View Full Version : Internet Options, About Blank and MSN.
Ben B
July 3rd 04, 06:08 PM
Hello,
I have always used 'About Blank' and I wish to continue
using it. However since a recent repartition, format and
install of WinMe I find MSN declines to let me have the
priviledge of choice. My setting, 'About Blank' is
arbitrarily changed to MSN. This after a a very few uses
of I.E. (version 5.50.4134.100)
I am puzzled by the fact that MSN is the 'Default' in
Internet Options. I wish my choice of 'About Blank' to be
the default!
There must be a way of changing this. In the registry for
instance, or, what would I.E.6 allow - were I to use it?
Thanks.
Ben.
Mike M
July 3rd 04, 06:21 PM
Are you sure about this Ben and that your homepage hasn't been hijacked by
something purporting to be MSN? Incidentally I feel that as a matter of
urgency you need to upgrade your copy of Internet Explorer to either IE5.5 SP2
or better to IE6 SP1.
This would be a good time to download yourself a copy of the free Ad-Aware
6.0 from Lavasoft
(http://www.lavasoftusa.com/software/adaware/) and also SpyBot
(http://www.safer-networking.org/) and scan your system for and remove all
unwanted parasites, adware and spyware that might be hiding on your PC.
I would also suggest you download and run merijn's CWShredder which targets
the CoolWebSearch parasite. CWShredder can be downloaded from
(http://www.zerosrealm.com/downloads/CWShredder.zip or
http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many
forms of the CoolWebSearch hijacker can be found at
http://www.spywareinfo.com/~merijn/cwschronicles.html and also
http://www.pestpatrol.com/pestinfo/c/cws.asp.
Other useful tools include BHODemon
(http://www.definitivesolutions.com/bhodemon.htm that checks for
unwanted Browser Help Objects and SpywareBlaster
(http://www.wilderssecurity.net/spywareblaster.html) which can help prevent
some parasites getting a grip on your PC.
Finally if you still continue to experience problems download a copy of
HijackThis from (http://www.spywareinfo.com/~merijn/downloads.html). Create a
folder called hijackthis on C: and copy the file you downloaded to that
folder. Close as many applications as you can including all instances of
Internet Explorer and then run hijackthis.exe and post back the log, provided
that it isn't too long, to this thread, otherwise to the HijackThis Forum at
http://www.spywareinfo.com/forums/ and hopefully this will enable someone to
identify the cause of your problem.
--?
Mike Maltby MS-MVP
Ben B > wrote:
> Hello,
>
> I have always used 'About Blank' and I wish to continue
> using it. However since a recent repartition, format and
> install of WinMe I find MSN declines to let me have the
> priviledge of choice. My setting, 'About Blank' is
> arbitrarily changed to MSN. This after a a very few uses
> of I.E. (version 5.50.4134.100)
>
> I am puzzled by the fact that MSN is the 'Default' in
> Internet Options. I wish my choice of 'About Blank' to be
> the default!
>
> There must be a way of changing this. In the registry for
> instance, or, what would I.E.6 allow - were I to use it?
Ben B
July 3rd 04, 07:23 PM
Hello Mike,
I will respond to what I think you will agree is the most=20
important issue here. The question of my version of I.E.
I have a post made (regarding my using Windows Updates}=20
immediately following my format and install in which I=20
expressed my difficulty concerning the SP2 installation. I=20
copy it here:
"Subject: Updates will not install after PF and I.=20
From: "Ben B" >=20
Sent: 6/25/2004 12:36:04 PM =20
Hello,
After a partition, format and install I went to the WU=20
site and with a single exception (I.E.6) accepted all the=20
available updates.
I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex Belarc=20
and my computer).
Version of I.E. prior to PF and I : 5.51.4807.2300 (ex=20
Belarc which also shows SP2).
I have the downloaded updates for I.E. Q824145 and Q 832894
and for O.E. Q837009.
None of these will install. The reason given "This update=20
requires I.E.5.5 Service Pack 2 to be installed". The same=20
applies to the O.E. update (sustituting O.E. for I.E.).
I cannot find this update.
Help/guidance appreciated."
****************************
I could not resolve that issue. Hence I am still using the=20
mentioned version. I didn't go to I.E.6 (having tried it=20
out when it first came out I didn't like it).
I use with regularity (daily and updated) the following:
Lavasoft Adaware.
SpybotS & D.
CWShredder.
HijackThis.
SpywareBlaster.
I will add BHODemon.
Lavasoft regularly returns 2 registry entries of "Possible=20
Browser Hijack..." here they are (this half an hour after=20
a previous scan showing them):
Possible Browser Hijack attempt RegData Data Miner=20
HKEY_CURRENT_USER:Software\Microsoft\Internet=20
Explorer\Main"Start Page" ("about:blank") Possible browser=20
hijack attempt=20
Possible Browser Hijack attempt RegData Data Miner=20
HKEY_USERS:.Default\Software\Microsoft\Internet=20
Explorer\Main"Start Page" ("about:blank") Possible browser=20
hijack attempt
I cannot tell the real MSN page from a false one.=20
I do appreciate your post and all it's detail, Mike.
Ben.
>-----Original Message-----
>Are you sure about this Ben and that your homepage hasn't=20
been hijacked by=20
>something purporting to be MSN? Incidentally I feel that=20
as a matter of=20
>urgency you need to upgrade your copy of Internet=20
Explorer to either IE5.5 SP2=20
>or better to IE6 SP1.
>
>This would be a good time to download yourself a copy of=20
the free Ad-Aware
>6.0 from Lavasoft
>(http://www.lavasoftusa.com/software/adaware/) and also=20
SpyBot
>(http://www.safer-networking.org/) and scan your system=20
for and remove all
>unwanted parasites, adware and spyware that might be=20
hiding on your PC.
>
>I would also suggest you download and run merijn's=20
CWShredder which targets
>the CoolWebSearch parasite. CWShredder can be downloaded=20
from
>(http://www.zerosrealm.com/downloads/CWShredder.zip or
>http://www.spywareinfo.com/~merijn/files/cwshredder.zip).=20
Details of the many
>forms of the CoolWebSearch hijacker can be found at
>http://www.spywareinfo.com/~merijn/cwschronicles.html and=20
also
>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>
>Other useful tools include BHODemon
>(http://www.definitivesolutions.com/bhodemon.htm that=20
checks for
>unwanted Browser Help Objects and SpywareBlaster
>(http://www.wilderssecurity.net/spywareblaster.html)=20
which can help prevent
>some parasites getting a grip on your PC.
>
>Finally if you still continue to experience problems=20
download a copy of
>HijackThis from=20
(http://www.spywareinfo.com/~merijn/downloads.html). =20
Create a
>folder called hijackthis on C: and copy the file you=20
downloaded to that
>folder. Close as many applications as you can including=20
all instances of
>Internet Explorer and then run hijackthis.exe and post=20
back the log, provided
>that it isn't too long, to this thread, otherwise to the=20
HijackThis Forum at
>http://www.spywareinfo.com/forums/ and hopefully this=20
will enable someone to
>identify the cause of your problem.
>--=81
>Mike Maltby MS-MVP
>
>
>Ben B > wrote:
>
>> Hello,
>>
>> I have always used 'About Blank' and I wish to continue
>> using it. However since a recent repartition, format and
>> install of WinMe I find MSN declines to let me have the
>> priviledge of choice. My setting, 'About Blank' is
>> arbitrarily changed to MSN. This after a a very few uses
>> of I.E. (version 5.50.4134.100)
>>
>> I am puzzled by the fact that MSN is the 'Default' in
>> Internet Options. I wish my choice of 'About Blank' to=20
be
>> the default!
>>
>> There must be a way of changing this. In the registry=20
for
>> instance, or, what would I.E.6 allow - were I to use it?
>
>.
>
Noel Paton
July 3rd 04, 07:28 PM
Just get the IE6 update, Ben!!
--
Noel Paton (MS-MVP 2002-2004, Win9x)
Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
or
http://www.microsoft.com/presspass/features/2001/Mar01/Mar27pmvp.asp
"Ben B" > wrote in message
...
Hello Mike,
I will respond to what I think you will agree is the most
important issue here. The question of my version of I.E.
I have a post made (regarding my using Windows Updates}
immediately following my format and install in which I
expressed my difficulty concerning the SP2 installation. I
copy it here:
"Subject: Updates will not install after PF and I.
From: "Ben B" >
Sent: 6/25/2004 12:36:04 PM
Hello,
After a partition, format and install I went to the WU
site and with a single exception (I.E.6) accepted all the
available updates.
I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex Belarc
and my computer).
Version of I.E. prior to PF and I : 5.51.4807.2300 (ex
Belarc which also shows SP2).
I have the downloaded updates for I.E. Q824145 and Q 832894
and for O.E. Q837009.
None of these will install. The reason given "This update
requires I.E.5.5 Service Pack 2 to be installed". The same
applies to the O.E. update (sustituting O.E. for I.E.).
I cannot find this update.
Help/guidance appreciated."
