Possible hijack, Spybot keeps finding

Discussion in 'adware, spyware & hijack cleaning' started by KLaR, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. KLaR

    KLaR Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    3
    o_O And that's just for starters. I'm guessing my other problems may be related to this, but I'll let you experts here figure that out :)

    Anyway, when I run Spybot, I keep getting a Possible Extension Hijack. (see the log below.) I have tried to fix this several times, and while Spybot tells me it has done so, the darned thing keeps coming up again. Would you also be able to tell me why, when I uncheck the products I think are checked by default so that they won't be excluded, Spybot is not remembering this? (I have the "save all settings" cookie enabled under Settings.)


    Here is my last Spybot log:

    --- Search result list ---
    Possible extension hijack: Default screen saver handler (Registry change, fixed)
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\!="%1" /S


    --- Spybot - Search && Destroy version: 1.3 ---
    2004-07-09 Includes\Cookies.sbi
    2004-07-09 Includes\Dialer.sbi
    2004-07-09 Includes\Hijackers.sbi
    2004-07-09 Includes\Keyloggers.sbi
    2004-07-09 Includes\Malware.sbi
    2004-07-09 Includes\Revision.sbi
    2004-07-02 Includes\Security.sbi
    2004-07-09 Includes\Spybots.sbi
    2004-07-09 Includes\Trojans.sbi
    2004-05-12 Includes\LSP.sbi
    2004-07-09 Includes\Tracks.uti


    --- System information ---
    Windows ME (Build: 3000)
    / DataAccess: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / Windows Media Player: Windows Media Update 320920
    / Windows Media Player: Windows Media Update Q308567
    / Windows Media Player: Windows Media Update 828026


    --- Startup entries list ---
    Located: HK_LM:Run, LexStart
    command: lexstart.exe
    file: C:\WINDOWS\SYSTEM\lexstart.exe
    size: 40960
    MD5: 1fee14123f5646257ac8310aafa55c2a

    Located: HK_LM:Run, LoadPowerProfile
    command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    file: C:\WINDOWS\Rundll32.exe
    size: 24576
    MD5: 208c3f7142c109f3055cb07c95af0f2e

    Located: HK_LM:Run, McAfee Guardian
    command: "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
    file: C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
    size: 145920
    MD5: b12caac67777cb156b55523bec34c7a4

    Located: HK_LM:Run, ScanRegistry
    command: c:\windows\scanregw.exe /autorun
    file: c:\windows\scanregw.exe
    size: 126976
    MD5: 548ae8c51870ec245dac589b9bf271fc

    Located: HK_LM:Run, SystemTray
    command: SysTray.Exe
    file: C:\WINDOWS\SYSTEM\SysTray.Exe
    size: 36864
    MD5: a29d4e875bc3ed7042a9159a89b597db

    Located: HK_LM:Run, VirusScanMSC
    command: "C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE" /EMBEDDING
    file: C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    size: 245836
    MD5: 2480a46319e1ddc5dfb21ea17dbcd088

    Located: HK_LM:Run, WheelMouse
    command: C:\Program Files\A4Tech\Mouse\Amoumain.exe
    file: C:\Program Files\A4Tech\Mouse\Amoumain.exe
    size: 212992
    MD5: 7cb1474167061c641a6debabd988bcc6

    Located: HK_LM:RunServices, GuardDogEXE
    command: "C:\PROGRAM FILES\MCAFEE\MCAFEE INTERNET SECURITY\GUARDDOG.EXE" /SERVICE
    file: C:\PROGRAM FILES\MCAFEE\MCAFEE INTERNET SECURITY\GUARDDOG.EXE
    size: 106544
    MD5: dbe6bd95b9940f158621879b566d33b3

    Located: HK_LM:RunServices, McAfee Firewall
    command: "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE
    file: C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
    size: 77824
    MD5: 2253a761176c54c8801b0fd0c8f870ac

