Internet Explorer resets my options

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

nibor

Thread Starter
Joined
Aug 6, 2003
Messages
75
I have Windows 98SE with IE6 and OE6. I keep setting Tools-Internet options-Connections to "dial whenever a network connection is not present." I click on "Apply" and this lasts a short while, then IE automatically resets to "Never dial a connection". Any ideas on how this can happen and how I can stop it?

Nibor
 
Joined
Jul 16, 2004
Messages
2,653
I have heard that some versions of netscape can cause this if they are installed on the system (can't confirm though)
 

nibor

Thread Starter
Joined
Aug 6, 2003
Messages
75
Thanks for your reply, Dugg. Actually I don't have Netscape on my computer, so I don't think that can be the answer in my case.

Nibor
 
Joined
Mar 28, 2003
Messages
3,998
I know this doesn't fix your problem, just information for you,

From a security point of view, you are better off with never dial a connection. That way you manually have to connect to the net. Should you pick up any bad guys that want to dial home or elsewhere, they can't do it automatically.

sekirt
 

nibor

Thread Starter
Joined
Aug 6, 2003
Messages
75
To Crushbone - here is the log file:

Logfile of HijackThis v1.99.0
Scan saved at 23:24:38, on 1/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ADSTATUS SERVICE\ADSTATSERV.EXE
C:\TEMP\SALM.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\INVENTION PILOT\TRAY PILOT LITE\TRAYPLT.EXE
C:\TOYS\DESKMENU.EXE
C:\PROGRAM FILES\PC MAGAZINE UTILITIES\RAPIDRES\RAPIDRES.EXE
C:\PROGRAM FILES\ADSTATUS SERVICE\ADSTATKEEP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\TCLOCK\TCLOCK.EXE
C:\WINDOWS\SYSTEM\SYSTEMP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ACCOUNTS\MONEYBOX32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.takefiles.com/files/HijackThis199Final[www.click-now.net].zip
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_17_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_17_0.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [NB Common Dialog Enhancements] C:\PROGRA~1\MCAFEE\MCAFEE~1\comdlgex.exe
O4 - HKLM\..\Run: [Start Menu Enhancements] C:\PROGRA~1\MCAFEE\MCAFEE~1\startm.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Oil Change] C:\PROGRA~1\MCAFEE\OILCHA~1\OCTray32.exe Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [TypeChargeRun] C:\PROGRAM FILES\NCH SWIFT SOUND\TYPECHARGE\TCHARGE.EXE /logon
O4 - HKLM\..\Run: [AdStatus Service] C:\PROGRAM FILES\ADSTATUS SERVICE\ADSTATSERV.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [dih] C:\WINDOWS\dih.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Tray Pilot Lite] "C:\PROGRAM FILES\INVENTION PILOT\TRAY PILOT LITE\TRAYPLT.EXE"
O4 - Startup: DESKMENU.EXE.lnk = C:\Toys\DESKMENU.EXE
O4 - Startup: RapidRes.lnk = C:\Program Files\PC Magazine Utilities\RapidRes\RapidRes.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Startup: TClock.exe.lnk = C:\Tclock\TClock.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\word2002\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Omniquad MyPrivacy - {B72455AE-D3DE-492a-8FE0-0EA053B85277} - C:\Program Files\Omniquad MyPrivacy\MyPrivacy.exe
O9 - Extra 'Tools' menuitem: Omniquad MyPrivacy - {B72455AE-D3DE-492a-8FE0-0EA053B85277} - C:\Program Files\Omniquad MyPrivacy\MyPrivacy.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\system\intralaunch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c8.cab
O21 - SSODL: systemp - {CC3009AB-2A3F-4DCB-9880-D028570272E1} - systemp.dll (file missing)
 
Joined
Aug 5, 2004
Messages
1,137
Open Task Manager (ctrl+alt+delete), find and end the following processes:
ADSTATSERV.EXE
SALM.EXE
ADSTATKEEP.EXE
SYSTEMP.EXE


Find and delete the following files and folders hilighted in RED:
C:\PROGRAM FILES\ADSTATUS SERVICE
C:\TEMP\SALM.EXE
C:\WINDOWS\SYSTEM\SYSTEMP.EXE

Run HijackThis and fix the following entries:

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

O4 - HKLM\..\Run: [AdStatus Service] C:\PROGRAM FILES\ADSTATUS SERVICE\ADSTATSERV.EXE

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...s/yinst0401.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...e/bridge-c8.cab

O21 - SSODL: systemp - {CC3009AB-2A3F-4DCB-9880-D028570272E1} - systemp.dll (file missing)


Restart your computer and post a fresh HijackThis log back on this thread.
 

nibor

Thread Starter
Joined
Aug 6, 2003
Messages
75
I wasn't able to end system.exe on ctrl+alt+delete as it wasn't there, and adstatserv.exe and adstatkeep.exe, though there, refused to go away. I deleted the folder adstatus service and the file salm.exe, but system.exe couldn't be deleted as Windows said it was still in use. Nevertheless I ran Hijack this and fixed the suggested files and give the revised log below. I had a message saying that some third party had removed 180 search assistant and that without it some programs might not run properly. Having no idea what this is I agreed for it to be reinstalled. Was it one of those dealt with by Hijack this?

I'm very grateful for your help, Crushbone, but have to say I hope you know what you're doing because I haven't a clue what I'm doing!!