****************************
I could not resolve that issue. Hence I am still using the
mentioned version. I didn't go to I.E.6 (having tried it
out when it first came out I didn't like it).
I use with regularity (daily and updated) the following:
Lavasoft Adaware.
SpybotS & D.
CWShredder.
HijackThis.
SpywareBlaster.
I will add BHODemon.
Lavasoft regularly returns 2 registry entries of "Possible
Browser Hijack..." here they are (this half an hour after
a previous scan showing them):
Possible Browser Hijack attempt RegData Data Miner
HKEY_CURRENT_USER:Software\Microsoft\Internet
Explorer\Main"Start Page" ("about:blank") Possible browser
hijack attempt
Possible Browser Hijack attempt RegData Data Miner
HKEY_USERS:.Default\Software\Microsoft\Internet
Explorer\Main"Start Page" ("about:blank") Possible browser
hijack attempt
I cannot tell the real MSN page from a false one.
I do appreciate your post and all it's detail, Mike.
Ben.
>-----Original Message-----
>Are you sure about this Ben and that your homepage hasn't
been hijacked by
>something purporting to be MSN? Incidentally I feel that
as a matter of
>urgency you need to upgrade your copy of Internet
Explorer to either IE5.5 SP2
>or better to IE6 SP1.
>
>This would be a good time to download yourself a copy of
the free Ad-Aware
>6.0 from Lavasoft
>(http://www.lavasoftusa.com/software/adaware/) and also
SpyBot
>(http://www.safer-networking.org/) and scan your system
for and remove all
>unwanted parasites, adware and spyware that might be
hiding on your PC.
>
>I would also suggest you download and run merijn's
CWShredder which targets
>the CoolWebSearch parasite. CWShredder can be downloaded
from
>(http://www.zerosrealm.com/downloads/CWShredder.zip or
>http://www.spywareinfo.com/~merijn/files/cwshredder.zip).
Details of the many
>forms of the CoolWebSearch hijacker can be found at
>http://www.spywareinfo.com/~merijn/cwschronicles.html and
also
>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>
>Other useful tools include BHODemon
>(http://www.definitivesolutions.com/bhodemon.htm that
checks for
>unwanted Browser Help Objects and SpywareBlaster
>(http://www.wilderssecurity.net/spywareblaster.html)
which can help prevent
>some parasites getting a grip on your PC.
>
>Finally if you still continue to experience problems
download a copy of
>HijackThis from
(http://www.spywareinfo.com/~merijn/downloads.html).
Create a
>folder called hijackthis on C: and copy the file you
downloaded to that
>folder. Close as many applications as you can including
all instances of
>Internet Explorer and then run hijackthis.exe and post
back the log, provided
>that it isn't too long, to this thread, otherwise to the
HijackThis Forum at
>http://www.spywareinfo.com/forums/ and hopefully this
will enable someone to
>identify the cause of your problem.
>--?
>Mike Maltby MS-MVP
>
>
>Ben B > wrote:
>
>> Hello,
>>
>> I have always used 'About Blank' and I wish to continue
>> using it. However since a recent repartition, format and
>> install of WinMe I find MSN declines to let me have the
>> priviledge of choice. My setting, 'About Blank' is
>> arbitrarily changed to MSN. This after a a very few uses
>> of I.E. (version 5.50.4134.100)
>>
>> I am puzzled by the fact that MSN is the 'Default' in
>> Internet Options. I wish my choice of 'About Blank' to
be
>> the default!
>>
>> There must be a way of changing this. In the registry
for
>> instance, or, what would I.E.6 allow - were I to use it?
>
>.
>
Mike M
July 3rd 04, 07:41 PM
My only response is that if you have IE v5.5.4134.0100 then you are way way
way out of date, have the original version of IE that was included with Win Me
in July 2000 and are open to 101 different malwares and their innumerable
variations. Which just leaves me to repeat "as a matter of urgency you need
to upgrade your copy of Internet Explorer to either IE5.5 SP2 or better to IE6
SP1"
--
Mike Maltby MS-MVP
Ben B > wrote:
> Hello Mike,
>
> I will respond to what I think you will agree is the most
> important issue here. The question of my version of I.E.
>
> I have a post made (regarding my using Windows Updates}
> immediately following my format and install in which I
> expressed my difficulty concerning the SP2 installation. I
> copy it here:
<snip>
Noel Paton
July 3rd 04, 07:46 PM
"Like wot I told you to do, how many weeks ago??"
Ben - quit stalling and upgrade to IE6!!
--
Noel Paton (MS-MVP 2002-2004, Win9x)
Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
or
http://www.microsoft.com/presspass/features/2001/Mar01/Mar27pmvp.asp
"Mike M" > wrote in message
...
> My only response is that if you have IE v5.5.4134.0100 then you are way
way
> way out of date, have the original version of IE that was included with
Win Me
> in July 2000 and are open to 101 different malwares and their innumerable
> variations. Which just leaves me to repeat "as a matter of urgency you
need
> to upgrade your copy of Internet Explorer to either IE5.5 SP2 or better to
IE6
> SP1"
> --
> Mike Maltby MS-MVP
>
>
>
> Ben B > wrote:
>
> > Hello Mike,
> >
> > I will respond to what I think you will agree is the most
> > important issue here. The question of my version of I.E.
> >
> > I have a post made (regarding my using Windows Updates}
> > immediately following my format and install in which I
> > expressed my difficulty concerning the SP2 installation. I
> > copy it here:
>
> <snip>
>
Ben B
July 3rd 04, 11:00 PM
Humph!
I know a couple of conspirators more devious than myself=20
when I read their writing.
Internet Explorer=20
Q832894 (details...)=20
Q837009 (details...)=20
SP1 (SP1)=20
Microsoft Corporation - Internet Explorer Version=20
6.00.2800.1106 *=20
Courtesy MM.NP and Belarc.
Big sigh,
Ben.
>-----Original Message-----
>Just get the IE6 update, Ben!!
>
>--=20
>Noel Paton (MS-MVP 2002-2004, Win9x)
>
>Nil Carborundum Illegitemi
>http://www.btinternet.com/~winnoel/millsrpch.htm
>
>Please read http://dts-l.org/goodpost.htm on how to post=20
messages to NG's
>or
>http://www.microsoft.com/presspass/features/2001/Mar01/Mar
27pmvp.asp
>
>"Ben B" > wrote in=20
message
...
>Hello Mike,
>
>I will respond to what I think you will agree is the most
>important issue here. The question of my version of I.E.
>
>I have a post made (regarding my using Windows Updates}
>immediately following my format and install in which I
>expressed my difficulty concerning the SP2 installation. I
>copy it here:
>
>"Subject: Updates will not install after PF and I.
> From: "Ben B" >
>Sent: 6/25/2004 12:36:04 PM
>
>Hello,
>
>After a partition, format and install I went to the WU
>site and with a single exception (I.E.6) accepted all the
>available updates.
>
>I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex Belarc
>and my computer).
>
>Version of I.E. prior to PF and I : 5.51.4807.2300 (ex
>Belarc which also shows SP2).
>
>I have the downloaded updates for I.E. Q824145 and Q=20
832894
>and for O.E. Q837009.
>
>None of these will install. The reason given "This update
>requires I.E.5.5 Service Pack 2 to be installed". The same
>applies to the O.E. update (sustituting O.E. for I.E.).
>
>I cannot find this update.
>
>Help/guidance appreciated."
>****************************
>
>I could not resolve that issue. Hence I am still using the
>mentioned version. I didn't go to I.E.6 (having tried it
>out when it first came out I didn't like it).
>
>I use with regularity (daily and updated) the following:
>
>Lavasoft Adaware.
>SpybotS & D.
>CWShredder.
>HijackThis.
>SpywareBlaster.
>
>I will add BHODemon.
>
>Lavasoft regularly returns 2 registry entries of "Possible
>Browser Hijack..." here they are (this half an hour after
>a previous scan showing them):
>
> Possible Browser Hijack attempt RegData Data Miner
>HKEY_CURRENT_USER:Software\Microsoft\Internet
>Explorer\Main"Start Page" ("about:blank") Possible browser
>hijack attempt
> Possible Browser Hijack attempt RegData Data Miner
>HKEY_USERS:.Default\Software\Microsoft\Internet
>Explorer\Main"Start Page" ("about:blank") Possible browser
>hijack attempt
>
>I cannot tell the real MSN page from a false one.
>
>I do appreciate your post and all it's detail, Mike.
>
>Ben.
>
>>-----Original Message-----
>>Are you sure about this Ben and that your homepage hasn't
>been hijacked by
>>something purporting to be MSN? Incidentally I feel that
>as a matter of
>>urgency you need to upgrade your copy of Internet
>Explorer to either IE5.5 SP2
>>or better to IE6 SP1.
>>
>>This would be a good time to download yourself a copy of
>the free Ad-Aware
>>6.0 from Lavasoft
>>(http://www.lavasoftusa.com/software/adaware/) and also
>SpyBot
>>(http://www.safer-networking.org/) and scan your system
>for and remove all
>>unwanted parasites, adware and spyware that might be
>hiding on your PC.
