• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Wannabe

12 days since first post and need HELP!!!

11 posts in this topic

Hello, :wave:

 

It's been 12 days since my first log post and I decided to fix somethings by myself with Hijack This. Unfortunately somethings still remained even though I checked off the items. :huh:

 

I checked off the following and they still remain after another scan was done: :scratchhead:

 

I also removed Weather Bug that was on the computer before.

 

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

 

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

 

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

 

Here is the new log. I used my Add/Remove Programs, CWS Shredder, Spybot S&D, and Hijack This.

 

Thanks to anyone that can assist me. I would also like to learn how to become a helper as well noticing that there seems to be a shortage in help. :bounce:

 

:alarm:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:49:35 PM, on 7/26/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE

C:\PROGRAM FILES\LAN-EXPRESS\LANEXPRESS_11B\UTILITY\WLANUTIL.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE

C:\WINDOWS\SYSTEM\MSWHEEL.EXE

C:\PROGRAM FILES\FRONTIERNET\FRONTIERNET DSL ATTENDANT\APP\TANGOMANAGER.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0001.1004\EN-US\MSNAPPAU.EXE

C:\PROGRAM FILES\AIM\AIM.EXE

C:\WINDOWS\SYSTEM\NDRV.EXE

C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 2000\QSHELF2K.EXE

C:\WINDOWS\SYSTEM\MRTMNGR.EXE

C:\QUICKEN2000\QWDLLS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

F1 - win.ini: run=hpfsched

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0001.1004\EN-US\MSNTB.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0001.1004\EN-US\MSNTB.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE

O4 - HKLM\..\Run: [Lan11bWireless] C:\Program Files\LAN-Express\LanExpress_11b\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\APP\TANGOM~1.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE

O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\Run: [sys Ren] C:\WINDOWS\SysRen.exe /S

O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Personal Firewall\NISSERV.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Quicken Startup.lnk = C:\QUICKEN2000\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\QUICKEN2000\BILLMIND.EXE

O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: Dell Home - {AC33DD60-D069-11D3-9F05-20F767C17C2F} - http://www.dell.com/ (file missing) (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

Edited by Wannabe

Share this post


Link to post
Share on other sites

Just to reassure you someone is reading your post. Suggest you read the pinned topics

at the beginning of this forum, and please don't try to delete anything else with HijackThis, unless you are 100% sure you don't want it.

You can train as a helper in Bootcamp, would love to have you onboard and will create a link when I have more time, looks like spyware bits and pieces left in your log, but read the pinned topics, O.K.

One thing you can do is try AdAware, click on my link below, it's a good free program, see what it finds. :D

Edited by jedi

Share this post


Link to post
Share on other sites

make sure to get rid of tvmedia (tvm) that is one horrible little program for giving you spyware/popups

remove it in safemode and make sure to manually delete all related files as uninstall doesnt seem to really uninstall it.

Share this post


Link to post
Share on other sites

I'm sorry you've had to wait so long, but I'm glad to see that you want to learn how to fight this garbage and help others. We can sure use all the help we can get!

 

First, attempt to uninstall TV Media thru Add/Remove Programs.

 

Next, run a new HijackThis scan, and mark any of these items still present for removal:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

 

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

 

O4 - HKLM\..\Run: [sys Ren] C:\WINDOWS\SysRen.exe /S

 

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

 

O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe

 

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

 

Make sure all browser and Windows Explorer windows are closed, and click on Fix Checked.

 

Reboot into Safe Mode (How to boot into Safe Mode).

 

Open Windows Explorer and reconfigure it to Enable Hidden Files:

Open the Windows Explorer Folder Options - View [tab]:

Scroll down to the Files and Folders section.

Select: Display the contents of system folders.

Scroll down to the Hidden Files and Folders section.

Select: Show hidden files and folders, Ok the prompt

Uncheck: Hide file extensions for known file types

Uncheck: Hide protected operating system files

Ok the Prompt, click Apply

 

Click the Apply to all Folders button.

 

If it wasn't uninstalled, delete this folder and all contents:

 

C:\TV MEDIA

 

Now delete these files:

 

C:\WINDOWS\SysRen.exe

C:\WINDOWS\SYSTEM\NDRV.EXE

 

Go to C:\WINDOWS\TEMP and empty the folder, but leave the folder.

