1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unwanted Favorites on Boot(Porn Site and Search site)

Discussion in 'Virus & Other Malware Removal' started by Yabber, Dec 8, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Yabber

    Yabber Thread Starter

    Joined:
    Dec 8, 2003
    Messages:
    4
    Unwanted Favorites on Boot(Porn Site and Search site)
    Already ran Spybot.
    Can any one help with clearing up this problem?
    How can it be avoided in the future?
    Here is my scan...

    Logfile of HijackThis v1.97.7
    Scan saved at 8:14:40 PM, on 12/8/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
    D:\PROGRAM FILES\AVKSERVICE.EXE
    D:\PROGRAM FILES\AVKWCTL9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    D:\PROGRAM FILES\OAKTASK.EXE
    D:\PROGRAM FILES\OAK SIMPLICD REWRITE\IWCTRL.EXE
    C:\WINDOWS\SYSTEM\ICSMGR.EXE
    C:\PROGRAM FILES\HOMENETWORK\ICMMONITOR.EXE
    D:\PROGRAM FILES\AVKPOP.EXE
    D:\GREETINGS WORKSHOP\GWREMIND.EXE
    D:\OFFICE\FINDFAST.EXE
    D:\PROGRAM FILES\QUICKDCF.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\NETZERO\ZCAST.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\NETZERO\CHKRAS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\epspmgr4.exe
    C:\WINDOWS\SYSTEM\epdsplr4.exe
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?001
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://66.98.142.163/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://66.98.142.163
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://66.98.142.163/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.98.142.163/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://66.98.142.163/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://66.98.142.163/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://66.98.142.163/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://66.98.142.163/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.98.142.163/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZDNet
    O2 - BHO: (no name) - {CBB0A6A0-8430-11D4-814D-0050047090B1} - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL__SpybotSDDisabled (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [OAKSTART] D:\PROGRA~1\OAKSTART.EXE
    O4 - HKLM\..\Run: [OAKTASK] D:\PROGRA~1\OAKTASK.EXE
    O4 - HKLM\..\Run: [IW Controlcenter] D:\PROGRA~1\OAKSIM~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
    O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
    O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [ICMMonitor] C:\PROGRAM FILES\HOMENETWORK\ICMMonitor.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ICMEngine] C:\PROGRAM FILES\HOMENETWORK\ICM.EXE -9Xservice
    O4 - HKLM\..\RunServices: [AVKService] D:\PROGRA~1\AVKSER~1.EXE
    O4 - HKLM\..\RunServices: [AVKWCtl] D:\PROGRA~1\AVKWCTL9.EXE
    O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Startup: Greetings Workshop Reminders.lnk = D:\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Microsoft Find Fast.lnk = D:\Office\FINDFAST.EXE
    O4 - Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1C1F0DCD-9910-11D3-A7DB-0060083317AA} (ReaderX Class) - http://12.33.160.35/jrx/readerx-1-0-0-63.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37763.8223842593
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click on the link below to download CWshredder
    http://www.spywareinfo.com/~merijn/cwschronicles.html

    Run the program and let it do it's thing.

    Make sure you follow the advice about the security updates listed at the bottom of the page, in order to

    prevent re-infection.


    Next:

    Download Spybot http://tomcoyote.org/SPYBOT/index1.php

    Make sure to follow the instructions for updates prior to running the scan.

    Click on "Search For updates" After the search has completed, the available Updates will be listed. Choose which Updates you would like to Download. Click "Download updates." The Updates will self install. The screen will change again.
    Sometimes the Default Download Location will produce an Error. If that happens, look in the right panel. There you will find a small arrow next to the name of the current Download site. Click on it for a list of alternate sites. One of those should be able to retrieve the files you have selected.

    Reboot and download AdAware http://www.lavasoftusa.com/
    Before you scan with AdAware, check for updates of the reference file by using the webupdate.

    Reboot and post another HJT log and let's see what's left.
     
  3. Yabber

    Yabber Thread Starter

    Joined:
    Dec 8, 2003
    Messages:
    4
    It seems that Shredder cleaned up a few things including the objectionable Items in the Favorites List and the redirected Home Page. I ran all programs and updates as advised. Her's my latest HJT scan. I see a reference to "Explorer\Main,Start Page= http://www.sex-true.com/search/
    Because my isp is Net0, my set home page does not normally get opened. I did check the home page(Explorer,Properties)and reset it to Yahoo. That has remained after a reboot or two. I don't understand the sex-true thing...