>>
>>I would also suggest you download and run merijn's
>CWShredder which targets
>>the CoolWebSearch parasite. CWShredder can be downloaded
>from
>>(http://www.zerosrealm.com/downloads/CWShredder.zip or
>>http://www.spywareinfo.com/~merijn/files/cwshredder.zip).
> Details of the many
>>forms of the CoolWebSearch hijacker can be found at
>>http://www.spywareinfo.com/~merijn/cwschronicles.html and
>also
>>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>>
>>Other useful tools include BHODemon
>>(http://www.definitivesolutions.com/bhodemon.htm that
>checks for
>>unwanted Browser Help Objects and SpywareBlaster
>>(http://www.wilderssecurity.net/spywareblaster.html)
>which can help prevent
>>some parasites getting a grip on your PC.
>>
>>Finally if you still continue to experience problems
>download a copy of
>>HijackThis from
>(http://www.spywareinfo.com/~merijn/downloads.html).
>Create a
>>folder called hijackthis on C: and copy the file you
>downloaded to that
>>folder. Close as many applications as you can including
>all instances of
>>Internet Explorer and then run hijackthis.exe and post
>back the log, provided
>>that it isn't too long, to this thread, otherwise to the
>HijackThis Forum at
>>http://www.spywareinfo.com/forums/ and hopefully this
>will enable someone to
>>identify the cause of your problem.
>>--=81
>>Mike Maltby MS-MVP
>>
>>
>>Ben B > wrote:
>>
>>> Hello,
>>>
>>> I have always used 'About Blank' and I wish to continue
>>> using it. However since a recent repartition, format=20
and
>>> install of WinMe I find MSN declines to let me have the
>>> priviledge of choice. My setting, 'About Blank' is
>>> arbitrarily changed to MSN. This after a a very few=20
uses
>>> of I.E. (version 5.50.4134.100)
>>>
>>> I am puzzled by the fact that MSN is the 'Default' in
>>> Internet Options. I wish my choice of 'About Blank' to
>be
>>> the default!
>>>
>>> There must be a way of changing this. In the registry
>for
>>> instance, or, what would I.E.6 allow - were I to use=20
it?
>>
>>.
>>
>
>
>.
>
Noel Paton
July 3rd 04, 11:05 PM
That looks a little healthier, Ben! - wasn't *that* painful, was it?
:)
--
Noel Paton (MS-MVP 2002-2004, Win9x)
Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
or
http://www.microsoft.com/presspass/features/2001/Mar01/Mar27pmvp.asp
"Ben B" > wrote in message
...
Humph!
I know a couple of conspirators more devious than myself
when I read their writing.
Internet Explorer
Q832894 (details...)
Q837009 (details...)
SP1 (SP1)
Microsoft Corporation - Internet Explorer Version
6.00.2800.1106 *
Courtesy MM.NP and Belarc.
Big sigh,
Ben.
>-----Original Message-----
>Just get the IE6 update, Ben!!
>
>--
>Noel Paton (MS-MVP 2002-2004, Win9x)
>
>Nil Carborundum Illegitemi
>http://www.btinternet.com/~winnoel/millsrpch.htm
>
>Please read http://dts-l.org/goodpost.htm on how to post
messages to NG's
>or
>http://www.microsoft.com/presspass/features/2001/Mar01/Mar
27pmvp.asp
>
>"Ben B" > wrote in
message
...
>Hello Mike,
>
>I will respond to what I think you will agree is the most
>important issue here. The question of my version of I.E.
>
>I have a post made (regarding my using Windows Updates}
>immediately following my format and install in which I
>expressed my difficulty concerning the SP2 installation. I
>copy it here:
>
>"Subject: Updates will not install after PF and I.
> From: "Ben B" >
>Sent: 6/25/2004 12:36:04 PM
>
>Hello,
>
>After a partition, format and install I went to the WU
>site and with a single exception (I.E.6) accepted all the
>available updates.
>
>I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex Belarc
>and my computer).
>
>Version of I.E. prior to PF and I : 5.51.4807.2300 (ex
>Belarc which also shows SP2).
>
>I have the downloaded updates for I.E. Q824145 and Q
832894
>and for O.E. Q837009.
>
>None of these will install. The reason given "This update
>requires I.E.5.5 Service Pack 2 to be installed". The same
>applies to the O.E. update (sustituting O.E. for I.E.).
>
>I cannot find this update.
>
>Help/guidance appreciated."
>****************************
>
>I could not resolve that issue. Hence I am still using the
>mentioned version. I didn't go to I.E.6 (having tried it
>out when it first came out I didn't like it).
>
>I use with regularity (daily and updated) the following:
>
>Lavasoft Adaware.
>SpybotS & D.
>CWShredder.
>HijackThis.
>SpywareBlaster.
>
>I will add BHODemon.
>
>Lavasoft regularly returns 2 registry entries of "Possible
>Browser Hijack..." here they are (this half an hour after
>a previous scan showing them):
>
> Possible Browser Hijack attempt RegData Data Miner
>HKEY_CURRENT_USER:Software\Microsoft\Internet
>Explorer\Main"Start Page" ("about:blank") Possible browser
>hijack attempt
> Possible Browser Hijack attempt RegData Data Miner
>HKEY_USERS:.Default\Software\Microsoft\Internet
>Explorer\Main"Start Page" ("about:blank") Possible browser
>hijack attempt
>
>I cannot tell the real MSN page from a false one.
>
>I do appreciate your post and all it's detail, Mike.
>
>Ben.
>
>>-----Original Message-----
>>Are you sure about this Ben and that your homepage hasn't
>been hijacked by
>>something purporting to be MSN? Incidentally I feel that
>as a matter of
>>urgency you need to upgrade your copy of Internet
>Explorer to either IE5.5 SP2
>>or better to IE6 SP1.
>>
>>This would be a good time to download yourself a copy of
>the free Ad-Aware
>>6.0 from Lavasoft
>>(http://www.lavasoftusa.com/software/adaware/) and also
>SpyBot
>>(http://www.safer-networking.org/) and scan your system
>for and remove all
>>unwanted parasites, adware and spyware that might be
>hiding on your PC.
>>
>>I would also suggest you download and run merijn's
>CWShredder which targets
>>the CoolWebSearch parasite. CWShredder can be downloaded
>from
>>(http://www.zerosrealm.com/downloads/CWShredder.zip or
>>http://www.spywareinfo.com/~merijn/files/cwshredder.zip).
> Details of the many
>>forms of the CoolWebSearch hijacker can be found at
>>http://www.spywareinfo.com/~merijn/cwschronicles.html and
>also
>>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>>
>>Other useful tools include BHODemon
>>(http://www.definitivesolutions.com/bhodemon.htm that
>checks for
>>unwanted Browser Help Objects and SpywareBlaster
>>(http://www.wilderssecurity.net/spywareblaster.html)
>which can help prevent
>>some parasites getting a grip on your PC.
>>
>>Finally if you still continue to experience problems
>download a copy of
>>HijackThis from
>(http://www.spywareinfo.com/~merijn/downloads.html).
>Create a
>>folder called hijackthis on C: and copy the file you
>downloaded to that
>>folder. Close as many applications as you can including
>all instances of
>>Internet Explorer and then run hijackthis.exe and post
>back the log, provided
>>that it isn't too long, to this thread, otherwise to the
>HijackThis Forum at
>>http://www.spywareinfo.com/forums/ and hopefully this
>will enable someone to
>>identify the cause of your problem.
>>--?
>>Mike Maltby MS-MVP
>>
>>
>>Ben B > wrote:
>>
>>> Hello,
>>>
>>> I have always used 'About Blank' and I wish to continue
>>> using it. However since a recent repartition, format
and
>>> install of WinMe I find MSN declines to let me have the
>>> priviledge of choice. My setting, 'About Blank' is
>>> arbitrarily changed to MSN. This after a a very few
uses
>>> of I.E. (version 5.50.4134.100)
>>>
>>> I am puzzled by the fact that MSN is the 'Default' in
>>> Internet Options. I wish my choice of 'About Blank' to
>be
>>> the default!
>>>
>>> There must be a way of changing this. In the registry
>for
>>> instance, or, what would I.E.6 allow - were I to use
it?
>>
>>.
>>
>
>
>.
>
Mike M
July 3rd 04, 11:20 PM
Now go back and make certain that you have installed the newly released 870669
patch. <g>
This patch (see KB 870669 - "How to disable the ADODB.Stream object from
Internet Explorer" (http://support.microsoft.com?kbid=870669) is essential to
patch an exploit which is currently rampant on the net and that can have major
security implications for those infected..
--
Mike Maltby MS-MVP
Ben B > wrote:
> Humph!
>
> I know a couple of conspirators more devious than myself
> when I read their writing.
>
> Internet Explorer
> Q832894 (details...)
> Q837009 (details...)
> SP1 (SP1)
Ben B
July 3rd 04, 11:28 PM
Groaning
DataAccess
KB870669
Courtesy MM and Belarc (already done!)
>-----Original Message-----
>Now go back and make certain that you have installed the
newly released 870669
>patch. <g>
>
>This patch (see KB 870669 - "How to disable the
ADODB.Stream object from
>Internet Explorer" (http://support.microsoft.com?
kbid=870669) is essential to
>patch an exploit which is currently rampant on the net
and that can have major
>security implications for those infected..
>--
>Mike Maltby MS-MVP
>
>
>Ben B > wrote:
>
>> Humph!
>>
>> I know a couple of conspirators more devious than myself
>> when I read their writing.
>>
>> Internet Explorer
>> Q832894 (details...)
>> Q837009 (details...)
>> SP1 (SP1)
>
>.
>
Ben B
July 3rd 04, 11:32 PM
I always found 'school' painful. I have to say I would=20
have ignored 'me'in this case. Thanks for persisting and
Well done, Noel (and Mike). <vbg>
>-----Original Message-----
>That looks a little healthier, Ben! - wasn't *that*=20
painful, was it?
>:)
>
>--=20
>Noel Paton (MS-MVP 2002-2004, Win9x)
>
>Nil Carborundum Illegitemi
>http://www.btinternet.com/~winnoel/millsrpch.htm
>
>Please read http://dts-l.org/goodpost.htm on how to post=20
messages to NG's
>or
>http://www.microsoft.com/presspass/features/2001/Mar01/Mar
27pmvp.asp
>
>"Ben B" > wrote in=20
message
...
>Humph!
>
>I know a couple of conspirators more devious than myself
>when I read their writing.
>
>Internet Explorer
> Q832894 (details...)
> Q837009 (details...)
> SP1 (SP1)
>
>
>Microsoft Corporation - Internet Explorer Version
>6.00.2800.1106 *
>
>Courtesy MM.NP and Belarc.
>
>Big sigh,
>
>Ben.
>
>
>>-----Original Message-----
>>Just get the IE6 update, Ben!!
>>
>>--=20
>>Noel Paton (MS-MVP 2002-2004, Win9x)
>>
>>Nil Carborundum Illegitemi
>>http://www.btinternet.com/~winnoel/millsrpch.htm
>>
>>Please read http://dts-l.org/goodpost.htm on how to post
>messages to NG's
>>or
>>http://www.microsoft.com/presspass/features/2001/Mar01/Ma
r
>27pmvp.asp
>>
>>"Ben B" > wrote in
>message
...
>>Hello Mike,
>>
>>I will respond to what I think you will agree is the most
>>important issue here. The question of my version of I.E.
>>
>>I have a post made (regarding my using Windows Updates}
>>immediately following my format and install in which I
>>expressed my difficulty concerning the SP2 installation.=20
I
>>copy it here:
>>
>>"Subject: Updates will not install after PF and I.
>> From: "Ben B" >
>>Sent: 6/25/2004 12:36:04 PM
>>
>>Hello,
>>
>>After a partition, format and install I went to the WU
>>site and with a single exception (I.E.6) accepted all the
>>available updates.
>>
>>I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex Belarc
>>and my computer).
>>
>>Version of I.E. prior to PF and I : 5.51.4807.2300 (ex
>>Belarc which also shows SP2).
>>
>>I have the downloaded updates for I.E. Q824145 and Q
>832894
>>and for O.E. Q837009.
>>
>>None of these will install. The reason given "This update
>>requires I.E.5.5 Service Pack 2 to be installed". The=20
same
>>applies to the O.E. update (sustituting O.E. for I.E.).
>>
>>I cannot find this update.
>>
>>Help/guidance appreciated."
>>****************************
>>
>>I could not resolve that issue. Hence I am still using=20
the
>>mentioned version. I didn't go to I.E.6 (having tried it
>>out when it first came out I didn't like it).
>>
>>I use with regularity (daily and updated) the following:
>>
>>Lavasoft Adaware.
>>SpybotS & D.
>>CWShredder.
>>HijackThis.
>>SpywareBlaster.
>>
>>I will add BHODemon.
>>
>>Lavasoft regularly returns 2 registry entries=20
of "Possible
>>Browser Hijack..." here they are (this half an hour after
>>a previous scan showing them):
>>
>> Possible Browser Hijack attempt RegData Data Miner
>>HKEY_CURRENT_USER:Software\Microsoft\Internet
>>Explorer\Main"Start Page" ("about:blank") Possible=20
browser
>>hijack attempt
>> Possible Browser Hijack attempt RegData Data Miner
>>HKEY_USERS:.Default\Software\Microsoft\Internet
>>Explorer\Main"Start Page" ("about:blank") Possible=20
browser
>>hijack attempt
>>
>>I cannot tell the real MSN page from a false one.
>>
>>I do appreciate your post and all it's detail, Mike.
>>
>>Ben.
>>
>>>-----Original Message-----
>>>Are you sure about this Ben and that your homepage=20
hasn't
>>been hijacked by
>>>something purporting to be MSN? Incidentally I feel=20
that
>>as a matter of
>>>urgency you need to upgrade your copy of Internet
>>Explorer to either IE5.5 SP2
>>>or better to IE6 SP1.
>>>
>>>This would be a good time to download yourself a copy=20
of
>>the free Ad-Aware
>>>6.0 from Lavasoft
>>>(http://www.lavasoftusa.com/software/adaware/) and also
>>SpyBot
>>>(http://www.safer-networking.org/) and scan your system
>>for and remove all
>>>unwanted parasites, adware and spyware that might be
>>hiding on your PC.
>>>
>>>I would also suggest you download and run merijn's
>>CWShredder which targets
>>>the CoolWebSearch parasite. CWShredder can be downloaded
>>from
>>>(http://www.zerosrealm.com/downloads/CWShredder.zip or
>>>http://www.spywareinfo.com/~merijn/files/cwshredder.zip)
..
>> Details of the many
>>>forms of the CoolWebSearch hijacker can be found at
>>>http://www.spywareinfo.com/~merijn/cwschronicles.html=20
and
>>also
>>>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>>>
>>>Other useful tools include BHODemon
>>>(http://www.definitivesolutions.com/bhodemon.htm that
>>checks for
>>>unwanted Browser Help Objects and SpywareBlaster
>>>(http://www.wilderssecurity.net/spywareblaster.html)
>>which can help prevent
>>>some parasites getting a grip on your PC.
>>>
>>>Finally if you still continue to experience problems
>>download a copy of
>>>HijackThis from
>>(http://www.spywareinfo.com/~merijn/downloads.html).
>>Create a
>>>folder called hijackthis on C: and copy the file you
>>downloaded to that
>>>folder. Close as many applications as you can including
>>all instances of
>>>Internet Explorer and then run hijackthis.exe and post
>>back the log, provided
>>>that it isn't too long, to this thread, otherwise to the
>>HijackThis Forum at
>>>http://www.spywareinfo.com/forums/ and hopefully this
>>will enable someone to
>>>identify the cause of your problem.
>>>--=81
>>>Mike Maltby MS-MVP
>>>
>>>
>>>Ben B > wrote:
>>>
>>>> Hello,
>>>>
>>>> I have always used 'About Blank' and I wish to=20
continue
>>>> using it. However since a recent repartition, format
>and
>>>> install of WinMe I find MSN declines to let me have=20
the
>>>> priviledge of choice. My setting, 'About Blank' is
>>>> arbitrarily changed to MSN. This after a a very few
>uses
>>>> of I.E. (version 5.50.4134.100)
>>>>
>>>> I am puzzled by the fact that MSN is the 'Default' in
>>>> Internet Options. I wish my choice of 'About Blank' to
>>be
>>>> the default!
>>>>
>>>> There must be a way of changing this. In the registry
>>for
>>>> instance, or, what would I.E.6 allow - were I to use
>it?
>>>
>>>.
>>>
>>
>>
>>.
>>
>
>
>.
>
Noel Paton
July 3rd 04, 11:42 PM
Ah - so that's the excuse that MS is pushing out on WU for Win9x, then -
required for MDAC!!!
--
Noel Paton (MS-MVP 2002-2004, Win9x)
Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
or
http://www.microsoft.com/presspass/features/2001/Mar01/Mar27pmvp.asp
"Ben B" > wrote in message
...
> Groaning
>
> DataAccess
> KB870669
>
> Courtesy MM and Belarc (already done!)
> >-----Original Message-----
> >Now go back and make certain that you have installed the
> newly released 870669
> >patch. <g>
> >
> >This patch (see KB 870669 - "How to disable the
> ADODB.Stream object from
> >Internet Explorer" (http://support.microsoft.com?
> kbid=870669) is essential to
> >patch an exploit which is currently rampant on the net
> and that can have major
> >security implications for those infected..
> >--
> >Mike Maltby MS-MVP
>
> >
> >
> >Ben B > wrote:
> >
> >> Humph!
> >>
> >> I know a couple of conspirators more devious than myself
> >> when I read their writing.
> >>
> >> Internet Explorer
> >> Q832894 (details...)
> >> Q837009 (details...)
> >> SP1 (SP1)
> >
> >.
