• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
CompuGenie

How to get rid of all spy & porno junk?

2 posts in this topic

Don't know how to help my friend. He has too much of valuable info to reinstall. At the same time, he seem to have accumulated mountains of junk. Your help would be greatly appreciated. Below, I've included Hijack log & Startup list below. Also, I ran the Remove utility prior to doing snapshots.

 

Thanks a million.

 

===================================

HiJack log

===================================

Logfile of HijackThis v1.97.7

Scan saved at 6:56:59 PM, on 7/10/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2614.3500)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ATI2EVXX.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\FSI\F-PROT\F-STOPW.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\WINDOWS\SYSTEM\SXGDSENU.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\RunDLL.exe

C:\WINDOWS\SYSTEM\WMIEXE.EXE

F:\CLEANUP\MERIJN TOOLS\HIJACKTHIS 1.97.7\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csc.ee/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Радио - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [F-STOPW.EXE] "C:\Program Files\FSI\F-Prot\F-STOPW.EXE"

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [sXGDSENU] SXGDSENU.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [bEHLOR] C:\WINDOWS\BEHLOR.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Tchreg.lnk = C:\ScnOffix\TchScan\Tchreg.exe

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab

 

===================================

Startup listing

===================================

StartupList report, 7/10/04, 6:58:00 PM

StartupList version: 1.52

Started from : F:\STARTUP\STARTUPLIST 1.52.1\STARTUPLIST.EXE

Detected: Windows 98 SE (Win9x 4.10.2222A)

Detected: Internet Explorer v5.00 (5.00.2614.3500)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ATI2EVXX.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\FSI\F-PROT\F-STOPW.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\WINDOWS\SYSTEM\SXGDSENU.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\RunDLL.exe

C:\WINDOWS\SYSTEM\WMIEXE.EXE

F:\STARTUP\STARTUPLIST 1.52.1\STARTUPLIST.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\WINDOWS\Start Menu\Programs\StartUp]

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Tchreg.lnk = C:\ScnOffix\TchScan\Tchreg.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

F-STOPW.EXE = "C:\Program Files\FSI\F-Prot\F-STOPW.EXE"

ScanRegistry = c:\windows\scanregw.exe /autorun

TaskMonitor = c:\windows\taskmon.exe

SystemTray = SysTray.Exe

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

internat.exe = internat.exe

AtiCwd32 = Aticwd32.exe

AtiQiPcl = AtiQiPcl.exe

AtiPTA = Atiptaxx.exe

SXGDSENU = SXGDSENU.exe

LoadQM = loadqm.exe

TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

BEHLOR = C:\WINDOWS\BEHLOR.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

SchedulingAgent = mstask.exe

ATIPOLAB = ati2evxx.exe

Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE

MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

ATI Launchpad =

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.BAK listing:

(Created 3/7/2004, 1:19:6)

 

[rename]

NUL=c:\windows\TEMP\_iu14D2N.tmp

NUL=c:\PROGRA~1\NORTON~1

NUL=C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SCRBLOCK.DLL

NUL=C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SCRAUTH.DLL

NUL=C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1

NUL=C:\PROGRA~1\COMMON~1\SYMANT~1

 

--------------------------------------------------

 

C:\AUTOEXEC.BAT listing:

 

SET BLASTER=A220 I5 D1 T4

mode con codepage prepare=((866) c:\windows\COMMAND\ega3.cpi)

mode con codepage select=866

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Tune-up Application Start.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

 

--------------------------------------------------

End of report, 4,900 bytes

Report generated in 0.148 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0