    Located: HK_LM:RunServices, McAfeeVirusScanService
    command: c:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
    file: c:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
    size: 200721
    MD5: 152dfaaa58ce8a65d519336fc02578e2

    Located: HK_LM:RunServices, SSDPSRV
    command: c:\windows\SYSTEM\ssdpsrv.exe
    file: c:\windows\SYSTEM\ssdpsrv.exe
    size: 57104
    MD5: 95914d31a0b7001e99a537dc5f563f4d

    Located: HK_LM:Run, LexmarkPrinTray (DISABLED)
    command: PrinTray.exe

    Located: HK_LM:Run, LexStart (DISABLED)
    command: Lexstart.exe
    file: C:\WINDOWS\SYSTEM\Lexstart.exe
    size: 40960
    MD5: 1fee14123f5646257ac8310aafa55c2a

    Located: HK_LM:Run, LoadQM (DISABLED)
    command: loadqm.exe
    file: C:\WINDOWS\loadqm.exe
    size: 7536
    MD5: 69d7217f9d7f49d6706baf90f52b472b

    Located: HK_LM:Run, PCHealth (DISABLED)
    command: c:\windows\PCHealth\Support\PCHSchd.exe -s
    file: c:\windows\PCHealth\Support\PCHSchd.exe
    size: 24848
    MD5: 37556315e7dadd5ee414b5a438b7843d

    Located: HK_LM:Run, TaskMonitor (DISABLED)
    command: c:\windows\taskmon.exe
    file: c:\windows\taskmon.exe
    size: 28672
    MD5: a23bca4b69ac68fd410b6afccb11af07

    Located: HK_LM:RunServices, *StateMgr (DISABLED)
    command: C:\WINDOWS\System\Restore\StateMgr.exe
    file: C:\WINDOWS\System\Restore\StateMgr.exe
    size: 24848
    MD5: 02282c55dc8b1bf1ff1180c98d7337d6

    Located: HK_LM:RunServices, LoadPowerProfile (DISABLED)
    command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    file: C:\WINDOWS\Rundll32.exe
    size: 24576
    MD5: 208c3f7142c109f3055cb07c95af0f2e

    Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
    command: mstask.exe
    file: C:\WINDOWS\SYSTEM\mstask.exe
    size: 126976
    MD5: 6770eaf1dfb8d3c952dca22cd956f570

    Located: HK_CU:RunOnce, DelayShred
    command: "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SHREDDER\SHRED32.EXE" /q C:\WINDOWS\COOKIES\KATHY~25.SH! C:\WINDOWS\COOKIES\KATHY~29.SH! C:\WINDOWS\COOKIES\KATHY~28.SH! C:\WINDOWS\COOKIES\KATHYV~2.SH! C:\WINDOWS\COOKIES\KATHY~10.SH! C:\WINDOWS\COOKIES\KATHY~21.SH! C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.SH! C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~5\INDEX.SH! C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~2\INDEX.SH! C:\WINDOWS\COOKIES\INDEX.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\RD10NE74\BRANDI~1.SH! C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~3\INDEX.SH! C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~4\INDEX.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\OX2JI3Y3\MSTOOL~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\PBG1VH6I\TOC_1_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\PBG1VH6I\DEFAUL~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\OX2JI3Y3\FOOTER~1.SH! C:\WINDOWS\HISTORY\HISTORY.IE5\MSHIST~6\INDEX.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\BEERCH~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\ODE34TU7\KOENIG~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\DJ_1_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\ODE34TU7\HIPPIE~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\ODE34TU7\BIGGRI~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\BOLDYE~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\MOON_1~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\POST-1~7.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\OTM74XUF\INDEX_~2.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\SPACER~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\CHEEBU~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\P_REPO~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\POST-1~4.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\SUMO_1~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\F_NORM~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\INDEX_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\POST-1~5.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\AV-637~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\ODE34TU7\AV-203~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\NAV_1_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\INDEX_~2.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\OTM74XUF\AV-166~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\TONGUE~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\SLEEP_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\INDEX_~5.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\WINK_E~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\ODE34TU7\GRECIA~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\POST-1~5.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\P_UP_1~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\ODE34TU7\LAUGH_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\TITTIE~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\F_NORM~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\POST-1~3.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\INDEX_~6.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GXHNP3C1\POST-1~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\OTM74XUF\IBFCOD~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\ICON9_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\BR_1_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\ODE34TU7\F_PINN~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\ODE34TU7\F_HOT_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\620EVUQW\HAPPY_~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\OTM74XUF\BF_NON~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\F8TY1A14\ALTERN~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\37BB0FJX\AIM_UA~1.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\WNE3WVEZ\AIM_UA~3.SH! C:\WINDOWS\TEMPOR~1\CONTENT.IE5\WNE3WVEZ\AIM_UA~1.SH!
    file: C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SHREDDER\SHRED32.EXE
    size: 53248
    MD5: 3f60779bf05b7bb90280707508de5d0b

