• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Latech

Damned Popups....dpcproxy.exe problem

9 posts in this topic

I have read the FAQ....

 

I downloaded Trillian a couple of days ago along with the new MSN messenger, and after that, I've been besieged with popups and a new tool bar on my email replys (in outlook)!!! :hmmm: Help!!

 

I did a SpyBot search...it found some GAIN files, etc, and I got rid of them. The popups continued.

I did a ctrl alt del to find out what was running in the background and determined that I had:

DPCPROXY.EXE

KEYWORD.EXE

MANAGE.EXE

on my computer....I tried to go into my system folder and delete them (this has worked with other problems in the past), but they seem to keep returning upon startup.

 

I searched the internet and after some investagtion, I was led here.

 

I did a search for *.hta files and found none.

I did a search for *.js files, but couldn't open any of them in notepad (there's a BUNCH).

 

So, I did a HiJack This search and this is what it found:

 

Logfile of HijackThis v1.98.0

Scan saved at 8:10:11 PM, on 7/16/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MPRMMON.EXE

C:\WINDOWS\SYSTEM\TELEPATH.101\tpexe.exe

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\M2AUDMON.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\STARTER.EXE

C:\WINDOWS\SYSTEM\HPZTSB06.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\TSMGR.EXE

C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE

C:\WINDOWS\RunDLL.exe

C:\MONEY\SYSTEM\REMINDER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\Program Files\WorldNet\WNS20\Programs\CONNECT.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\WSASRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.halslair.com/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s

R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.webcrawler.com/"); (C:\Program Files\Netscape\Users\lorie\prefs.js)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [mmpti] c:\windows\SYSTEM\m1mmpti.exe

O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [NetZIPFolders] C:\Program Files\Netzip\nzfprop.exe /startup

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [buddyizer] C:\Program Files\Aimster\Buddyizer.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\PRMVR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE

O4 - HKLM\..\Run: [intelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe

O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe

O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\tsmgr.exe

O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\SYSTEM\DPCPROXY.exe

O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\SYSTEM\IEXPLORE.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

O4 - HKLM\..\RunServices: [rmmon] c:\windows\SYSTEM\mprmmon.exe

O4 - HKLM\..\RunServices: [telepath] TELEPATH.101\tpexe.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] c:\windows\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [Machine Debug Manager]

 

Someone please help me!!!!!

Share this post


Link to post
Share on other sites

I've just discovered that i've got redirecting going on....I've ran HiJack This several times, trying to delete some files that I've figured out from other posts are adware/malware, but it doesn't seem to help--in fact, it just seems to make the problem worse.

 

I know I just posted on the 16th, but I really need some help with this. I know some computer stuff, but just enough to be dangerous and not enough to be able to help myself..lol

Share this post


Link to post
Share on other sites

Hi,

You log is incomplete, but from what I can see ...

 

First thing to do is ...

 

Uninstall via Add Remove:

1) Netzip

2) My Way (WebSearch Toolbar.Emailplug)

May show up as: "My Way Speed Bar" or "My Search Bar" or "My Web Search".

 

Next:

 

Reconfigure Windows 98 to show hidden files:

Double-click the My Computer icon on the Windows desktop.

Click the View menu, and then click Options or Folder Options. Click the View tab.

 

In the Advanced settings box, under the "Hidden files" folder

Uncheck: "Hide file extensions for known file types"

Select: "Show all files" Ok the prompt

Click Apply, and then click OK.

 

Next:

 

Close all open windows and browsers, rescan with HijackThis.

Place a check in each of the following then click "Fix checked".

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.halslair.com/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s

R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.webcrawler.com/"); (C:\Program Files\Netscape\Users\lorie\prefs.js)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O4 - HKLM\..\Run: [NetZIPFolders] C:\Program Files\Netzip\nzfprop.exe /startup

O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\PRMVR.EXE

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe

O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe

O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\tsmgr.exe

O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\SYSTEM\DPCPROXY.exe

O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\SYSTEM\IEXPLORE.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Open Windows Explorer to C:\Windows\Temp

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\PROGRAM FILES\COMMON FILES\BTLINK <--this folder

C:\PROGRAM FILES\MYWEBSEARCH <--this folder

C:\Program Files\Netzip <--this folder

C:\WINDOWS\PRMVR.EXE <--this file

C:\WINDOWS\SYSTEM\stcloader.exe <--this file

C:\WINDOWS\SYSTEM\MANAGE.exe <--this file

C:\WINDOWS\SYSTEM\KEYWORD.exe <--this file

C:\WINDOWS\tsmgr.exe <--this file

C:\WINDOWS\SYSTEM\DPCPROXY.exe <--this file

C:\WINDOWS\SYSTEM\IEXPLORE.exe <--this file

Note: do not delete: C:\Program Files\Internet Explorer\IEXPLORE.exe

 

Restart normally and then ...

 

Download icon11.gifAd-Aware

 

After installing Ad-Aware, and before running the program.

 

Update Ad-aware's Reference File: instructions icon11.gifhere

 

Required Step: icon11.gifReconfigure Ad-Aware for Full Scan

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Edited by WinHelp2002

Share this post


Link to post
Share on other sites

Alrighty,

I did all the above directions....i hope this fixes my problem. ;) If I need to do anything else, PLEASE let me know. Also I would like to know how to avoid this problem in the future.... ;)

 

Thanks!!!!

 

Logfile of HijackThis v1.98.0

Scan saved at 2:11:34 AM, on 7/19/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MPRMMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\TELEPATH.101\tpexe.exe

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\M2AUDMON.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\STARTER.EXE

C:\WINDOWS\SYSTEM\HPZTSB06.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\RunDLL.exe

C:\MONEY\SYSTEM\REMINDER.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\WORLDNET\WNS20\PROGRAMS\Connect.exe

C:\WINDOWS\SYSTEM\WSASRV.EXE

C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.halslair.com/index.php

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\lorie\prefs.js)

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [mmpti] c:\windows\SYSTEM\m1mmpti.exe

O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [buddyizer] C:\Program Files\Aimster\Buddyizer.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE

O4 - HKLM\..\Run: [intelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\RunServices: [rmmon] c:\windows\SYSTEM\mprmmon.exe

O4 - HKLM\..\RunServices: [telepath] TELEPATH.101\tpexe.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] c:\windows\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\WINST.EXE

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Reminder] C:\Money\System\reminder.exe

O4 - HKCU\..\Run: [NETZIP SMARTDOWNLOADER] C:\WINDOWS\SYSTEM\npnzdad.exe /t

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Windows Guardian.lnk = C:\HELPSPOT\FAWGRD32.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe

O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta

O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta

O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_In.../dwnldr_ext.cab

O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab

Share this post


Link to post
Share on other sites

Hi,

Close all open windows and browsers, rescan with HijackThis.

Place a check in each of the following then click "Fix checked".

 

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\WINST.EXE

O4 - HKCU\..\Run: [NETZIP SMARTDOWNLOADER] C:\WINDOWS\SYSTEM\npnzdad.exe /t

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta

O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta

O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Open Windows Explorer to C:\Windows\Temp

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\WINDOWS\SYSTEM\WINST.EXE <--this file

C:\WINDOWS\SYSTEM\npnzdad.exe <--this file

C:\PROGRAM FILES\INTERNET EXPLORER\Toolbar <--this folder

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

 

Also I would like to know how to avoid this problem
We can address that after you get cleaned up ...

Share this post


Link to post
Share on other sites

Ok. I followed the above directions and here is my new log:

 

Logfile of HijackThis v1.98.0

Scan saved at 10:59:39 AM, on 7/19/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MPRMMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\TELEPATH.101\tpexe.exe

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\M2AUDMON.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\STARTER.EXE

C:\WINDOWS\SYSTEM\HPZTSB06.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\RunDLL.exe

C:\MONEY\SYSTEM\REMINDER.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\HELPSPOT\FAWGRD32.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\HELPSPOT\FA_GD32.EXE

C:\HELPSPOT\RTFIXM32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.halslair.com/index.php

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\lorie\prefs.js)

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [mmpti] c:\windows\SYSTEM\m1mmpti.exe

O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [buddyizer] C:\Program Files\Aimster\Buddyizer.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE

O4 - HKLM\..\Run: [intelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\RunServices: [rmmon] c:\windows\SYSTEM\mprmmon.exe

O4 - HKLM\..\RunServices: [telepath] TELEPATH.101\tpexe.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] c:\windows\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Reminder] C:\Money\System\reminder.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Windows Guardian.lnk = C:\HELPSPOT\FAWGRD32.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe

O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe

O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_In.../dwnldr_ext.cab

 

I really do appreciate this. ;):cool:

Share this post


Link to post
Share on other sites

Latech, if you see this, would you mind finding this file and emailing a copy of it to me at MY EMAIL - c:\windows\system\lspak.dll

 

This seems to be a new 010 entry that's started showing up in the last few days, and I'd just like to verify what it is. Thanks.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0