 

Reboot normally.

 

In Internet Explorer, go to Tools -> Internet Options and under Temporary Internet files click Delete Cookies and Delete Files - in the popup box, put a check by Delete all offline content and click OK.

 

Run a new HijackThis scan, post a followup log, and say if your problems persist.

Share this post


Link to post
Share on other sites

Thanks Everyone! :D

 

I did as you folks instructed and here is the new log:

 

After following all the instructions and rebooting, I have a Microsoft Connection Manager Window pop up stating that the Service Profile is damaged and to reinstall it (not sure how to do that one). Also, the home page was changed to about:blank so I made MSN.com the new default homepage. A new toolbar was installed redirecting you to adult sites so I used CWS Shredder and Spybot to remove several other programs that installed themselves after reboot. :wtf:

Hopefully this computer is now clean but please look it over for anything that was missed or is new.

 

Thanks again!

 

Logfile of HijackThis v1.98.0

Scan saved at 1:07:51 PM, on 7/27/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE

C:\PROGRAM FILES\LAN-EXPRESS\LANEXPRESS_11B\UTILITY\WLANUTIL.EXE

C:\WINDOWS\SYSTEM\MSWHEEL.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE

C:\PROGRAM FILES\FRONTIERNET\FRONTIERNET DSL ATTENDANT\APP\TANGOMANAGER.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0001.1004\EN-US\MSNAPPAU.EXE

C:\WINDOWS\REDIRECT7.EXE

C:\WINDOWS\SYSTEM\MRTMNGR.EXE

C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 2000\QSHELF2K.EXE

C:\QUICKEN2000\QWDLLS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - Default URLSearchHook is missing

F1 - win.ini: run=hpfsched

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0001.1004\EN-US\MSNTB.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0001.1004\EN-US\MSNTB.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE

O4 - HKLM\..\Run: [Lan11bWireless] C:\Program Files\LAN-Express\LanExpress_11b\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\APP\TANGOM~1.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE

O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [redirect] C:\WINDOWS\redirect7.exe

O4 - HKLM\..\Run: [easywww] C:\WINDOWS\EASYWWW2.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Personal Firewall\NISSERV.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\RunOnce: [DeleteDotComToolbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TOOLBAR_NIEUW14.DLL"

O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Quicken Startup.lnk = C:\QUICKEN2000\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\QUICKEN2000\BILLMIND.EXE

O4 - Startup: America Online Tray Icon.lnk = C:\WINDOWS\SYSTEM\CMMGR32.EXE

O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: Dell Home - {AC33DD60-D069-11D3-9F05-20F767C17C2F} - http://www.dell.com/ (file missing) (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

Share this post


Link to post
Share on other sites

Looking over my log carefully I did notice that the EasyWWW was there and so I searched and removed the program from the Windows folder and used HJT to remove the line

 

O4 - HKLM\..\Run: [easywww] C:\WINDOWS\EASYWWW2.exe.

 

Here is my new log posting:

 

Logfile of HijackThis v1.98.0

Scan saved at 2:30:19 PM, on 7/27/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE

C:\PROGRAM FILES\LAN-EXPRESS\LANEXPRESS_11B\UTILITY\WLANUTIL.EXE

C:\WINDOWS\SYSTEM\MSWHEEL.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE

C:\PROGRAM FILES\FRONTIERNET\FRONTIERNET DSL ATTENDANT\APP\TANGOMANAGER.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0001.1004\EN-US\MSNAPPAU.EXE

C:\WINDOWS\REDIRECT7.EXE

C:\WINDOWS\SYSTEM\MRTMNGR.EXE

C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 2000\QSHELF2K.EXE

C:\QUICKEN2000\QWDLLS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - Default URLSearchHook is missing

F1 - win.ini: run=hpfsched

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0001.1004\EN-US\MSNTB.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0001.1004\EN-US\MSNTB.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE

O4 - HKLM\..\Run: [Lan11bWireless] C:\Program Files\LAN-Express\LanExpress_11b\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\APP\TANGOM~1.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE

