1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] What the heck is this 401 EVP Warning???

Discussion in 'Virus & Other Malware Removal' started by BigDaveinNJ, Oct 1, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    892
    Hi... earlier tonight, when I hit my HOME button on my IE-6, instead of going to my homepage (YAHOO), it instead went to what looked like a C\windows file.

    I have attached a photo of a screenshot of what I saw when I clicked on HOME. Now... I know that there are programs that will change your homepage to another URL, but it seems that it somehow changed to..... well, whatever it is.

    Pllease take a look at my screenshot. It contains a good part of my screen and tell me what might be going on here.

    Thanks in advance

    DAVID
     

    Attached Files:

  2. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
  3. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    892
    Thanks Davey... for your input. Here are the results of my HIJACK-THIS scan.

    Logfile of HijackThis v1.94.0
    Scan saved at 12:01:20 AM, on 10/2/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=C:\WINDOWS\system32\searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.myway.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=C:\WINDOWS\system32\search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/yessentials/defaults/su/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=DAVES' INTERNET EXPLORER
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.topwebsearch.com/search.php?keywords=%s
    F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
    O1 - Hosts: 66.159.20.80 www1.ndhosting.com
    O1 - Hosts: 66.159.20.80 www3.ndhosting.com
    O1 - Hosts: 66.159.20.80 www2.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.kinghost.com
    O1 - Hosts: 66.159.20.80 kinghost.com
    O1 - Hosts: 66.159.20.80 www1.kinghost.com
    O1 - Hosts: 66.159.20.80 www2.kinghost.com
    O1 - Hosts: 66.159.20.80 www3.kinghost.com
    O1 - Hosts: 66.159.20.80 www4.kinghost.com
    O1 - Hosts: 66.159.20.80 www5.kinghost.com
    O1 - Hosts: 66.159.20.80 www6.kinghost.com
    O1 - Hosts: 66.159.20.80 www7.kinghost.com
    O1 - Hosts: 66.159.20.80 www8.kinghost.com
    O1 - Hosts: 66.159.20.80 www9.kinghost.com
    O1 - Hosts: 66.159.20.80 www10.kinghost.com
    O1 - Hosts: 66.159.20.80 www.smutserver.com
    O1 - Hosts: 66.159.20.80 smutserver.com
    O1 - Hosts: 66.159.20.80 www1.smutserver.com
    O1 - Hosts: 66.159.20.80 www2.smutserver.com
    O1 - Hosts: 66.159.20.80 www16.smutserver.com
    O1 - Hosts: 66.159.20.80 www3.smutserver.com
    O1 - Hosts: 66.159.20.80 www4.smutserver.com
    O1 - Hosts: 66.159.20.80 www5.smutserver.com
    O1 - Hosts: 66.159.20.80 www6.smutserver.com
    O1 - Hosts: 66.159.20.80 www7.smutserver.com
    O1 - Hosts: 66.159.20.80 www8.smutserver.com
    O1 - Hosts: 66.159.20.80 www9.smutserver.com
    O1 - Hosts: 66.159.20.80 www10.smutserver.com
    O1 - Hosts: 66.159.20.80 www11.smutserver.com
    O1 - Hosts: 66.159.20.80 www12.smutserver.com
    O1 - Hosts: 66.159.20.80 www13.smutserver.com
    O1 - Hosts: 66.159.20.80 www14.smutserver.com
    O1 - Hosts: 66.159.20.80 www15.smutserver.com
    O1 - Hosts: 66.159.20.80 www17.smutserver.com
    O1 - Hosts: 66.159.20.80 www18.smutserver.com
    O1 - Hosts: 66.159.20.80 www19.smutserver.com
    O1 - Hosts: 66.159.20.80 www20.smutserver.com
    O1 - Hosts: 66.159.20.80 www21.smutserver.com
    O1 - Hosts: 66.159.20.80 www22.smutserver.com
    O1 - Hosts: 66.159.20.80 www23.smutserver.com
    O1 - Hosts: 66.159.20.80 www24.smutserver.com
    O1 - Hosts: 66.159.20.80 www25.smutserver.com
    O1 - Hosts: 66.159.20.80 www26.smutserver.com