    Located: HK_CU:Run, McAfee.InstantUpdate.Monitor (DISABLED)
    command: "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
    file: C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe
    size: 122948
    MD5: 4bfc3d39305984c6583a042628956d84

    Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1038336
    MD5: 58f7e6434d285f4c98ad3621e0bd8c8d



    --- Browser helper object list ---
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    BHO name:
    CLSID name: AcroIEHlprObj Class
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: ACROIEHELPER.OCX
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\
    Long name: AcroIEHelper.ocx
    Short name: ACROIE~1.OCX
    Date (created): 2/17/2004 4:10:02 AM
    Date (last access): 7/15/2004
    Date (last write): 4/16/2001 4:39:02 PM
    Filesize: 37808
    Attributes:
    MD5: 8394ABFC1BE196A62C9F532511936DF7
    CRC32: 71D6E350
    Version: 0.1.0.0

    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name: SDHELPER.DLL
    Date (created): 5/12/2004 1:03:00 AM
    Date (last access): 7/15/2004
    Date (last write): 5/12/2004 1:03:00 AM
    Filesize: 744960
    Attributes: archive
    MD5: ABF5BA518C6A5ED104496FF42D19AD88
    CRC32: 5587736E
    Version: 0.1.0.3



    --- ActiveX list ---
    Microsoft XML Parser for Java (Microsoft XML Parser for Java)
    DPF name: Microsoft XML Parser for Java
    CLSID name:
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
    info link:
    info source: Patrick M. Kolla

    DirectAnimation Java Classes (DirectAnimation Java Classes)
    DPF name: DirectAnimation Java Classes
    CLSID name:
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\dajava.cab
    info link:
    info source: Patrick M. Kolla

    {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class)
    DPF name:
    CLSID name: Update Class
    description: Windows Update
    classification: Legitimate
    known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\SYSTEM\
    Long name: iuctl.dll
    Short name: IUCTL.DLL
    Date (created): 8/21/2003 4:47:54 PM
    Date (last access): 7/15/2004
    Date (last write): 8/21/2003 4:47:54 PM
    Filesize: 162400
    Attributes:
    MD5: DB2F1F57D3057FEBC19C61AB9AA77198
    CRC32: 5A03D776
    Version: 0.5.0.3

    {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control)
    DPF name:
    CLSID name: Hotmail Attachments Control
    Path: C:\WINDOWS\DOWNLOADED PROGRAM FILES\
    Long name: HMAtchmt.ocx
    Short name: HMATCHMT.OCX
    Date (created): 7/27/2003 11:47:28 PM
    Date (last access): 7/15/2004
    Date (last write): 7/27/2003 11:48:04 PM
    Filesize: 113008
    Attributes: archive
    MD5: AB8B49B64BF5A3F9B36978E33A37A5EF
    CRC32: EC5ACC60
    Version: 0.1.0.5

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\SYSTEM\MACROMED\FLASH\
    Long name: Flash.ocx
    Short name: FLASH.OCX
    Date (created): 12/8/2003 2:01:58 PM
    Date (last access): 7/15/2004
    Date (last write): 12/8/2003 2:01:58 PM
    Filesize: 933888
    Attributes:
    MD5: F7E435D02F7A48120B746E33254A70BC
    CRC32: 02AF493D
    Version: 0.7.0.0

    {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
    DPF name:
    CLSID name: HouseCall Control
    description: Trend Micro Antivirus online scanner
    classification: Legitimate
    known filename: XSCAN53.OCX
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: xscan53.ocx
    Short name: XSCAN53.OCX
    Date (created): 3/24/2004 6:22:12 PM
    Date (last access): 7/15/2004
    Date (last write): 3/24/2004 6:22:12 PM
    Filesize: 435712
    Attributes:
    MD5: 99A67AEE9A6E3EFD2126AFA0840ECBED
    CRC32: 9198FA39
    Version: 0.5.0.70



    --- Process list ---
    Spybot - Search && Destroy process list report, 7/15/2004 3:45:05 AM

    PID: 4290873579 (4290911711) C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
    PID: 4290878447 (4290911711) C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    PID: 4290892763 (4290911711) C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
    PID: 4290903863 (4290910487) C:\WINDOWS\SYSTEM\WMIEXE.EXE
    PID: 4290910487 (4290911711) C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    PID: 4290911711 (4294948003) C:\WINDOWS\EXPLORER.EXE
    PID: 4290933955 (4294857763) C:\PROGRAM FILES\MCAFEE\MCAFEE INTERNET SECURITY\GUARDDOG.EXE
    PID: 4290942823 (4294901495) C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    PID: 4291011775 (4294899051) C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    PID: 4291162243 (4291215611) C:\WINDOWS\SYSTEM\DDHELP.EXE
    PID: 4291215611 (4290911711) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    PID: 4291254275 (4290911711) C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
    PID: 4291291439 (4291293547) C:\WINDOWS\SYSTEM\RNAAPP.EXE
    PID: 4291531643 (4291509395) C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    PID: 4291817991 (2124633075) C:\WINDOWS\SYSTEM\KERNEL32.DLL
    PID: 4294721187 (4294948003) C:\WINDOWS\SYSTEM\mmtask.tsk
    PID: 4294727231 (4294880835) C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
    PID: 4294750119 (4294901287) C:\WINDOWS\SYSTEM\TAPISRV.EXE
    PID: 4294765715 (4294817163) C:\WINDOWS\SYSTEM\LEXPPS.EXE
    PID: 4294775183 (4294817163) C:\WINDOWS\SYSTEM\RPCSS.EXE
    PID: 4294817163 (4294950043) C:\WINDOWS\SYSTEM\LEXBCES.EXE
    PID: 4294857763 (4294950043) C:\WINDOWS\SYSTEM\MPREXE.EXE
    PID: 4294880835 (4294857763) C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
    PID: 4294899051 (4291241103) C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
    PID: 4294901287 (4294857763) C:\PROGRAM FILES\MCAFEE\MCAFEE INTERNET SECURITY\GUARDDOG.EXE
    PID: 4294948003 (4291817991) C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    PID: 4294950043 (4294948003) C:\WINDOWS\SYSTEM\SPOOL32.EXE


    --- Browser start & search pages list ---
    Spybot - Search && Destroy browser pages report, 7/15/2004 3:45:05 AM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\SYSTEM\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    about:blank
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    about:blank
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    about:blank
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    about:blank