> >
Mike M
July 4th 04, 12:07 AM
I don't get you? 870669 is for IE6 SP1 regardless of the OS platform and I
thought Ben was now running IE6 SP1. What is interesting is that I was also
offered 870669 on a Win Me box with IE 5.5 SP2 although it did have MDAC 2.5
as a result of having the critical update 329414 - MS02-05 installed.
What I can confirm is that a clean Win Me install is not offered 870669, just
IE SP1.
--
Mike Maltby MS-MVP
Noel Paton > wrote:
> Ah - so that's the excuse that MS is pushing out on WU for Win9x,
> then - required for MDAC!!!
Noel Paton
July 4th 04, 12:27 AM
Yes - but it's also involved in MDAC2.5-2.8
therefore if either are installed (and one or the other is bound to be
installed in ME, pretty much), then you're offered the update.
I suspect that it's MDAC that rules the magnanimity of MS in this case,
rather than IE. (otherwise they'd have some users protected, and others
not - and screaming blue murder)
--
Noel Paton (MS-MVP 2002-2004, Win9x)
Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
or
http://www.microsoft.com/presspass/features/2001/Mar01/Mar27pmvp.asp
"Mike M" > wrote in message
...
> I don't get you? 870669 is for IE6 SP1 regardless of the OS platform and
I
> thought Ben was now running IE6 SP1. What is interesting is that I was
also
> offered 870669 on a Win Me box with IE 5.5 SP2 although it did have MDAC
2.5
> as a result of having the critical update 329414 - MS02-05 installed.
>
> What I can confirm is that a clean Win Me install is not offered 870669,
just
> IE SP1.
> --
> Mike Maltby MS-MVP
>
>
>
> Noel Paton > wrote:
>
> > Ah - so that's the excuse that MS is pushing out on WU for Win9x,
> > then - required for MDAC!!!
>
Mike M
July 4th 04, 12:42 AM
As I mentioned though 870669 is not offered on a clean Win Me in which case
you would still have some users not being offered the patch but then again
what's one patch here or there when twenty others also need to be installed.
As to whether it is IE5.5 0600 (the real RTM version not the 0100 included
with Win Me), SP1, SP2 or MDAC that triggers 870669 some experimenting
tomorrow will tell. :-)
--
Mike M
Noel Paton > wrote:
> Yes - but it's also involved in MDAC2.5-2.8
> therefore if either are installed (and one or the other is bound to be
> installed in ME, pretty much), then you're offered the update.
> I suspect that it's MDAC that rules the magnanimity of MS in this
> case, rather than IE. (otherwise they'd have some users protected,
> and others not - and screaming blue murder)
Noel Paton
July 4th 04, 01:23 AM
I might have a play - I have a virgin ME on VPC, if I can get it to talk to
the Host
--
Noel Paton (MS-MVP 2002-2004, Win9x)
Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
or
http://www.microsoft.com/presspass/features/2001/Mar01/Mar27pmvp.asp
"Mike M" > wrote in message
...
> As I mentioned though 870669 is not offered on a clean Win Me in which
case
> you would still have some users not being offered the patch but then again
> what's one patch here or there when twenty others also need to be
installed.
> As to whether it is IE5.5 0600 (the real RTM version not the 0100 included
> with Win Me), SP1, SP2 or MDAC that triggers 870669 some experimenting
> tomorrow will tell. :-)
> --
> Mike M
>
> Noel Paton > wrote:
>
> > Yes - but it's also involved in MDAC2.5-2.8
> > therefore if either are installed (and one or the other is bound to be
> > installed in ME, pretty much), then you're offered the update.
> > I suspect that it's MDAC that rules the magnanimity of MS in this
> > case, rather than IE. (otherwise they'd have some users protected,
> > and others not - and screaming blue murder)
>
Ben B
July 4th 04, 01:27 AM
However...
I am infected with something cos Lavasoft still reports:
Possible Browser Hijack attempt RegData Data Miner=20
HKEY_CURRENT_USER:Software\Microsoft\Internet=20
Explorer\Main"Start Page" ("about:blank") Possible browser=20
hijack attempt=20
Possible Browser Hijack attempt RegData Data Miner=20
HKEY_USERS:.Default\Software\Microsoft\Internet=20
Explorer\Main"Start Page" ("about:blank") Possible browser=20
hijack attempt=20
and HijackThis this: RO - HKLM\Software\Microsoft\Internet=20
Explorer\Main,Local Page =3D
both in the last few minutes and since my capitulation!
?
Ben.
>-----Original Message-----
>I always found 'school' painful. I have to say I would=20
>have ignored 'me'in this case. Thanks for persisting and
>
>Well done, Noel (and Mike). <vbg>
>
>>-----Original Message-----
>>That looks a little healthier, Ben! - wasn't *that*=20
>painful, was it?
>>:)
>>
>>--=20
>>Noel Paton (MS-MVP 2002-2004, Win9x)
>>
>>Nil Carborundum Illegitemi
>>http://www.btinternet.com/~winnoel/millsrpch.htm
>>
>>Please read http://dts-l.org/goodpost.htm on how to post=20
>messages to NG's
>>or
>>http://www.microsoft.com/presspass/features/2001/Mar01/Ma
r
>27pmvp.asp
>>
>>"Ben B" > wrote in=20
>message
...
>>Humph!
>>
>>I know a couple of conspirators more devious than myself
>>when I read their writing.
>>
>>Internet Explorer
>> Q832894 (details...)
>> Q837009 (details...)
>> SP1 (SP1)
>>
>>
>>Microsoft Corporation - Internet Explorer Version
>>6.00.2800.1106 *
>>
>>Courtesy MM.NP and Belarc.
>>
>>Big sigh,
>>
>>Ben.
>>
>>
>>>-----Original Message-----
>>>Just get the IE6 update, Ben!!
>>>
>>>--=20
>>>Noel Paton (MS-MVP 2002-2004, Win9x)
>>>
>>>Nil Carborundum Illegitemi
>>>http://www.btinternet.com/~winnoel/millsrpch.htm
>>>
>>>Please read http://dts-l.org/goodpost.htm on how to post
>>messages to NG's
>>>or
>>>http://www.microsoft.com/presspass/features/2001/Mar01/M
a
>r
>>27pmvp.asp
>>>
>>>"Ben B" > wrote in
>>message
...
>>>Hello Mike,
>>>
>>>I will respond to what I think you will agree is the=20
most
>>>important issue here. The question of my version of I.E.
>>>
>>>I have a post made (regarding my using Windows Updates}
>>>immediately following my format and install in which I
>>>expressed my difficulty concerning the SP2=20
installation.=20
>I
>>>copy it here:
>>>
>>>"Subject: Updates will not install after PF and I.
>>> From: "Ben B" >
>>>Sent: 6/25/2004 12:36:04 PM
>>>
>>>Hello,
>>>
>>>After a partition, format and install I went to the WU
>>>site and with a single exception (I.E.6) accepted all=20
the
>>>available updates.
>>>
>>>I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex Belarc
>>>and my computer).
>>>
>>>Version of I.E. prior to PF and I : 5.51.4807.2300 (ex
>>>Belarc which also shows SP2).
>>>
>>>I have the downloaded updates for I.E. Q824145 and Q
>>832894
>>>and for O.E. Q837009.
>>>
>>>None of these will install. The reason given "This=20
update
>>>requires I.E.5.5 Service Pack 2 to be installed". The=20
>same
>>>applies to the O.E. update (sustituting O.E. for I.E.).
>>>
>>>I cannot find this update.
>>>
>>>Help/guidance appreciated."
>>>****************************
>>>
>>>I could not resolve that issue. Hence I am still using=20
>the
>>>mentioned version. I didn't go to I.E.6 (having tried it
>>>out when it first came out I didn't like it).
>>>
>>>I use with regularity (daily and updated) the following:
>>>
>>>Lavasoft Adaware.
>>>SpybotS & D.
>>>CWShredder.
>>>HijackThis.
>>>SpywareBlaster.
>>>
>>>I will add BHODemon.
>>>
>>>Lavasoft regularly returns 2 registry entries=20
>of "Possible
>>>Browser Hijack..." here they are (this half an hour=20
after
>>>a previous scan showing them):
>>>
>>> Possible Browser Hijack attempt RegData Data Miner
>>>HKEY_CURRENT_USER:Software\Microsoft\Internet
>>>Explorer\Main"Start Page" ("about:blank") Possible=20
>browser
>>>hijack attempt
>>> Possible Browser Hijack attempt RegData Data Miner
>>>HKEY_USERS:.Default\Software\Microsoft\Internet
>>>Explorer\Main"Start Page" ("about:blank") Possible=20
>browser
>>>hijack attempt
>>>
>>>I cannot tell the real MSN page from a false one.
>>>
>>>I do appreciate your post and all it's detail, Mike.
>>>
>>>Ben.
>>>
>>>>-----Original Message-----
>>>>Are you sure about this Ben and that your homepage=20
>hasn't
>>>been hijacked by
>>>>something purporting to be MSN? Incidentally I feel=20
>that
>>>as a matter of
>>>>urgency you need to upgrade your copy of Internet
>>>Explorer to either IE5.5 SP2
>>>>or better to IE6 SP1.