    O1 - Hosts: 66.159.20.80 www27.smutserver.com
    O1 - Hosts: 66.159.20.80 www28.smutserver.com
    O1 - Hosts: 66.159.20.80 www29.smutserver.com
    O1 - Hosts: 66.159.20.80 www30.smutserver.com
    O1 - Hosts: 66.159.20.80 www31.smutserver.com
    O1 - Hosts: 66.159.20.80 www32.smutserver.com
    O1 - Hosts: 66.159.20.80 agreathost.net
    O1 - Hosts: 66.159.20.80 www.agreathost.net
    O1 - Hosts: 66.159.20.80 hotfreehost.com
    O1 - Hosts: 66.159.20.80 www.hotfreehost.com
    O1 - Hosts: 66.159.20.80 greatfreehost.com
    O1 - Hosts: 66.159.20.80 www.greatfreehost.com
    O1 - Hosts: 66.159.20.80 freesmutpages.com
    O1 - Hosts: 66.159.20.80 www.freesmutpages.com
    O1 - Hosts: 66.159.20.80 apornhost.com
    O1 - Hosts: 66.159.20.80 www.apornhost.com
    O1 - Hosts: 66.159.20.80 nasty-pages.com
    O1 - Hosts: 66.159.20.80 www.nasty-pages.com
    O1 - Hosts: 66.159.20.80 sexyfreehost.com
    O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
    O1 - Hosts: 66.159.20.80 x4web.com
    O1 - Hosts: 66.159.20.80 www.x4web.com
    O1 - Hosts: 66.159.20.80 sexplanets.com
    O1 - Hosts: 66.159.20.80 www.sexplanets.com
    O1 - Hosts: 66.159.20.80 maxismut.com
    O1 - Hosts: 66.159.20.80 www.maxismut.com
    O1 - Hosts: 66.159.20.80 tgpfriendly.com
    O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
    O1 - Hosts: 66.159.20.80 tgp-server.com
    O1 - Hosts: 66.159.20.80 www.tgp-server.com
    O1 - Hosts: 66.159.20.80 magnaplza.com
    O1 - Hosts: 66.159.20.80 www.magnaplza.com
    O1 - Hosts: 66.159.20.80 free-xxx-server.com
    O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
    O1 - Hosts: 66.159.20.80 libereco.net
    O1 - Hosts: 66.159.20.80 www.libereco.net
    O1 - Hosts: 66.159.20.80 0190-dialer.com
    O1 - Hosts: 66.159.20.80 www.0190-dialer.com
    O1 - Hosts: 66.159.20.80 xxxod.net
    O1 - Hosts: 66.159.20.80 www.xxxod.net
    O1 - Hosts: 66.159.20.80 altsights.com
    O1 - Hosts: 66.159.20.80 www.altsights.com
    O1 - Hosts: 66.159.20.80 adulthosting.com
    O1 - Hosts: 66.159.20.80 www.adulthosting.com
    O1 - Hosts: 66.159.20.80 superhova.com
    O1 - Hosts: 66.159.20.80 www.superhova.com
    O1 - Hosts: 66.159.20.80 bestpornhost.com
    O1 - Hosts: 66.159.20.80 www.bestpornhost.com
    O1 - Hosts: 66.159.20.80 hostingfree.com
    O1 - Hosts: 66.159.20.80 www.hostingfree.com
    O1 - Hosts: 66.159.20.80 xfreehosting.com
    O1 - Hosts: 66.159.20.80 www.xfreehosting.com
    O1 - Hosts: 66.159.20.80 blinghosting.com
    O1 - Hosts: 66.159.20.80 www.blinghosting.com
    O1 - Hosts: 66.159.20.80 x-x-x-hosting.com
    O1 - Hosts: 66.159.20.80 www.x-x-x-hosting.com
    O1 - Hosts: 66.159.20.80 pornparks.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_1_0.DLL
    O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\PROGRAM FILES\YAHOO!\COMMON\YCHECKH.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_1_0.DLL
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
    O3 - Toolbar: &TopSurfer - {AF657644-964C-4348-A8AD-72524B3A3FF1} - C:\PROGRA~1\TOPSUR~1\TWSBAND.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    O4 - HKCU\..\Run: [Invisible! 2001] "C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
    O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
    O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
    O9 - Extra button: FastDNS (HKLM)
    O9 - Extra 'Tools' menuitem: &FastDNS (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Wallpaper (HKLM)
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5} - http://downloads.excite.com/images/nocache/platinum/x8initialsetup1.0.0.2.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.844224537