    --- Winsock Layered Service Provider list ---
    Protocol 0: McAfee_GdLsp [MS.w95.spi.spx]
    GUID: {A92F523C-C596-475C-9E93-F8BCA783B1A8}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 1: McAfee_GdLsp [MS.w95.spi.spx/seq]
    GUID: {1946D539-65C0-462F-A87B-5AF846E09999}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 2: McAfee_GdLsp [MS.w95.spi.ipx]
    GUID: {EEC3C869-17CD-4A81-AC94-245716B98FBC}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 3: McAfee_GdLsp [MS.w95.spi.osp]
    GUID: {F99DF4AA-0064-4411-8BB7-3EA967790B40}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 4: McAfee_GdLsp [MS.w95.spi.tcp]
    GUID: {89299FCA-0A9C-49DD-B3B3-CE193D18B4F5}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 5: McAfee_GdLsp [MS.w95.spi.udp]
    GUID: {77B27EEE-8E47-4C14-8386-48F73DD702BE}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 6: McAfee_GdLsp [MS.w95.spi.raw]
    GUID: {A226302F-308B-47CD-8A3F-742E5FB7642B}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 7: McAfee_GdLsp [MS.w95.spi.rsvptcp]
    GUID: {F0F8F2EA-E7F8-430C-AA58-3768C8F9238B}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 8: McAfee_GdLsp [MS.w95.spi.rsvpudp]
    GUID: {C20F9B7E-9474-407B-A2AF-B8F484368208}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Protocol 9: MS.w95.spi.spx
    GUID: {FF017DE1-CAE9-11CF-8A99-00AA0062C609}
    Filename: c:\windows\SYSTEM\mswsosp.dll
    Description: Microsoft Windows 9x/ME name space provider
    DB filename: %windir%\system\mswsosp.dll
    DB protocol: MS.w95.spi.*

    Protocol 10: MS.w95.spi.spx/seq
    GUID: {FF017DE1-CAE9-11CF-8A99-00AA0062C609}
    Filename: c:\windows\SYSTEM\mswsosp.dll
    Description: Microsoft Windows 9x/ME name space provider
    DB filename: %windir%\system\mswsosp.dll
    DB protocol: MS.w95.spi.*

    Protocol 11: MS.w95.spi.ipx
    GUID: {FF017DE1-CAE9-11CF-8A99-00AA0062C609}
    Filename: c:\windows\SYSTEM\mswsosp.dll
    Description: Microsoft Windows 9x/ME name space provider
    DB filename: %windir%\system\mswsosp.dll
    DB protocol: MS.w95.spi.*

    Protocol 12: MS.w95.spi.osp
    GUID: {FF017DE1-CAE9-11CF-8A99-00AA0062C609}
    Filename: c:\windows\SYSTEM\mswsosp.dll
    Description: Microsoft Windows 9x/ME name space provider
    DB filename: %windir%\system\mswsosp.dll
    DB protocol: MS.w95.spi.*

    Protocol 13: MS.w95.spi.tcp
    GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
    Filename: c:\windows\SYSTEM\msafd.dll
    Description: Microsoft Windows 9x/ME network protocol
    DB filename: %windir%\system\msafd.dll
    DB protocol: MS.w95.spi.*

    Protocol 14: MS.w95.spi.udp
    GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
    Filename: c:\windows\SYSTEM\msafd.dll
    Description: Microsoft Windows 9x/ME network protocol
    DB filename: %windir%\system\msafd.dll
    DB protocol: MS.w95.spi.*

    Protocol 15: MS.w95.spi.raw
    GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
    Filename: c:\windows\SYSTEM\msafd.dll
    Description: Microsoft Windows 9x/ME network protocol
    DB filename: %windir%\system\msafd.dll
    DB protocol: MS.w95.spi.*

    Protocol 16: MS.w95.spi.rsvptcp
    GUID: {ECBDCBA0-334A-11D0-BD88-0000C082E69A}
    Filename: c:\windows\SYSTEM\rsvpsp.dll
    Description: Microsoft Windows 9x/ME network protocol
    DB filename: %windir%\system\rsvoso.dll
    DB protocol: MS.w95.spi.*

