Jump to content


Photo

After 5 months, "Best of the Web" is back.


  • Please log in to reply
1 reply to this topic

#1 I/H/S

I/H/S

    Member

  • New Member
  • Pip
  • 1 posts

Posted 20 July 2004 - 01:50 AM

Today, after having removed it about 5 months ago, I finally got another screen-covering "Best of the Web" (coolwebsearch?) popup, and would like to make sure that this will not affect my system again. Please take a look at the log below and make any recommendations:



Logfile of HijackThis v1.98.0
Scan saved at 11:52:34 PM, on 7/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\WINCLEANER ANTIVIRUS\CATEYE95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE
C:\PROGRAM FILES\WINCLEANER ANTIVIRUS\MAILSVR.EXE
C:\PROGRAM FILES\WINCLEANER ANTIVIRUS\UPSCHD.EXE
C:\PROGRAM FILES\WINCLEANER ANTIVIRUS\QHM32.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
C:\LAPLINK PROFESSIONAL\TSISCHED.EXE
C:\EZ-S.M.A.R.T\EZSMART.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\IPCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\2M0M2FFQ\HIJACKTHIS[1].EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\WINCLE~1\MailSvr.exe
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\WINCLE~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\WINCLE~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\WINCLE~1\CATEYE.EXE /start
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRAM FILES\WINCLEANER ANTIVIRUS\QHM32.EXE
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\WINCLE~1\QHSTRT32.EXE /loadrun
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\EARTHLINK TOTALACCESS\ACCELERATOR\PROPELAC.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Quick Heal On-Line Protection] C:\PROGRA~1\WINCLE~1\CATEYE.EXE
O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] C:\PROGRAM FILES\WINCLEANER ANTIVIRUS\QHSTRT32.EXE /check
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O4 - Startup: Scheduler.lnk = C:\LapLink Professional\tsisched.exe
O4 - Startup: EZSMART App.lnk = C:\EZ-S.M.A.R.T\EZSMART.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - c:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - c:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MSN - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - (no file) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .ASP: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com.../autopricer.cab

#2 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 20 July 2004 - 07:59 AM

Hi,
Your log looks clean ...

Just to make sure, clear you cache files ...
http://www.mvps.org/...02/delcache.htm

Restart in Ms-Dos Mode
From C:\> (type and press Enter after each command)

cd\windows
smartdrv
deltree tempor~1
deltree history
deltree temp


Restart (Ctrl-Alt-Del)
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button