>>>>
>>>>This would be a good time to download yourself a copy=20
>of
>>>the free Ad-Aware
>>>>6.0 from Lavasoft
>>>>(http://www.lavasoftusa.com/software/adaware/) and also
>>>SpyBot
>>>>(http://www.safer-networking.org/) and scan your system
>>>for and remove all
>>>>unwanted parasites, adware and spyware that might be
>>>hiding on your PC.
>>>>
>>>>I would also suggest you download and run merijn's
>>>CWShredder which targets
>>>>the CoolWebSearch parasite. CWShredder can be=20
downloaded
>>>from
>>>>(http://www.zerosrealm.com/downloads/CWShredder.zip or
>>>>http://www.spywareinfo.com/~merijn/files/cwshredder.zip
)
>..
>>> Details of the many
>>>>forms of the CoolWebSearch hijacker can be found at
>>>>http://www.spywareinfo.com/~merijn/cwschronicles.html=20
>and
>>>also
>>>>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>>>>
>>>>Other useful tools include BHODemon
>>>>(http://www.definitivesolutions.com/bhodemon.htm that
>>>checks for
>>>>unwanted Browser Help Objects and SpywareBlaster
>>>>(http://www.wilderssecurity.net/spywareblaster.html)
>>>which can help prevent
>>>>some parasites getting a grip on your PC.
>>>>
>>>>Finally if you still continue to experience problems
>>>download a copy of
>>>>HijackThis from
>>>(http://www.spywareinfo.com/~merijn/downloads.html).
>>>Create a
>>>>folder called hijackthis on C: and copy the file you
>>>downloaded to that
>>>>folder. Close as many applications as you can=20
including
>>>all instances of
>>>>Internet Explorer and then run hijackthis.exe and post
>>>back the log, provided
>>>>that it isn't too long, to this thread, otherwise to=20
the
>>>HijackThis Forum at
>>>>http://www.spywareinfo.com/forums/ and hopefully this
>>>will enable someone to
>>>>identify the cause of your problem.
>>>>--=81
>>>>Mike Maltby MS-MVP
>>>>
>>>>
>>>>Ben B > wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I have always used 'About Blank' and I wish to=20
>continue
>>>>> using it. However since a recent repartition, format
>>and
>>>>> install of WinMe I find MSN declines to let me have=20
>the
>>>>> priviledge of choice. My setting, 'About Blank' is
>>>>> arbitrarily changed to MSN. This after a a very few
>>uses
>>>>> of I.E. (version 5.50.4134.100)
>>>>>
>>>>> I am puzzled by the fact that MSN is the 'Default' in
>>>>> Internet Options. I wish my choice of 'About Blank'=20
to
>>>be
>>>>> the default!
>>>>>
>>>>> There must be a way of changing this. In the registry
>>>for
>>>>> instance, or, what would I.E.6 allow - were I to use
>>it?
>>>>
>>>>.
>>>>
>>>
>>>
>>>.
>>>
>>
>>
>>.
>>
>.
>
Ben B
July 4th 04, 01:36 AM
....and my I.E. page set to 'About Blank' is again showing=20
the MSN home page.!!
>-----Original Message-----
>However...
>
>I am infected with something cos Lavasoft still reports:
>
>Possible Browser Hijack attempt RegData Data Miner=20
>HKEY_CURRENT_USER:Software\Microsoft\Internet=20
>Explorer\Main"Start Page" ("about:blank") Possible=20
browser=20
>hijack attempt=20
> Possible Browser Hijack attempt RegData Data Miner=20
>HKEY_USERS:.Default\Software\Microsoft\Internet=20
>Explorer\Main"Start Page" ("about:blank") Possible=20
browser=20
>hijack attempt=20
>
>and HijackThis this: RO -=20
HKLM\Software\Microsoft\Internet=20
>Explorer\Main,Local Page =3D
>
>both in the last few minutes and since my capitulation!
>
> ?
>
>Ben.
>
>
>
>
>>-----Original Message-----
>>I always found 'school' painful. I have to say I would=20
>>have ignored 'me'in this case. Thanks for persisting and
>>
>>Well done, Noel (and Mike). <vbg>
>>
>>>-----Original Message-----
>>>That looks a little healthier, Ben! - wasn't *that*=20
>>painful, was it?
>>>:)
>>>
>>>--=20
>>>Noel Paton (MS-MVP 2002-2004, Win9x)
>>>
>>>Nil Carborundum Illegitemi
>>>http://www.btinternet.com/~winnoel/millsrpch.htm
>>>
>>>Please read http://dts-l.org/goodpost.htm on how to=20
post=20
>>messages to NG's
>>>or
>>>http://www.microsoft.com/presspass/features/2001/Mar01/M
a
>r
>>27pmvp.asp
>>>
>>>"Ben B" > wrote in=20
>>message
...
>>>Humph!
>>>
>>>I know a couple of conspirators more devious than myself
>>>when I read their writing.
>>>
>>>Internet Explorer
>>> Q832894 (details...)
>>> Q837009 (details...)
>>> SP1 (SP1)
>>>
>>>
>>>Microsoft Corporation - Internet Explorer Version
>>>6.00.2800.1106 *
>>>
>>>Courtesy MM.NP and Belarc.
>>>
>>>Big sigh,
>>>
>>>Ben.
>>>
>>>
>>>>-----Original Message-----
>>>>Just get the IE6 update, Ben!!
>>>>
>>>>--=20
>>>>Noel Paton (MS-MVP 2002-2004, Win9x)
>>>>
>>>>Nil Carborundum Illegitemi
>>>>http://www.btinternet.com/~winnoel/millsrpch.htm
>>>>
>>>>Please read http://dts-l.org/goodpost.htm on how to=20
post
>>>messages to NG's
>>>>or
>>>>http://www.microsoft.com/presspass/features/2001/Mar01/
M
>a
>>r
>>>27pmvp.asp
>>>>
>>>>"Ben B" > wrote in
>>>message
...
>>>>Hello Mike,
>>>>
>>>>I will respond to what I think you will agree is the=20
>most
>>>>important issue here. The question of my version of=20
I.E.
>>>>
>>>>I have a post made (regarding my using Windows Updates}
>>>>immediately following my format and install in which I
>>>>expressed my difficulty concerning the SP2=20
>installation.=20
>>I
>>>>copy it here:
>>>>
>>>>"Subject: Updates will not install after PF and I.
>>>> From: "Ben B" >
>>>>Sent: 6/25/2004 12:36:04 PM
>>>>
>>>>Hello,
>>>>
>>>>After a partition, format and install I went to the WU
>>>>site and with a single exception (I.E.6) accepted all=20
>the
>>>>available updates.
>>>>
>>>>I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex=20
Belarc
>>>>and my computer).
>>>>
>>>>Version of I.E. prior to PF and I : 5.51.4807.2300 (ex
>>>>Belarc which also shows SP2).
>>>>
>>>>I have the downloaded updates for I.E. Q824145 and Q
>>>832894
>>>>and for O.E. Q837009.
>>>>
>>>>None of these will install. The reason given "This=20
>update
>>>>requires I.E.5.5 Service Pack 2 to be installed". The=20
>>same
>>>>applies to the O.E. update (sustituting O.E. for I.E.).
>>>>
>>>>I cannot find this update.
>>>>
>>>>Help/guidance appreciated."
>>>>****************************
>>>>
>>>>I could not resolve that issue. Hence I am still using=20
>>the
>>>>mentioned version. I didn't go to I.E.6 (having tried=20
it
>>>>out when it first came out I didn't like it).
>>>>
>>>>I use with regularity (daily and updated) the=20
following:
>>>>
>>>>Lavasoft Adaware.
>>>>SpybotS & D.
>>>>CWShredder.
>>>>HijackThis.
>>>>SpywareBlaster.
>>>>
>>>>I will add BHODemon.
>>>>
>>>>Lavasoft regularly returns 2 registry entries=20
>>of "Possible
>>>>Browser Hijack..." here they are (this half an hour=20
>after
>>>>a previous scan showing them):
>>>>
>>>> Possible Browser Hijack attempt RegData Data Miner
>>>>HKEY_CURRENT_USER:Software\Microsoft\Internet
>>>>Explorer\Main"Start Page" ("about:blank") Possible=20
>>browser
>>>>hijack attempt
>>>> Possible Browser Hijack attempt RegData Data Miner
>>>>HKEY_USERS:.Default\Software\Microsoft\Internet
>>>>Explorer\Main"Start Page" ("about:blank") Possible=20
>>browser
>>>>hijack attempt
>>>>
>>>>I cannot tell the real MSN page from a false one.
>>>>
>>>>I do appreciate your post and all it's detail, Mike.
>>>>
>>>>Ben.
>>>>
>>>>>-----Original Message-----
>>>>>Are you sure about this Ben and that your homepage=20
>>hasn't
>>>>been hijacked by
>>>>>something purporting to be MSN? Incidentally I feel=20
>>that
>>>>as a matter of
>>>>>urgency you need to upgrade your copy of Internet
>>>>Explorer to either IE5.5 SP2
>>>>>or better to IE6 SP1.
