Annoyances.org
Home » Windows Me Discussion Forum » Message 1086365424 Search | Help | Home
  
Tip: Run a free scan for common Windows errors ad

re: About Blank
Friday, June 4, 2004 at 9:10 am
Windows Me Annoyances Discussion Forum
Posted by MrCharlie (4133 messages posted) 

   
Yes, that's the log we want, first thing to be done is clean up some of the other 
crap on the system.
With only HJT running fix these by placing a check mark in the box next to eack of 
these and then hit FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\HGOM.DLL/sp.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\HGOM.DLL/sp.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\LCPG.DLL/sp.html 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\HGOM.DLL/sp.html 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\HGOM.DLL/sp.html 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\LCPG.DLL/sp.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing 

O2 - BHO: (no name) - {F87E1054-EE16-4370-A9EA-9CA1CC222057} - C:\WINDOWS\SYSTEM\GDOC.DLL 

O2 - BHO: (no name) - {92A46B72-99DD-451E-91E4-020A27932BDE} - C:\WINDOWS\SYSTEM\GDOC.DLL 

O2 - BHO: (no name) - {B8C39D6B-D02A-4E60-9057-1E4578A87D17} - C:\WINDOWS\SYSTEM\PNMKE.DLL 

O2 - BHO: (no name) - {A502D346-A554-4E9E-97FE-092DD3B7A9FA} - C:\WINDOWS\SYSTEM\GDLNH.DLL 

O2 - BHO: (no name) - {AA6279C6-B442-4322-8D95-98C48A3BADA3} - C:\WINDOWS\SYSTEM\BPHHJ.DLL 

O2 - BHO: (no name) - {4F440DB5-616A-4FC8-9A7E-51EB117FB7F4} - C:\WINDOWS\SYSTEM\JABCPBA.DLL 

O2 - BHO: (no name) - {01CAF2AB-A29F-45E1-9245-941F89D78324} - C:\WINDOWS\SYSTEM\NJCPM.DLL 

O2 - BHO: (no name) - {8B29B43E-E86B-4913-8E12-53CF51EB08B6} - C:\WINDOWS\SYSTEM\OIBA.DLL 

O2 - BHO: (no name) - {21C0DD84-817D-4765-9600-5C945A21AA8E} - C:\WINDOWS\SYSTEM\OIBA.DLL 

O2 - BHO: (no name) - {38CE9B28-D020-4ECF-9256-7EA97F549E35} - C:\WINDOWS\SYSTEM\HGOM.DLL 

O2 - BHO: (no name) - {52D46487-0543-4FDB-B042-ED05234EA64A} - C:\WINDOWS\SYSTEM\LCPG.DLL 

 O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE

 O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\wininet.exe

O4 - Startup: PowerReg Scheduler.exe

 O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab

Reboot into SafeMode 
and delete these files:
HowToShowHiddenFiles 
- if needed

C:\WINDOWS\SYSUPD.EXE

C:\WINDOWS\System\wininet.exe

PowerReg Scheduler.exe <---may be anywhere


Reboot and run Ad-Aware as outlined below:


First thing to do is click on "Check For Updates Now", download the lastest updates.

Then:

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C: 

Now press "Next" to let Ad-aware scan your drives... 
It will find a number of "bad" files and registry keys. Click 'Next' again
Right-click in that pane and choose "select all"

If it finds "bad" files and registry keys, press "Next" again 
It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot.

Post a fresh HJT log back here when done . MrC















On Friday, June 4, 2004 at 2:25 am, Dan wrote:

>Logfile of HijackThis v1.97.7

>Scan saved at 11:18:40 AM, on 6/4/2004

>Platform: Windows ME (Win9x 4.90.3000)

>MSIE: Internet Explorer v5.50 (5.50.4134.0100)

>

>Running processes:

>C:\WINDOWS\SYSTEM\KERNEL32.DLL

>C:\WINDOWS\SYSTEM\MSGSRV32.EXE

>C:\WINDOWS\SYSTEM\mmtask.tsk

>C:\WINDOWS\SYSTEM\MPREXE.EXE

>C:\WINDOWS\SYSTEM\MSTASK.EXE

>C:\WINDOWS\SYSTEM\SCARDSVR.EXE

>C:\WINDOWS\SYSTEM\STIMON.EXE

>C:\WINDOWS\SYSTEM\DEVLDR16.EXE

>C:\WINDOWS\EXPLORER.EXE

>C:\WINDOWS\TASKMON.EXE

>C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

>C:\WINDOWS\SYSTEM\SYSTRAY.EXE

>C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

>C:\WINDOWS\SYSTEM\HIDSERV.EXE

>C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE

>C:\WINDOWS\SYSTEM\WMIEXE.EXE

>C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

>C:\WINDOWS\SYSTEM\QTTASK.EXE

>C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

>C:\WINDOWS\SYSTEM\WININET.EXE

>C:\WINDOWS\RUNDLL32.EXE

>C:\WINDOWS\SYSTEM\DDHELP.EXE

>C:\SPYWAREGUARD\SGMAIN.EXE

>C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE

>C:\SPYWAREGUARD\SGBHP.EXE

>C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

>C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

>C:\DANIEL\HIJACKTHIS\HIJACKTHIS.EXE

>

>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\HGOM.DLL/sp.html 

>(obfuscated)

>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\HGOM.DLL/sp.html 

>(obfuscated)

>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megavision.com

>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\LCPG.DLL/sp.html 

>(obfuscated)

>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\HGOM.DLL/sp.html 

>(obfuscated)

>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\HGOM.DLL/sp.html 

>(obfuscated)

>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\LCPG.DLL/sp.html 

>(obfuscated)

>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = provided by Community 

>Internet Systems, Inc.