    Logfile of HijackThis v1.97.7
    Scan saved at 6:30:30 PM, on 12/11/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
    D:\PROGRAM FILES\AVKSERVICE.EXE
    D:\PROGRAM FILES\AVKWCTL9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    D:\PROGRAM FILES\OAKTASK.EXE
    D:\PROGRAM FILES\OAK SIMPLICD REWRITE\IWCTRL.EXE
    C:\WINDOWS\SYSTEM\ICSMGR.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\PROGRAM FILES\HOMENETWORK\ICMMONITOR.EXE
    D:\GREETINGS WORKSHOP\GWREMIND.EXE
    D:\OFFICE\FINDFAST.EXE
    D:\PROGRAM FILES\QUICKDCF.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\DESKTOP\1STSPYPROG\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sex-true.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZDNet
    O2 - BHO: (no name) - {CBB0A6A0-8430-11D4-814D-0050047090B1} - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL__SpybotSDDisabled (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [OAKSTART] D:\PROGRA~1\OAKSTART.EXE
    O4 - HKLM\..\Run: [OAKTASK] D:\PROGRA~1\OAKTASK.EXE
    O4 - HKLM\..\Run: [IW Controlcenter] D:\PROGRA~1\OAKSIM~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [ICMMonitor] C:\PROGRAM FILES\HOMENETWORK\ICMMonitor.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ICMEngine] C:\PROGRAM FILES\HOMENETWORK\ICM.EXE -9Xservice
    O4 - HKLM\..\RunServices: [AVKService] D:\PROGRA~1\AVKSER~1.EXE
    O4 - HKLM\..\RunServices: [AVKWCtl] D:\PROGRA~1\AVKWCTL9.EXE
    O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Startup: Greetings Workshop Reminders.lnk = D:\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Microsoft Find Fast.lnk = D:\Office\FINDFAST.EXE
    O4 - Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1C1F0DCD-9910-11D3-A7DB-0060083317AA} (ReaderX Class) - http://12.33.160.35/jrx/readerx-1-0-0-63.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37964.8046296296
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close all windows except HijackThis and "Fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sex-true.com/search/

    O2 - BHO: (no name) - {CBB0A6A0-8430-11D4-814D-0050047090B1} - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL__SpybotSDDisabled (file missing)

    Restart.
     
  5. Yabber

    Yabber Thread Starter

    Joined:
    Dec 8, 2003
    Messages:
    4
    Every thing is running well, no unwanted favorites,home pages.
    Here is my latest scan:
    Logfile of HijackThis v1.97.7
    Scan saved at 8:33:34 PM, on 12/16/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
    D:\PROGRAM FILES\AVKSERVICE.EXE
    D:\PROGRAM FILES\AVKWCTL9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    D:\PROGRAM FILES\OAKTASK.EXE
    D:\PROGRAM FILES\OAK SIMPLICD REWRITE\IWCTRL.EXE
    C:\WINDOWS\SYSTEM\ICSMGR.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\PROGRAM FILES\HOMENETWORK\ICMMONITOR.EXE
    D:\GREETINGS WORKSHOP\GWREMIND.EXE
    D:\OFFICE\FINDFAST.EXE
    D:\PROGRAM FILES\QUICKDCF.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETZERO\ZCAST.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\NETZERO\CHKRAS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    D:\READER\ACRORD32.EXE
    C:\WINDOWS\DESKTOP\1STSPYPROG\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZDNet
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [OAKSTART] D:\PROGRA~1\OAKSTART.EXE
    O4 - HKLM\..\Run: [OAKTASK] D:\PROGRA~1\OAKTASK.EXE
    O4 - HKLM\..\Run: [IW Controlcenter] D:\PROGRA~1\OAKSIM~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [ICMMonitor] C:\PROGRAM FILES\HOMENETWORK\ICMMonitor.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ICMEngine] C:\PROGRAM FILES\HOMENETWORK\ICM.EXE -9Xservice
    O4 - HKLM\..\RunServices: [AVKService] D:\PROGRA~1\AVKSER~1.EXE
    O4 - HKLM\..\RunServices: [AVKWCtl] D:\PROGRA~1\AVKWCTL9.EXE
    O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Startup: Greetings Workshop Reminders.lnk = D:\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Microsoft Find Fast.lnk = D:\Office\FINDFAST.EXE
    O4 - Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1C1F0DCD-9910-11D3-A7DB-0060083317AA} (ReaderX Class) - http://12.33.160.35/jrx/readerx-1-0-0-63.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37964.8046296296

    If this looks good do I go through the same process on my second networked pc? (HomeFree phoneline type)98/2nd
    I have Zone alarm on that one but but I have to use that pc exclusively or turn off Zone alarm to use the network.
    Is it safe to have sharing between Cdrives?
    Will the MS updates protect both pcs from hacker crap?
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    This one is clean.

    Yes you need to clean up both PC's and apply the updates.

    Post a Hijack This log from the other machine.
     
  7. Yabber

    Yabber Thread Starter

    Joined:
    Dec 8, 2003
    Messages:
    4
    Yikes!!
    Shortly after my last post, the weirdest thing happened.
    I was going to burn some jpgs to a CD and all of a sudden the PC went black, although not that unusual with windows, this time it would not start back up. To make the story short, the "c" partition w/OS is not being recognized. I stuck in another drive as master,got that running, slaved the first drive. I can see the partition but can't access the contents. The other partition is ok. There is some info I wouldn't mind getting back. What can I do?

    Here is the post of my latest scan of my "new" drive. Is it clean?
    Logfile of HijackThis v1.97.7
    Scan saved at 10:23:57 PM, on 1/2/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\EXTENDIA ANTIVIRUS AVK\AVKSERVICE.EXE
    C:\PROGRAM FILES\EXTENDIA ANTIVIRUS AVK\AVKWCTL9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\NETZERO\QS\EXEC.EXE
    C:\PROGRAM FILES\NETZERO\QS\EXEC.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.netzero.net/s/sp?r=al&cf=...000&D=0&I=6.0B5&L=g#6&M=920275200000&N=PL&O=A
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] systray.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [AVKService] C:\PROGRA~1\EXTEND~1\AVKSER~1.EXE
    O4 - HKLM\..\RunServices: [AVKWCtl] C:\PROGRA~1\EXTEND~1\AVKWCTL9.EXE
    O4 - Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free Zip Wizard\ThirtyDayTimer.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37988.2840162037
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/185872

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice