• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
eastward

How to get rid of these Intenet Optimizers

13 posts in this topic

My homepage was hijack but you guys help me remove it, after that I downloaded all the IE security patches from Microsoft.

 

 

Now when I was surfing the web the other night I kept getting popups directing me to myexexex and casinopalazzo.com. I ran Spybot S&D and it found nothing but Spy hunter (free verision) found parasites named DyFuCA, Blnet, and Minibug and says that the first two are internet optmizers. There's also a program named Active Alert in my add/remove program file witch I think is related to the parasites should I manually remove them all.

 

 

Here's my HJT log, thanks in advance.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 11:15:29 AM, on 6/2/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS.001\SYSTEM\KERNEL32.DLL

C:\WINDOWS.001\SYSTEM\MSGSRV32.EXE

C:\WINDOWS.001\SYSTEM\MPREXE.EXE

C:\WINDOWS.001\SYSTEM\mmtask.tsk

C:\WINDOWS.001\SYSTEM\MSTASK.EXE

C:\WINDOWS.001\SYSTEM\WINMODEM.101\wmexe.exe

C:\WINDOWS.001\SYSTEM\MPRMMON.EXE

C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE

C:\WINDOWS.001\EXPLORER.EXE

C:\WINDOWS.001\SYSTEM\M2AUDMON.EXE

C:\WINDOWS.001\TASKMON.EXE

C:\WINDOWS.001\SYSTEM\SYSTRAY.EXE

C:\WINDOWS.001\STARTER.EXE

C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE

C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER.EXE

C:\WINDOWS.001\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\AIM\AIM.EXE

C:\WINDOWS.001\SYSTEM\MSWHEEL.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\HP OFFICEJET D SERIES\BIN\HPOOJD07.EXE

C:\PROGRAM FILES\MICROSOFT ENCARTA\ENCARTA REFERENCE LIBRARY 2003\EDICT.EXE

C:\WINDOWS.001\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOEVM07.EXE

C:\WINDOWS.001\SYSTEM\HPOIPM07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOSTS07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOFXM07.EXE

C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE

C:\WINDOWS.001\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE

C:\WINDOWS.001\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLWBSPD.EXE

C:\WINDOWS.001\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.001\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS.001\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.001\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe

O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe

O4 - HKLM\..\Run: [mmpti] C:\WINDOWS.001\SYSTEM\m1mmpti.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [spyHunter] C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS.001\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

O4 - HKLM\..\RunServices: [rmmon] C:\WINDOWS.001\SYSTEM\mprmmon.exe

O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE

O4 - Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8104.6097453704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Share this post


Link to post
Share on other sites

Hello eastward,

 

 

Not suprised to see that Spy Hunder (free version) has found some parasites.

SpyHunter finds things that aren't there so that it can blackmail you into paying for it in order to get rid of the things it claims it finds...

I strongly suggest that you delete that program.

 

read about it. .

 

I just want to make sure that you ran the the latest version of Spybot S&D.

 

I would suggest you run Spybot again. Not all parasites are identified in the first trial.

Also, download and run AdAware, with the latest definition tables.

 

This will ensure that nothing is pending on:

 

Blnet, Minibug and

DyFuCA = Intetnet Optimizer. = program named "Active Alert" in your add/remove program file.

 

If DyFuCA is still in your add/remove program file, remove it.

 

But I suspect that it's some remnant from the previous parasites that you previously cleaned.

 

Now, run HJT and let if fix this one.

 

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

 

 

I find it strange that your do not have any R0 or R1 entries in your HighjackThis log. the "myexexex.com" parasite will add many entries in your registry that will redirect your browser.

I want to find out more before suggesting a fix.

 

Close all programs.

 

Reboot.

 

 

Run HJT and post a new log.

Share this post


Link to post
Share on other sites

ok, I deleted spyhunter by removeing it from add/remove.

 

Downloaded AdAware ran it and deleted what it found. Re-ran SpyBot S&D it found nothing. Ran HTJ and deleted what you said to delet.