>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

>R3 - Default URLSearchHook is missing

>O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 

>5.0\READER\ACTIVEX\ACROIEHELPER.OCX

>O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL 

>(disabled by BHODemon)

>O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} 

>- C:\SPYWAREGUARD\DLPROTECT.DLL

>O2 - BHO: (no name) - {F87E1054-EE16-4370-A9EA-9CA1CC222057} - C:\WINDOWS\SYSTEM\GDOC.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {92A46B72-99DD-451E-91E4-020A27932BDE} - C:\WINDOWS\SYSTEM\GDOC.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {B8C39D6B-D02A-4E60-9057-1E4578A87D17} - C:\WINDOWS\SYSTEM\PNMKE.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {A502D346-A554-4E9E-97FE-092DD3B7A9FA} - C:\WINDOWS\SYSTEM\GDLNH.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {AA6279C6-B442-4322-8D95-98C48A3BADA3} - C:\WINDOWS\SYSTEM\BPHHJ.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {4F440DB5-616A-4FC8-9A7E-51EB117FB7F4} - C:\WINDOWS\SYSTEM\JABCPBA.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {01CAF2AB-A29F-45E1-9245-941F89D78324} - C:\WINDOWS\SYSTEM\NJCPM.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {8B29B43E-E86B-4913-8E12-53CF51EB08B6} - C:\WINDOWS\SYSTEM\OIBA.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {21C0DD84-817D-4765-9600-5C945A21AA8E} - C:\WINDOWS\SYSTEM\OIBA.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {38CE9B28-D020-4ECF-9256-7EA97F549E35} - C:\WINDOWS\SYSTEM\HGOM.DLL 

>(disabled by BHODemon)

>O2 - BHO: (no name) - {52D46487-0543-4FDB-B042-ED05234EA64A} - C:\WINDOWS\SYSTEM\LCPG.DLL 

>(disabled by BHODemon)

>O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} 

>- C:\WINDOWS\SYSTEM\MSDXM.OCX

>O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL__BHODemonDisabled 

>(file missing)

>O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM 
FILES\MSN 

>TOOLBAR\01.01.1601.0\EN-US\MSNTB.DLL

>O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

>O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

>O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

>O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

>O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

>O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb.exe

>O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

>O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE

>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" 

> -osboot

>O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

>O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE

>O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe

>O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

>O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

>O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

>O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe

>O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec 

>Shared\Script Blocking\SBServ.exe" -reg

>O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE

>O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

>O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\lwtest.exe" 

>/detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"

>O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

>O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\wininet.exe

>O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConnection 

>OfotoNow

>O4 - Startup: BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe

>O4 - Startup: PowerReg Scheduler.exe

>O4 - Startup: SpywareGuard.lnk = C:\SpywareGuard\sgmain.exe

>O9 - Extra button: Hoteles (HKLM)

>O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

>O16 - DPF: {72B09CA7-1B59-454E-95D9-461A9227B785} (UIWrapper Class) - http://webcomp1.mediaring.com/orion/consumer/pcphone/ver1.2.5.0/wbsc125.cab

>O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://voizfone.mediaring.com/webcomp/pcphone/ver3.0.5.0/wbaxuiph305.cab

>O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program 

>Files\AutoCAD 2002\AcPreview.ocx

>O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program 

>Files\AutoCAD 2002\AcDcToday.ocx

>O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program 

>Files\AutoCAD 2002\InstBanr.ocx

>O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program 

>Files\AutoCAD 2002\InstFred.ocx

>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab

>O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

>O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

>O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab

>O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

>O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

>O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - 
http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab

>O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38105.3232175926

>O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - 

>http

>

>Is that what you wanted to see? 

>

>thanks, 

>

>Dan

>

>

>



Written in response to:
re: About Blank (Dan: Friday, June 4, 2004 at 2:25 am)

Responses to this message:
*re: About Blank (Dan: Saturday, June 5, 2004 at 12:38 pm)

All messages in this thread [show all]
-About Blank (Dan: Wed, Jun 2, 2004, 3:27 am)
-re: About Blank (MrCharlie: Wed, Jun 2, 2004, 3:42 pm)
-re: About Blank (Dan: Fri, Jun 4, 2004, 2:25 am)
-re: About Blank (MrCharlie: Fri, Jun 4, 2004, 9:10 am)
-re: About Blank (Dan: Sat, Jun 5, 2004, 12:38 pm)
-re: About Blank (MrCharlie: Sat, Jun 5, 2004, 2:13 pm)
-re: About Blank (Dan: Sun, Jun 6, 2004, 8:28 am)
*re: About Blank (MrCharlie: Sun, Jun 6, 2004, 9:41 am)
-re: About Blank (MrCharlie: Sun, Jun 6, 2004, 9:57 am)
-re: About Blank (Dan: Mon, Jun 7, 2004, 5:20 am)
-re: About Blank (MrCharlie: Mon, Jun 7, 2004, 6:29 pm)
-re: About Blank (Dan: Wed, Jun 9, 2004, 5:45 am)
-re: About Blank (MrCharlie: Wed, Jun 9, 2004, 3:37 pm)
-re: About Blank (Dan: Sat, Jun 12, 2004, 10:36 am)
-re: About Blank (MrCharlie: Sat, Jun 12, 2004, 1:43 pm)
-re: About Blank (Dan: Sun, Jun 13, 2004, 12:54 pm)
*re: About Blank (MrCharlie: Sun, Jun 13, 2004, 6:39 pm)
*re: About Blank (darlene: Wed, Jun 2, 2004, 10:58 pm)
Return to the Windows Me Discussion Forum


All content at Annoyances.org is Copyright © 1995-2008 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.