 `WinVer=4.10.2222 `; `;The following lines are required for compatibility with other programs. `;Do not remove them (MSDOS.SYS needs to be >1024 bytes). `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs *C:\config.sys `DEVICE=c:\windows\himem.sys `DEVICE=c:\windows\emm386.exe noems I=B000-B7FF `DEVICE=C:\CDPRO\VIDE-CDD.SYS /D:MSCD001 `DEVICE=C:\SAMSUNG\SSCDROM.SYS /D:SSCD000 /v `FILES=100 `BUFFERS=40 `DOS=HIGH,UMB `BREAK=ON `LASTDRIVE=Z *C:\autoexec.bat `@SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1 `keyb uk,,C:\WINDOWS\COMMAND\keyboard.sys `SET PATH=C:\WINDOWS\SYSTEM\WBEM;%PATH% *C:\WINDOWS\wininit.bak `[rename] `NUL=c:\windows\cookies\arwen@tribalfusion[2].txt `NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE *C:\WINDOWS\dosstart.bat `C:\WINDOWS\COMMAND\MSCDEX/D:SSCD000 »Program Files *C:\io.sys *C:\WINDOWS\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\COMMAND.COM *C:\WINDOWS\COMMAND.PIF *C:\WINDOWS\COMMAND.COM +C:\WINDOWS\iextract.exe *C:\WINDOWS\COMMAND\IEXTRACT.EXE »System/Drivers »Running Processes +FFCFB575=C:\WINDOWS\SYSTEM\KERNEL32.DLL +FFFF82DD=C:\WINDOWS\SYSTEM\MSGSRV32.EXE +FFFE744D=C:\WINDOWS\SYSTEM\MPREXE.EXE +FFFE6A99=C:\WINDOWS\SYSTEM\mmtask.tsk +FFFEF711=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE +FFFEEC29=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE +FFFED0B1=C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE +FFFEC571=C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE +FFFD7579=C:\WINDOWS\SYSTEM\MSTASK.EXE +FFFC7F11=C:\WINDOWS\EXPLORER.EXE +FFFC4679=C:\WINDOWS\SYSTEM\SYSTRAY.EXE +FFFC4B81=C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE +FFFB76F5=C:\WINDOWS\SYSTEM\WMIEXE.EXE +FFFB10B9=C:\WINDOWS\LOADQM.EXE +FFFB0B31=C:\WINDOWS\TASKMON.EXE +FFFBD2C1=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE +FFFBCA01=C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE +FFFB02A5=C:\WINDOWS\SYSTEM\GSICON.EXE +FFFA6591=C:\WINDOWS\SYSTEM\DSLAGENT.EXE +FFF808D9=C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE +FFF731FD=C:\WINDOWS\SYSTEM\PSTORES.EXE +FFF7F8B1=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE +FFF6D419=C:\WINDOWS\SYSTEM\DDHELP.EXE +FFF4EBA9=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE +FFF31EF1=C:\STARTDRECK\STARTDRECK.EXE »VMM32Files (LM) *vdd.vxd= *vflatd.vxd= *vshare.vxd= *vwin32.vxd= *vfbackup.vxd= *vcomm.vxd= *combuff.vxd= *vcd.vxd= *vpd.vxd= *spooler.vxd= *udf.vxd= *vfat.vxd= *vcache.vxd= *vcond.vxd= *vcdfsd.vxd= *int13.vxd= *vxdldr.vxd= *vdef.vxd= *dynapage.vxd= *configmg.vxd= *ntkern.vxd= *ebios.vxd= *vmd.vxd= *dosnet.vxd= *vpicd.vxd= *vtd.vxd= *reboot.vxd= *vdmad.vxd= *vsd.vxd= *v86mmgr.vxd= *pageswap.vxd= *dosmgr.vxd= *vmpoll.vxd= *shell.vxd= *parity.vxd= *biosxlat.vxd= *vmcpd.vxd= *vtdapi.vxd= *perf.vxd= *vkd.vxd= *vmouse.vxd= *mtrr.vxd= *enable.vxd= »%System%\VMM32 *C:\WINDOWS\SYSTEM\VMM32\IFSMGR.VXD *C:\WINDOWS\SYSTEM\VMM32\IOS.VXD *C:\WINDOWS\SYSTEM\VMM32\QEMMFIX.VXD »%System%\IOSUBSYS *C:\WINDOWS\SYSTEM\IoSubSys\DISKTSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\DISKVSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\NECATAPI.VXD *C:\WINDOWS\SYSTEM\IoSubSys\SCSI1HLP.VXD *C:\WINDOWS\SYSTEM\IoSubSys\TORISAN3.VXD *C:\WINDOWS\SYSTEM\IoSubSys\VOLTRACK.VXD *C:\WINDOWS\SYSTEM\IoSubSys\SMARTVSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\ESDI_506.PDR *C:\WINDOWS\SYSTEM\IoSubSys\HSFLOP.PDR *C:\WINDOWS\SYSTEM\IoSubSys\RMM.PDR *C:\WINDOWS\SYSTEM\IoSubSys\SCSIPORT.PDR *C:\WINDOWS\SYSTEM\IoSubSys\APIX.VXD *C:\WINDOWS\SYSTEM\IoSubSys\ATAPCHNG.VXD *C:\WINDOWS\SYSTEM\IoSubSys\CDFS.VXD *C:\WINDOWS\SYSTEM\IoSubSys\CDTSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\nerocd95.vxd *C:\WINDOWS\SYSTEM\IoSubSys\bsudf.vxd *C:\WINDOWS\SYSTEM\IoSubSys\CDRBSVSD.vxd *C:\WINDOWS\SYSTEM\IoSubSys\CDVSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\UMAS04CB.VXD *C:\WINDOWS\SYSTEM\IoSubSys\Cdralvsd.vxd *C:\WINDOWS\SYSTEM\IoSubSys\ssoft9x.vxd *C:\WINDOWS\SYSTEM\IoSubSys\Cdr4vsd.vxd *C:\WINDOWS\SYSTEM\IoSubSys\Acbhlpr.vxd *C:\WINDOWS\SYSTEM\IoSubSys\BIGMEM.DRV *C:\WINDOWS\SYSTEM\IoSubSys\umsspdr.pdr *C:\WINDOWS\SYSTEM\IoSubSys\d347prt.pdr »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User *C:\Program Files\Microsoft Office\Office\STARTUP\MSCREATE.DIR *C:\Program Files\Microsoft Office\Office\STARTUP\PDFWriter97.dot »Default User *C:\Program Files\Microsoft Office\Office\STARTUP\MSCREATE.DIR *C:\Program Files\Microsoft Office\Office\STARTUP\PDFWriter97.dot »Local Machine »ICQ NetDetect »Current User »Default User If there is anything untoward in them I'd still like to get this system fixed. Thanks and regards, CB. |
|
|
|
| Thread Tools | |
|
|