 

Rebooted and ran HTJ here's the log

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:57:15 PM, on 6/4/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS.001\SYSTEM\KERNEL32.DLL

C:\WINDOWS.001\SYSTEM\MSGSRV32.EXE

C:\WINDOWS.001\SYSTEM\MPREXE.EXE

C:\WINDOWS.001\SYSTEM\mmtask.tsk

C:\WINDOWS.001\SYSTEM\MSTASK.EXE

C:\WINDOWS.001\SYSTEM\WINMODEM.101\wmexe.exe

C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE

C:\WINDOWS.001\EXPLORER.EXE

C:\WINDOWS.001\TASKMON.EXE

C:\WINDOWS.001\SYSTEM\SYSTRAY.EXE

C:\WINDOWS.001\STARTER.EXE

C:\WINDOWS.001\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\AIM\AIM.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE

C:\WINDOWS.001\SYSTEM\MSWHEEL.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\HP OFFICEJET D SERIES\BIN\HPOOJD07.EXE

C:\PROGRAM FILES\MICROSOFT ENCARTA\ENCARTA REFERENCE LIBRARY 2003\EDICT.EXE

C:\WINDOWS.001\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOEVM07.EXE

C:\WINDOWS.001\SYSTEM\HPOIPM07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOSTS07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOFXM07.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/en/default.asp

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.001\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS.001\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.001\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe

O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe

O4 - HKLM\..\Run: [mmpti] C:\WINDOWS.001\SYSTEM\m1mmpti.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS.001\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE

O4 - Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)

O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8104.6097453704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

eastward,

 

Close all running programs and let HJT fix this entry.

 

R3 - Default URLSearchHook is missing

 

Reboot

 

Run HJT and post a new log.

 

Let me know also what problem(s) you are still having.

Share this post


Link to post
Share on other sites

ok, web surfing does'int seem to be as slow and I haven't gotten any popups yet. but the popups never frequent.

 

 

fixed what you said with hjt and rebooted, here new hjt log.

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 11:57:08 AM, on 6/5/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS.001\SYSTEM\KERNEL32.DLL

C:\WINDOWS.001\SYSTEM\MSGSRV32.EXE

C:\WINDOWS.001\SYSTEM\MPREXE.EXE

C:\WINDOWS.001\SYSTEM\mmtask.tsk

C:\WINDOWS.001\SYSTEM\MSTASK.EXE

C:\WINDOWS.001\SYSTEM\WINMODEM.101\wmexe.exe

C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE

C:\WINDOWS.001\EXPLORER.EXE

C:\WINDOWS.001\TASKMON.EXE

C:\WINDOWS.001\SYSTEM\SYSTRAY.EXE

C:\WINDOWS.001\STARTER.EXE

C:\WINDOWS.001\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\AIM\AIM.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE

C:\WINDOWS.001\SYSTEM\MSWHEEL.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\HP OFFICEJET D SERIES\BIN\HPOOJD07.EXE

C:\PROGRAM FILES\MICROSOFT ENCARTA\ENCARTA REFERENCE LIBRARY 2003\EDICT.EXE

C:\WINDOWS.001\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOEVM07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOSTS07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOFXM07.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/en/default.asp

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.001\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS.001\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.001\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe

O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe

O4 - HKLM\..\Run: [mmpti] C:\WINDOWS.001\SYSTEM\m1mmpti.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS.001\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE

O4 - Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8104.6097453704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

 

Is there any thing else I should delete.

Share this post


Link to post
Share on other sites

Well done eastward,

 

New log looks good to me.

 

I suggest you read this article.

 

"So how did I get infected in the first place?" - by: Tony Klein.

http://forums.net-integration.net/index.php?showtopic=3051

 

If you want to read about pop-ups.

 

How To: Deal with Unwanted Pop-ups

http://www.mvps.org/winhelp2002/nopopups.htm

 

It may be time to clear your Temporary Internet Files (TIF).

 

Under Menu: Tools/Internet Options/General tab.

Second section, Temporary Internet Files, Click delete files...,

Next, click delete all off line content.

Next, click OK, and click OK again to get out.

You will have to wait a little while, the timer will indicate busy while the files are being deleted.

 

Then defrag. your disk(s)

This article describes the Disk Defragmenter tool included in Windows 98 and Windows (Me).

http://support.microsoft.com/?kbid=186171.

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0