>>>>>
>>>>>This would be a good time to download yourself a =20
copy=20
>>of
>>>>the free Ad-Aware
>>>>>6.0 from Lavasoft
>>>>>(http://www.lavasoftusa.com/software/adaware/) and=20
also
>>>>SpyBot
>>>>>(http://www.safer-networking.org/) and scan your=20
system
>>>>for and remove all
>>>>>unwanted parasites, adware and spyware that might be
>>>>hiding on your PC.
>>>>>
>>>>>I would also suggest you download and run merijn's
>>>>CWShredder which targets
>>>>>the CoolWebSearch parasite. CWShredder can be=20
>downloaded
>>>>from
>>>>>(http://www.zerosrealm.com/downloads/CWShredder.zip or
>>>>>http://www.spywareinfo.com/~merijn/files/cwshredder.zi
p
>)
>>..
>>>> Details of the many
>>>>>forms of the CoolWebSearch hijacker can be found at
>>>>>http://www.spywareinfo.com/~merijn/cwschronicles.html=20
>>and
>>>>also
>>>>>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>>>>>
>>>>>Other useful tools include BHODemon
>>>>>(http://www.definitivesolutions.com/bhodemon.htm that
>>>>checks for
>>>>>unwanted Browser Help Objects and SpywareBlaster
>>>>>(http://www.wilderssecurity.net/spywareblaster.html)
>>>>which can help prevent
>>>>>some parasites getting a grip on your PC.
>>>>>
>>>>>Finally if you still continue to experience problems
>>>>download a copy of
>>>>>HijackThis from
>>>>(http://www.spywareinfo.com/~merijn/downloads.html).
>>>>Create a
>>>>>folder called hijackthis on C: and copy the file you
>>>>downloaded to that
>>>>>folder. Close as many applications as you can=20
>including
>>>>all instances of
>>>>>Internet Explorer and then run hijackthis.exe and post
>>>>back the log, provided
>>>>>that it isn't too long, to this thread, otherwise to=20
>the
>>>>HijackThis Forum at
>>>>>http://www.spywareinfo.com/forums/ and hopefully this
>>>>will enable someone to
>>>>>identify the cause of your problem.
>>>>>--=81
>>>>>Mike Maltby MS-MVP
>>>>>
>>>>>
>>>>>Ben B > wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I have always used 'About Blank' and I wish to=20
>>continue
>>>>>> using it. However since a recent repartition, format
>>>and
>>>>>> install of WinMe I find MSN declines to let me have=20
>>the
>>>>>> priviledge of choice. My setting, 'About Blank' is
>>>>>> arbitrarily changed to MSN. This after a a very few
>>>uses
>>>>>> of I.E. (version 5.50.4134.100)
>>>>>>
>>>>>> I am puzzled by the fact that MSN is the 'Default'=20
in
>>>>>> Internet Options. I wish my choice of 'About Blank'=20
>to
>>>>be
>>>>>> the default!
>>>>>>
>>>>>> There must be a way of changing this. In the=20
registry
>>>>for
>>>>>> instance, or, what would I.E.6 allow - were I to use
>>>it?
>>>>>
>>>>>.
>>>>>
>>>>
>>>>
>>>>.
>>>>
>>>
>>>
>>>.
>>>
>>.
>>
>.
>
Mike M
July 4th 04, 02:01 AM
I've been doing that all afternoon. See my posts in dts and dts3. BTW MDAC
2.5 or above is not required for IE5.5 SP2 to be offered 870669.
--
Mike Maltby MS-MVP
Noel Paton > wrote:
> I might have a play - I have a virgin ME on VPC, if I can get it to
> talk to the Host
Ben B.
July 4th 04, 08:51 AM
Mike, here is the HijackThis log.
Logfile of HijackThis v1.98.0
Scan saved at 12:49:05 AM, on 04/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
E:\PROGRAM FILES\AVG\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
E:\PROGRAM FILES\AVG\AVGCC32.EXE
E:\PROGRAM FILES\MSGTAG\MSGTAG.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
E:\PROGRAM FILES\BHODEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
O4 - HKLM\..\Run: [ScanRegistry]=20
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~2
\AVG\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common=20
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [*StateMgr]=20
C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] E:\PROGRA~2
\AVG\Avgserv9.exe
O4 - HKCU\..\Run: [MSGTAG] "E:\PROGRAM=20
FILES\MSGTAG\MSGTAG.EXE" /startup
O4 - Startup: BHODemon 2.0.lnk =3D E:\Program=20
Files\BHODemon.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-
CA6EE38B68A8} - (no file)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-
9DF6-CA6EE38B68A8} - (no file)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1
\Plugins\NPBelv32.dll
O16 - DPF: HushEncryptionEngine -=20
https://mailserver3.hushmail.com/shared/HushEncryptionEngin
e.cab
Ben
>-----Original Message-----
>....and my I.E. page set to 'About Blank' is again=20
showing=20
>the MSN home page.!!
>
>>-----Original Message-----
>>However...
>>
>>I am infected with something cos Lavasoft still reports:
>>
>>Possible Browser Hijack attempt RegData Data Miner=20
>>HKEY_CURRENT_USER:Software\Microsoft\Internet=20
>>Explorer\Main"Start Page" ("about:blank") Possible=20
>browser=20
>>hijack attempt=20
>> Possible Browser Hijack attempt RegData Data Miner=20
>>HKEY_USERS:.Default\Software\Microsoft\Internet=20
>>Explorer\Main"Start Page" ("about:blank") Possible=20
>browser=20
>>hijack attempt=20
>>
>>and HijackThis this: RO -=20
>HKLM\Software\Microsoft\Internet=20
>>Explorer\Main,Local Page =3D
>>
>>both in the last few minutes and since my capitulation!
>>
>> ?
>>
>>Ben.
>>
>>
>>
>>
>>>-----Original Message-----
>>>I always found 'school' painful. I have to say I would=20
>>>have ignored 'me'in this case. Thanks for persisting and
>>>
>>>Well done, Noel (and Mike). <vbg>
>>>
>>>>-----Original Message-----
>>>>That looks a little healthier, Ben! - wasn't *that*=20
>>>painful, was it?
>>>>:)
>>>>
>>>>--=20
>>>>Noel Paton (MS-MVP 2002-2004, Win9x)
>>>>
>>>>Nil Carborundum Illegitemi
>>>>http://www.btinternet.com/~winnoel/millsrpch.htm
>>>>
>>>>Please read http://dts-l.org/goodpost.htm on how to=20
>post=20
>>>messages to NG's
>>>>or
>>>>http://www.microsoft.com/presspass/features/2001/Mar01/
M
>a
>>r
>>>27pmvp.asp
>>>>
>>>>"Ben B" > wrote in=20
>>>message
...
>>>>Humph!
>>>>
>>>>I know a couple of conspirators more devious than=20
myself
>>>>when I read their writing.
>>>>
>>>>Internet Explorer
>>>> Q832894 (details...)
>>>> Q837009 (details...)
>>>> SP1 (SP1)
>>>>
>>>>
>>>>Microsoft Corporation - Internet Explorer Version
>>>>6.00.2800.1106 *
>>>>
>>>>Courtesy MM.NP and Belarc.
>>>>
>>>>Big sigh,
>>>>
>>>>Ben.
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>Just get the IE6 update, Ben!!
>>>>>
>>>>>--=20
>>>>>Noel Paton (MS-MVP 2002-2004, Win9x)
>>>>>
>>>>>Nil Carborundum Illegitemi
>>>>>http://www.btinternet.com/~winnoel/millsrpch.htm
>>>>>
>>>>>Please read http://dts-l.org/goodpost.htm on how to=20
>post
>>>>messages to NG's
>>>>>or
>>>>>http://www.microsoft.com/presspass/features/2001/Mar01
/
>M
>>a
>>>r
>>>>27pmvp.asp
>>>>>
>>>>>"Ben B" > wrote in
>>>>message
...
>>>>>Hello Mike,
>>>>>
>>>>>I will respond to what I think you will agree is the=20
>>most
>>>>>important issue here. The question of my version of=20
>I.E.
>>>>>
>>>>>I have a post made (regarding my using Windows=20
Updates}
>>>>>immediately following my format and install in which I
>>>>>expressed my difficulty concerning the SP2=20
>>installation.=20
>>>I
>>>>>copy it here:
>>>>>
>>>>>"Subject: Updates will not install after PF and I.
>>>>> From: "Ben B" >
>>>>>Sent: 6/25/2004 12:36:04 PM
>>>>>
>>>>>Hello,
>>>>>
>>>>>After a partition, format and install I went to the WU
>>>>>site and with a single exception (I.E.6) accepted all=20
>>the
>>>>>available updates.
>>>>>
>>>>>I have I.E. 5.5.4134.100 and O.E.5.4132.2400. (ex=20
>Belarc
>>>>>and my computer).
>>>>>
>>>>>Version of I.E. prior to PF and I : 5.51.4807.2300 (ex
>>>>>Belarc which also shows SP2).
