• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
StrawbridgeAcres

Replicating home page problem

7 posts in this topic

I appreciate any help you may be able to give me. I read your postings and hope I am following your instructions correctly. I cannot get to a site without my home page popping up over and over, then I get popups like a all yellow page with a big STOP sign on it, followed by a picture with an obvious link to a porn site. I do not and have never visited porn sites. I then get many popups, and the home page keeps coming up over and over and over.

 

I downloaded Ad-Aware, SpyBot, CWShredder, and HiJackThis. I ran Ad-Aware first, followed by SpyBot, followed by CWShredder (said my system was clean), and then HJT. Where possible I updated the application first before running. I am running Windows 98, I have Spy Sweeper and Zone Alarm installed and running when I attempt to use the internet, and the problem continues.

 

I am going from the computer via a LinkSys wireless card to a LinkSys router, that is cabled via usb to a Westell modum, that is connected to a phone line with DSL service.

 

Thanks for any help! Very much appreciate your taking time to help! The HJT log follows.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:06:47 PM, on 6/12/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\WINDOWS\STUTFIX.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE

C:\COMPAQ\INTERNET\WATCHDOG.EXE

C:\WINDOWS\TEMP\JTY.EXE

C:\WINDOWS\MSCMGR.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\WINDOWS\SYSTEM\BWJFX8F.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\WINDOWS\SYSTEM\BWJFX8F.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Lcom.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\SRNG\SNHELPER.DLL (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART

O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe

O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN

O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE

O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE

O4 - HKLM\..\Run: [billMinder] C:\QUICKENW\BILLMIND.EXE

O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Jty] C:\WINDOWS\TEMP\JTY.EXE

O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\mscmgr.exe

O4 - HKLM\..\Run: [25R645#2#JERX9] C:\WINDOWS\SYSTEM\HnvnCv.exe

O4 - HKLM\..\Run: [pE9O37j] NCO0_32.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AutoLoaderptqy1JWjJJWO] "C:\WINDOWS\SYSTEM\NCO0_32.EXE" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe

O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\WINST.EXE

O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O8 - Extra context menu item: Send Image to Photo Library - file://C:\WINDOWS\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

There are several problems here, so let's take them one at a time.

 

First thing is to clean the Peper Trojan. You can find the tool at http://www.subratam.org/?page=removal Scroll Down to find the Peper Fix. Download the program and run it (you need to be connected to the Internet while doing this). Run it a second time to be sure.

 

Restart your computer and run another hijackthis log. Post it in this thread. I'll come by and go over what needs to be done next.

Share this post


Link to post
Share on other sites

Appreciate the Help! I downloaded Peper Fix and ran it. I then rebooted and ran it again. Then I ran HJT and have a new log shown below.

 

Logfile of HijackThis v1.97.7

Scan saved at 7:40:33 AM, on 6/13/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE

C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\WINDOWS\STUTFIX.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE

C:\COMPAQ\INTERNET\WATCHDOG.EXE

C:\WINDOWS\TEMP\JTY.EXE

C:\WINDOWS\MSCMGR.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Lcom.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\SRNG\SNHELPER.DLL (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART

O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe

O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN

O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE

O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE

O4 - HKLM\..\Run: [billMinder] C:\QUICKENW\BILLMIND.EXE

O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Jty] C:\WINDOWS\TEMP\JTY.EXE

O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\mscmgr.exe

O4 - HKLM\..\Run: [25R645#2#JERX9] C:\WINDOWS\SYSTEM\Elq0h.exe

O4 - HKLM\..\Run: [pE9O37j] NCO0_32.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AutoLoaderptqy1JWjJJWO] "C:\WINDOWS\SYSTEM\NCO0_32.EXE" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe

O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\WINST.EXE

O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O8 - Extra context menu item: Send Image to Photo Library - file://C:\WINDOWS\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

I downloaded and ran Peper Fix, rebooted, then ran it again. On the second run, no items were found. I then ran HJT and the log file follows.

 

Logfile of HijackThis v1.97.7

Scan saved at 7:40:33 AM, on 6/13/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE

C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\WINDOWS\STUTFIX.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE

C:\COMPAQ\INTERNET\WATCHDOG.EXE

C:\WINDOWS\TEMP\JTY.EXE

C:\WINDOWS\MSCMGR.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Lcom.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\SRNG\SNHELPER.DLL (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART

O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe

O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN

O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE

O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE

O4 - HKLM\..\Run: [billMinder] C:\QUICKENW\BILLMIND.EXE

O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Jty] C:\WINDOWS\TEMP\JTY.EXE

O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\mscmgr.exe

O4 - HKLM\..\Run: [25R645#2#JERX9] C:\WINDOWS\SYSTEM\Elq0h.exe

O4 - HKLM\..\Run: [pE9O37j] NCO0_32.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AutoLoaderptqy1JWjJJWO] "C:\WINDOWS\SYSTEM\NCO0_32.EXE" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe

O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\WINST.EXE

O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O8 - Extra context menu item: Send Image to Photo Library - file://C:\WINDOWS\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Good. Now, restart your computer in Safe Mode. To do this, either 1. hold down the Ctrl key or 2. press the F8 key (different versions of Win98 use different methods) until you see a black screen. Use the arrow keys to highlight "Safe Mode" and press Enter

 

With Internet Explorer closed, run Hijackthis again. Click on "scan" and put a check mark by the following items:

 

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\SRNG\SNHELPER.DLL (file missing)

O4 - HKLM\..\Run: [Jty] C:\WINDOWS\TEMP\JTY.EXE

O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\mscmgr.exe

O4 - HKLM\..\Run: [25R645#2#JERX9] C:\WINDOWS\SYSTEM\Elq0h.exe

O4 - HKLM\..\Run: [pE9O37j] NCO0_32.EXE

O4 - HKLM\..\Run: [AutoLoaderptqy1JWjJJWO] "C:\WINDOWS\SYSTEM\NCO0_32.EXE" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\WINST.EXE

O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

 

Click on "Fix checked" and delete the items.

 

Next, search for the following and, if found, delete:

 

JTY.EXE

mscmgr.exe

Elq0h.exe

NCO0_32.EXE

WINST.EXE

"C:\Program Files\Common files\WinTools" folder

"C:\TV MEDIA" folder

 

Restart the computer. Test it out for a few minutes, then post the new hijackthis log.

Share this post


Link to post
Share on other sites

I followed all instructions above, then restarted the computer and went through several different web sites without ANY popups showing and the home page did not replicate itself even once! Thank you so very much!

 

I am nearing retirement, and greatly appreciate the help you have provided thus far. I would like to know what I would need to do in order to understand the logs from HiJackThis, and if I could possibly be a resource to help other people. I have worked with computers now for the past 30 years.

 

The new HiJackThis log follows.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:59:19 PM, on 6/13/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE

C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\WINDOWS\STUTFIX.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE

C:\COMPAQ\INTERNET\WATCHDOG.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Lcom.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART

O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe

O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN

O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE

O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE

O4 - HKLM\..\Run: [billMinder] C:\QUICKENW\BILLMIND.EXE

O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe

O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O8 - Extra context menu item: Send Image to Photo Library - file://C:\WINDOWS\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

It seems OK to me.

 

If you're interested in getting involved, there are general instructions on Hijackthis at http://www.spywareinfo.com/~merijn/htlogtutorial.html There is also a very good tutorial on Hijackthis at Bleeping Computer.

 

If you feel you want to work on becoming a Helper here, go to http://www.spywareinfoforum.com/index.php?showtopic=34 and ask to join the Boot Camp.

 

30 years, huh? I've been doing it for twenty. It's nice to show the young folk that us old guys can keep up. :D

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0