    Protocol 17: MS.w95.spi.rsvpudp
    GUID: {ECBDCBA0-334A-11D0-BD88-0000C082E69A}
    Filename: c:\windows\SYSTEM\rsvpsp.dll
    Description: Microsoft Windows 9x/ME network protocol
    DB filename: %windir%\system\rsvoso.dll
    DB protocol: MS.w95.spi.*

    Protocol 18: McAfee_GdLsp
    GUID: {4D7DC2C0-7807-11D6-A9EA-00045A6B76C2}
    Filename: C:\WINDOWS\SYSTEM\CSLSP.DLL

    Namespace Provider 0: DNS Name Space Provider.
    GUID: {FF017DE2-CAE9-11CF-8A99-00AA0062C609}
    Filename: c:\windows\SYSTEM\rnr20.dll
    Description: Microsoft Windows 9x/ME name space provider
    DB filename: %windir%\system\rnr20.dll
    DB protocol: DNS Name Space Provider.


    Now for the other problems I'm having. I have tried several times to DL a couple of critical updates, one each for IE 6.0 and WinME from Microsoft's website. I notice that they are both security patches, BTW. The progress message box opens but nothing happens. This is the only thing that hangs up. The computer otherwise seems to be functioning OK. If I hit "cancel", I get the message asking me if I want to send an IE error report to Microsoft or not. I sent it twice but the other times did not. Either way, IE closes. Also, tonight I have not been able to access anything via links. A window will open, smaller than my main window, and will say Microsoft Internet Explorer in the title bar, but other than that, I will only see the frame. I'm not even getting a blank screen, just seeing what is in the main window reappearing in the new window. If I move my cursor over the new window, I get the "working in the background" pointer. Again, this will be the only thing that hangs up.

    Also, the last couple of times I started the computer, McAfee Virus Scan first apparently didn't load completely (the icon in the tray was all blue, instead of blue & red as when it has completely loaded) then didn't start at all (no icon in the tray). That last has always happened once in a while since I installed the program, but it just started doing it again with all this other happy stuff that's going on!

    Finally, the reason I loaded Spybot to begin with is that, even though I have McAfee Internet Security 5.0, a few times I didn't notice that Guardian hadn't run on startup like it's supposed to until I was already on the net, or when it was running I accidentally hit yes when an Identity Information Alert screen would come up for an unidentified site. Because of this, and because I seemed to suddenly have lost a lot of MG's on my hard drive, I DL'd Spybot and Index.dat Suite. (I still seem to have a lot of memory being taken up. I can't explain it unless the Virus Scan updates are a lot bigger than I thought!) As I have very little memory to start with, I'm trying to salvage all I can get. Since I'm stuck with this ol' piece of **** indefinitely, anything you could do to help me out would be greatly appreciated!

    As per your recommendations, I DL'd HijackThis! (couldn't use your link, tho. See above) and here is the log from that:


    Logfile of HijackThis v1.98.0
    Scan saved at 2:29:43 AM, on 7/15/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE INTERNET SECURITY\GUARDDOG.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\MCAFEE\MCAFEE INTERNET SECURITY\GUARDDOG.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\HIJACKTHIS!\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
    O4 - HKLM\..\Run: [VirusScanMSC] "C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE" /EMBEDDING
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\RunServices: [GuardDogEXE] "C:\PROGRAM FILES\MCAFEE\MCAFEE INTERNET SECURITY\GUARDDOG.EXE" /SERVICE
    O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
    O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O13 - WWW. Prefix: http://
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

    Thanks!
     
  2. KLaR

    KLaR Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    3
    I just noticed that on the Spybot log, Lexstart.exe shows twice on my list of startup items, once enabled and once disabled. Also that LEXPPS.exe and LEXBCES.exe were on the running processes list. All of these refer to my printer. I have noticed the last two things showing up on the task manager sometimes when I am not printing anything. All of this is so frustrating!
     
Thread Status:
Not open for further replies.