O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [redirect] C:\WINDOWS\redirect7.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Personal Firewall\NISSERV.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\RunOnce: [DeleteDotComToolbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TOOLBAR_NIEUW14.DLL"

O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Quicken Startup.lnk = C:\QUICKEN2000\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\QUICKEN2000\BILLMIND.EXE

O4 - Startup: America Online Tray Icon.lnk = C:\WINDOWS\SYSTEM\CMMGR32.EXE

O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: Dell Home - {AC33DD60-D069-11D3-9F05-20F767C17C2F} - http://www.dell.com/ (file missing) (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

 

 

:alarm:

Should I run HJT again and check off the following lines?

:alarm:

R3 - Default URLSearchHook is missing

 

O4 - HKLM\..\Run: [redirect] C:\WINDOWS\redirect7.exe

 

O4 - HKCU\..\RunOnce: [DeleteDotComToolbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TOOLBAR_NIEUW14.DLL"

 

I'm slowly learning to read the logs but will also practice on the Practice logs in BootCamp.

 

Thanks for any advice! :wave:

Share this post


Link to post
Share on other sites

Yes, run HJT again and fix those lines:

 

R3 - Default URLSearchHook is missing

 

O4 - HKLM\..\Run: [redirect] C:\WINDOWS\redirect7.exe

 

O4 - HKCU\..\RunOnce: [DeleteDotComToolbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TOOLBAR_NIEUW14.DLL"

 

 

Using either IE (Tools menu) or Control Panel, open the Internet Options window, click the Programs tab and click Reset Web Settings. This will reset the above Search option settings to the default - you'll have to reset your start page if you want something different.

 

I'M not sure how anything done above would affect the Service Profile - I don't have any Service Profile on my W98 system. It may be related to your DSL provider - there should be some related program on your system to reinstall it. See if doing this leads to anything:

 

Click Start, point to Programs, point to Administrative Tools, and then look for Connection Manager or Connection Manager Administration Kit. This was from a W2K system - I'll look for more info on this.

 

Other than those, the log is looking good - but since some things showed up that weren't in earlier logs, post another one for one more look.

Share this post


Link to post
Share on other sites

Thanks for the help everyone! :wave:

 

This is my father-in-law's computer so it's been a while since I was able to get back to it.

 

I think it is clean now. Can someone look it over for anything that I may have missed?

Thanks! :D

 

Here is the new log postingLogfile of HijackThis v1.98.0

Scan saved at 2:42:57 PM, on 8/16/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE

C:\WINDOWS\SYSTEM\MSWHEEL.EXE

C:\PROGRAM FILES\LAN-EXPRESS\LANEXPRESS_11B\UTILITY\WLANUTIL.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE

C:\PROGRAM FILES\FRONTIERNET\FRONTIERNET DSL ATTENDANT\APP\TANGOMANAGER.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\EN-US\MSNAPPAU.EXE

C:\WINDOWS\REDIRECT7.EXE

C:\PROGRAM FILES\AIM\AIM.EXE

C:\WINDOWS\SYSTEM\MRTMNGR.EXE

C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 2000\QSHELF2K.EXE

C:\QUICKEN2000\QWDLLS.EXE

C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

F1 - win.ini: run=hpfsched

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.0002.1001\EN-XU\STMAIN.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE

O4 - HKLM\..\Run: [Lan11bWireless] C:\Program Files\LAN-Express\LanExpress_11b\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\APP\TANGOM~1.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE

O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Personal Firewall\NISSERV.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl

O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Quicken Startup.lnk = C:\QUICKEN2000\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\QUICKEN2000\BILLMIND.EXE

O4 - Startup: America Online Tray Icon.lnk = C:\WINDOWS\SYSTEM\CMMGR32.EXE

O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: Dell Home - {AC33DD60-D069-11D3-9F05-20F767C17C2F} - http://www.dell.com/ (file missing) (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab

Share this post


Link to post
Share on other sites

Looks clean, Wannabe, good job! :thumbsup:

 

There are a few items considered to be resource hogs that don't necessarily need to be running at startup, but they're no big deal. Check out the Optional Fixes threads in the Tutorials subforum in Boot Camp, if you're interested in learning what they are.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0