Here's the log:

Logfile of HijackThis v1.99.0
Scan saved at 11:34:23, on 2/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\DIH.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\INVENTION PILOT\TRAY PILOT LITE\TRAYPLT.EXE
C:\TOYS\DESKMENU.EXE
C:\PROGRAM FILES\PC MAGAZINE UTILITIES\RAPIDRES\RAPIDRES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\TCLOCK\TCLOCK.EXE
C:\PROGRAM FILES\MCAFEE\OIL CHANGE\SCHEDAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.nwolb.com/secure/superExit.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_17_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_17_0.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [NB Common Dialog Enhancements] C:\PROGRA~1\MCAFEE\MCAFEE~1\comdlgex.exe
O4 - HKLM\..\Run: [Start Menu Enhancements] C:\PROGRA~1\MCAFEE\MCAFEE~1\startm.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Oil Change] C:\PROGRA~1\MCAFEE\OILCHA~1\OCTray32.exe Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [TypeChargeRun] C:\PROGRAM FILES\NCH SWIFT SOUND\TYPECHARGE\TCHARGE.EXE /logon
O4 - HKLM\..\Run: [dih] C:\WINDOWS\dih.exe
O4 - HKLM\..\Run: [AdStatus Service] C:\PROGRAM FILES\ADSTATUS SERVICE\ADSTATSERV.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Tray Pilot Lite] "C:\PROGRAM FILES\INVENTION PILOT\TRAY PILOT LITE\TRAYPLT.EXE"
O4 - Startup: DESKMENU.EXE.lnk = C:\Toys\DESKMENU.EXE
O4 - Startup: RapidRes.lnk = C:\Program Files\PC Magazine Utilities\RapidRes\RapidRes.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Startup: TClock.exe.lnk = C:\Tclock\TClock.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\word2002\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Omniquad MyPrivacy - {B72455AE-D3DE-492a-8FE0-0EA053B85277} - C:\Program Files\Omniquad MyPrivacy\MyPrivacy.exe
O9 - Extra 'Tools' menuitem: Omniquad MyPrivacy - {B72455AE-D3DE-492a-8FE0-0EA053B85277} - C:\Program Files\Omniquad MyPrivacy\MyPrivacy.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\system\intralaunch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab
 

nibor

Thread Starter
Joined
Aug 6, 2003
Messages
75
I've just seen a misprint in the above - it was systemp.exe I failed to delete, not system.exe. I left off the vital "p" Sorry!

Nibor
 

nibor

Thread Starter
Joined
Aug 6, 2003
Messages
75
To Sekirt - sorry I haven't replied before to your suggestion about dialling up. Actually I have never gone in for automatic dialling. My policy has normally been to click on IE or Outlook Express, which brings up a dial-up connection. I then click on connect. If the setting is Never dial, clicking on IE brings up an error notice saying this page (ie Google in my case) is not available. I can, of course dial up independently of IE or OE, but it's quicker & easier to do it as above. Anyway it annoys me when the computer does what it wants to do and not what I want it to do!

Nibor
 
Joined
Jan 17, 2004
Messages
9,600
Nibor, Until till crushbone or someone else responds, you should repeat the procedure crush advised , and this time DO NOT allow 180 search to be rieninstalled, click no.
Its one of the bad guys. >f
 

nibor

Thread Starter
Joined
Aug 6, 2003
Messages
75
Thanks for that, Fidelista. I followed your advice and repeated the procedures. this time the 180 search message hasn't (yet) reappeared. I had no idea it was one of the bad guys. Is it a virus of some sort? The Hijack log that came up this time is slightly different from the previous one, so here it is for Crushbone.

Logfile of HijackThis v1.99.0
Scan saved at 23:57:31, on 2/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\DIH.EXE
C:\WINDOWS\MSBB.EXE
C:\WINDOWS\OTKNKX.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\INVENTION PILOT\TRAY PILOT LITE\TRAYPLT.EXE
C:\TOYS\DESKMENU.EXE
C:\PROGRAM FILES\PC MAGAZINE UTILITIES\RAPIDRES\RAPIDRES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\TCLOCK\TCLOCK.EXE
C:\PROGRAM FILES\MCAFEE\OIL CHANGE\SCHEDAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\UNZIPPED\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://forums.techguy.org/index.php?s=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_17_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_17_0.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [NB Common Dialog Enhancements] C:\PROGRA~1\MCAFEE\MCAFEE~1\comdlgex.exe
O4 - HKLM\..\Run: [Start Menu Enhancements] C:\PROGRA~1\MCAFEE\MCAFEE~1\startm.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Oil Change] C:\PROGRA~1\MCAFEE\OILCHA~1\OCTray32.exe Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [TypeChargeRun] C:\PROGRAM FILES\NCH SWIFT SOUND\TYPECHARGE\TCHARGE.EXE /logon
O4 - HKLM\..\Run: [dih] C:\WINDOWS\dih.exe
O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 - HKLM\..\Run: [otknkx] C:\WINDOWS\otknkx.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Tray Pilot Lite] "C:\PROGRAM FILES\INVENTION PILOT\TRAY PILOT LITE\TRAYPLT.EXE"
O4 - Startup: DESKMENU.EXE.lnk = C:\Toys\DESKMENU.EXE
O4 - Startup: RapidRes.lnk = C:\Program Files\PC Magazine Utilities\RapidRes\RapidRes.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Startup: TClock.exe.lnk = C:\Tclock\TClock.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\word2002\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Omniquad MyPrivacy - {B72455AE-D3DE-492a-8FE0-0EA053B85277} - C:\Program Files\Omniquad MyPrivacy\MyPrivacy.exe
O9 - Extra 'Tools' menuitem: Omniquad MyPrivacy - {B72455AE-D3DE-492a-8FE0-0EA053B85277} - C:\Program Files\Omniquad MyPrivacy\MyPrivacy.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\system\intralaunch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top