>>>>>
>>>>>I have the downloaded updates for I.E. Q824145 and Q
>>>>832894
>>>>>and for O.E. Q837009.
>>>>>
>>>>>None of these will install. The reason given "This=20
>>update
>>>>>requires I.E.5.5 Service Pack 2 to be installed". The=20
>>>same
>>>>>applies to the O.E. update (sustituting O.E. for=20
I.E.).
>>>>>
>>>>>I cannot find this update.
>>>>>
>>>>>Help/guidance appreciated."
>>>>>****************************
>>>>>
>>>>>I could not resolve that issue. Hence I am still=20
using=20
>>>the
>>>>>mentioned version. I didn't go to I.E.6 (having tried=20
>it
>>>>>out when it first came out I didn't like it).
>>>>>
>>>>>I use with regularity (daily and updated) the=20
>following:
>>>>>
>>>>>Lavasoft Adaware.
>>>>>SpybotS & D.
>>>>>CWShredder.
>>>>>HijackThis.
>>>>>SpywareBlaster.
>>>>>
>>>>>I will add BHODemon.
>>>>>
>>>>>Lavasoft regularly returns 2 registry entries=20
>>>of "Possible
>>>>>Browser Hijack..." here they are (this half an hour=20
>>after
>>>>>a previous scan showing them):
>>>>>
>>>>> Possible Browser Hijack attempt RegData Data Miner
>>>>>HKEY_CURRENT_USER:Software\Microsoft\Internet
>>>>>Explorer\Main"Start Page" ("about:blank") Possible=20
>>>browser
>>>>>hijack attempt
>>>>> Possible Browser Hijack attempt RegData Data Miner
>>>>>HKEY_USERS:.Default\Software\Microsoft\Internet
>>>>>Explorer\Main"Start Page" ("about:blank") Possible=20
>>>browser
>>>>>hijack attempt
>>>>>
>>>>>I cannot tell the real MSN page from a false one.
>>>>>
>>>>>I do appreciate your post and all it's detail, Mike.
>>>>>
>>>>>Ben.
>>>>>
>>>>>>-----Original Message-----
>>>>>>Are you sure about this Ben and that your homepage=20
>>>hasn't
>>>>>been hijacked by
>>>>>>something purporting to be MSN? Incidentally I feel=20
>>>that
>>>>>as a matter of
>>>>>>urgency you need to upgrade your copy of Internet
>>>>>Explorer to either IE5.5 SP2
>>>>>>or better to IE6 SP1.
>>>>>>
>>>>>>This would be a good time to download yourself a =20
>copy=20
>>>of
>>>>>the free Ad-Aware
>>>>>>6.0 from Lavasoft
>>>>>>(http://www.lavasoftusa.com/software/adaware/) and=20
>also
>>>>>SpyBot
>>>>>>(http://www.safer-networking.org/) and scan your=20
>system
>>>>>for and remove all
>>>>>>unwanted parasites, adware and spyware that might be
>>>>>hiding on your PC.
>>>>>>
>>>>>>I would also suggest you download and run merijn's
>>>>>CWShredder which targets
>>>>>>the CoolWebSearch parasite. CWShredder can be=20
>>downloaded
>>>>>from
>>>>>>(http://www.zerosrealm.com/downloads/CWShredder.zip=20
or
>>>>>>http://www.spywareinfo.com/~merijn/files/cwshredder.z
i
>p
>>)
>>>..
>>>>> Details of the many
>>>>>>forms of the CoolWebSearch hijacker can be found at
>>>>>>http://www.spywareinfo.com/~merijn/cwschronicles.html
=20
>>>and
>>>>>also
>>>>>>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>>>>>>
>>>>>>Other useful tools include BHODemon
>>>>>>(http://www.definitivesolutions.com/bhodemon.htm that
>>>>>checks for
>>>>>>unwanted Browser Help Objects and SpywareBlaster
>>>>>>(http://www.wilderssecurity.net/spywareblaster.html)
>>>>>which can help prevent
>>>>>>some parasites getting a grip on your PC.
>>>>>>
>>>>>>Finally if you still continue to experience problems
>>>>>download a copy of
>>>>>>HijackThis from
>>>>>(http://www.spywareinfo.com/~merijn/downloads.html).
>>>>>Create a
>>>>>>folder called hijackthis on C: and copy the file you
>>>>>downloaded to that
>>>>>>folder. Close as many applications as you can=20
>>including
>>>>>all instances of
>>>>>>Internet Explorer and then run hijackthis.exe and=20
post
>>>>>back the log, provided
>>>>>>that it isn't too long, to this thread, otherwise to=20
>>the
>>>>>HijackThis Forum at
>>>>>>http://www.spywareinfo.com/forums/ and hopefully this
>>>>>will enable someone to
>>>>>>identify the cause of your problem.
>>>>>>--=81
>>>>>>Mike Maltby MS-MVP
>>>>>>
>>>>>>
>>>>>>Ben B > wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I have always used 'About Blank' and I wish to=20
>>>continue
>>>>>>> using it. However since a recent repartition,=20
format
>>>>and
>>>>>>> install of WinMe I find MSN declines to let me=20
have=20
>>>the
>>>>>>> priviledge of choice. My setting, 'About Blank' is
>>>>>>> arbitrarily changed to MSN. This after a a very few
>>>>uses
>>>>>>> of I.E. (version 5.50.4134.100)
>>>>>>>
>>>>>>> I am puzzled by the fact that MSN is the 'Default'=20
>in
>>>>>>> Internet Options. I wish my choice of 'About=20
Blank'=20
>>to
>>>>>be
>>>>>>> the default!
>>>>>>>
>>>>>>> There must be a way of changing this. In the=20
>registry
>>>>>for
>>>>>>> instance, or, what would I.E.6 allow - were I to=20
use
>>>>it?
>>>>>>
>>>>>>.
>>>>>>
>>>>>
>>>>>
>>>>>.
>>>>>
>>>>
>>>>
>>>>.
>>>>
>>>.
>>>
>>.
>>
>.
>
Mike M
July 10th 04, 11:38 PM
Ben,
For why this is happening see
http://www.lavahelp.com/articles/v6/04/05/1801.html. Basically if you wish to
use about:blank as your homepage (I do) and have no issues with it such as a
hijack then when using AdAware add About:Blank to the ignore list.
--
Mike Maltby MS-MVP
Ben B. > wrote:
> Mike, here is the HijackThis log.
>
> Logfile of HijackThis v1.98.0
> Scan saved at 12:49:05 AM, on 04/07/2004
> Platform: Windows ME (Win9x 4.90.3000)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\SYSTEM\KERNEL32.DLL
> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
> C:\WINDOWS\SYSTEM\mmtask.tsk
> C:\WINDOWS\SYSTEM\MPREXE.EXE
> E:\PROGRAM FILES\AVG\AVGSERV9.EXE
> C:\WINDOWS\EXPLORER.EXE
> C:\WINDOWS\SYSTEM\SPOOL32.EXE
> C:\WINDOWS\SYSTEM\LEXBCES.EXE
> C:\WINDOWS\SYSTEM\RPCSS.EXE
> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
> E:\PROGRAM FILES\AVG\AVGCC32.EXE
> E:\PROGRAM FILES\MSGTAG\MSGTAG.EXE
> C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
> E:\PROGRAM FILES\BHODEMON.EXE
> C:\WINDOWS\SYSTEM\WMIEXE.EXE
> C:\WINDOWS\SYSTEM\DDHELP.EXE
> C:\WINDOWS\SYSTEM\STIMON.EXE
> C:\WINDOWS\SYSTEM\PSTORES.EXE
> C:\WINDOWS\NOTEPAD.EXE
> C:\MY DOCUMENTS\HIJACKTHIS.EXE
>
> O4 - HKLM\..\Run: [ScanRegistry]
> C:\WINDOWS\scanregw.exe /autorun
> O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~2
> \AVG\avgcc32.exe /STARTUP
> O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
> Files\Real\Update_OB\evntsvc.exe -osboot
> O4 - HKLM\..\RunServices: [*StateMgr]
> C:\WINDOWS\System\Restore\StateMgr.exe
> O4 - HKLM\..\RunServices: [Avgserv9.exe] E:\PROGRA~2
> \AVG\Avgserv9.exe
> O4 - HKCU\..\Run: [MSGTAG] "E:\PROGRAM
> FILES\MSGTAG\MSGTAG.EXE" /startup
> O4 - Startup: BHODemon 2.0.lnk = E:\Program
> Files\BHODemon.exe
> O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
> 00C0F0318AFE} - (no file)
> O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-
> CA6EE38B68A8} - (no file)
> O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-
> 9DF6-CA6EE38B68A8} - (no file)
> O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1
> \Plugins\NPBelv32.dll
> O16 - DPF: HushEncryptionEngine -
> https://mailserver3.hushmail.com/shared/HushEncryptionEngin
> e.cab
vBulletin® v3.6.4, Copyright ©2000-2024, Jelsoft Enterprises Ltd.