    Anything of note here? A lot of crap? Reccomendations?

    Thanks again :)

    DAVID
     
  4. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Dave
    You got a whole lot of a mess there! I asked someone else to pop in and help out since I was signing off for the night for an Early start tomorrow.

    Dave
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't see the 401 evp hijack there, probably because you deleted or changed the Homepage setting; but there sure is a load of other crud.

    Put checks in ALL the 01 entries

    and:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=C:\WINDOWS\system32\searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.myway.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=C:\WINDOWS\system32\search.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=C:\WINDOWS\system32\searchbar.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.topwebsearch.com/search.php?keywords=%s

    O3 - Toolbar: &TopSurfer - {AF657644-964C-4348-A8AD-72524B3A3FF1} - C:\PROGRA~1\TOPSUR~1\TWSBAND.DLL

    ^^ may or may not be legit, I can't really confirm

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    ^^ if you used Spybot's Immunize to create those you can leave them, but be advised you will have to remove the IE one to use Internet Options.

    Close all browser windows and click Fix Checked, then reboot and do another Scanlog.

    I don't think you should continue to get the evp 401 warning.
     
  6. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    892
    Thanks for your help guys... Rog, I performed what you suggested.... and here is my new scan-log


    Logfile of HijackThis v1.94.0
    Scan saved at 7:10:38 AM, on 10/2/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.myway.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/yessentials/defaults/su/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=DAVES' INTERNET EXPLORER
    F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
    O1 - Hosts: 66.159.20.51 astalavista.box.sk
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_1_0.DLL
    O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\PROGRAM FILES\YAHOO!\COMMON\YCHECKH.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_1_0.DLL
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    O4 - HKCU\..\Run: [Invisible! 2001] "C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE"
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
    O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
    O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
    O9 - Extra button: FastDNS (HKLM)
    O9 - Extra 'Tools' menuitem: &FastDNS (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Wallpaper (HKLM)
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5} - http://downloads.excite.com/images/nocache/platinum/x8initialsetup1.0.0.2.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.844224537


    Now..... aside from potentially changing your start-page, which, BTW, I have since switched to MY-WAY, which I like, did any of the things I took out have a negative effect on my surfing.

    I use a 56k dial-up on this computer, and was wondering if all of the items HiJACK detected were adversely affecting my browsing.


    Thanks again

    DAVID
     
  7. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Hi BigDaveinNJ ,

    Download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems. Shutdown & Reboot your computer

    Next install SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

    When you're finished download Hijack This 1.97 www.tomcoyote.org/hjt and show us a new log

    Good luck
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    All of them could, depending on what sites you were trying to access.

    You should also check and fix these two entries which I overlooked:

    O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab

    And do replace that old version of HijackThis with a new one, it might show some things that were missed.

    I'm curious about this, it is similar in IP, but not the same as the other ones:

    O1 - Hosts: 66.159.20.51 astalavista.box.sk

    Did you install something that redirects x rated sites to "safe" ones?
     
  9. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    892
    Thanks Spruce and Rog, for your continued assistance. I am not on the computer we are talking about here.

    I will, later today run and install the suggested programs and updates.

    I already use both ADAWARE and SPYBOT. I try to keep running programs to a minimum because on that particular PC I am only working with a very low 64 mb of RAM.

    And, Rog, as to your question about me installing some type of program to redirect sites or something like that.... absolutely not. I do spend considerable time surfing, and I do go into a wide variety of sites and the like, but nothing extra installed.

    Thanks again :)

    DAVID
     
  10. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    892
    OK.... it took awhile for me to get to this computer, but after following the suggestions...... here is my NEW HI-JACK THIS log.....

    Logfile of HijackThis v1.97.2
    Scan saved at 9:31:29 AM, on 10/7/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETZERO\EXEC.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\NETZERO\EXEC.EXE
    C:\WINDOWS\SLLIGHTS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DAVES' INTERNET EXPLORER
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_2_3_0.DLL
    O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\PROGRAM FILES\YAHOO!\COMMON\YCHECKH.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_2_3_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    O4 - HKCU\..\Run: [Invisible! 2001] "C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE"
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
    O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
    O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
    O9 - Extra button: FastDNS (HKLM)
    O9 - Extra 'Tools' menuitem: &FastDNS (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Wallpaper (HKLM)
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5} - http://downloads.excite.com/images/nocache/platinum/x8initialsetup1.0.0.2.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.844224537
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O19 - User stylesheet: c:\windows\java\my.css


    Just a quick note...... as I am writing this reply, my computer is acting very strange.......

    When I type something..... there is like a 3 or 4 second "delay" before it appears, my scrolling is very slow and delayed, and everything is just so extremely SLOOOOOW......... this PC has NEVER behaved this way.

    I just checked, and my resources are still at 72% and within the last day I have ran SCANDISK, DEFRAG,AD-AWARE,SPYBOT S&D,SPYWARE BLASTER etc... etc... etc...

    I've never seen anything like this.......... any suggestions?

    Thanks in advance

    DAVID
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    This is the source of the "delay" problem:

    O19 - User stylesheet: c:\windows\java\my.css

    These also should be removed as they could facilitate a modem or other hijacking:

    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab

    Close your browser windows and check and "fix" that.

    I think that should do it as I don't see any other obvious issues. Let us know how it goes.

    The resources issue isn't a problem. You only need to worry about that if they drop below about 25%. You should have a figure of about 80-90% on a fresh boot however.
     
  12. BigDaveinNJ

    BigDaveinNJ Thread Starter

    Joined:
    Jun 9, 2000
    Messages:
    892
    Thanks ROG and SPRUCE for all of your help. ROG, I fixed the items you suggested..... and everythings fine. :)

    Thanks again

    DAVID :)
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Good to hear. Glad to mark this one "resolved" then :)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168932

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice