Go Back   Cyber Tech Help Support Forums > Operating Systems > Older Windows Versions > Windows 98

Notices

Reply
 
Topic Tools
  #1  
Old July 9th, 2004, 02:10 AM
RF5 RF5 is offline
New Member
 
Join Date: Jul 2004
Posts: 11
I have three problems using windows 98.please help

I have been searching for help until i found this site.

My first problem is while im browsing the internet.The first couple of minutes are ok.For example i can browse my pc with ease with getting red dots all over the place when i go to different sites.For example today i went to ign.com.The first time i went it was ok.Then when i went back i got red dots all over the place.This problem can be fixed by disconnected from the internet the reconnected byt when 5 or 6 minutes are up it does the same thing all over again.

My second problem is some porn have gotten into my favoirtes and every time i delete them they come right back.I need to get rid of them because i dont want my mom and dad to think im some kind of freak

My third is simple but i cant fix it lol.If im not connected to the internet and double click on my computer oit says something about im offfline and needd to connect to the internet i click ok and it let's me in.I just wanted to know how can i fixed that
Reply With Quote


  #2  
Old July 9th, 2004, 02:36 AM
enat66's Avatar
enat66 enat66 is offline
CTH Subscriber
 
Join Date: Dec 2001
O/S: Windows Vista
Location: Wisconsin
Age: 29
Posts: 3,101
First off Welcome to CTH!

The following will help us fix atleast the 2nd problem.
I suggest you download Spybot from http://www.download.com/Spybot-Searc...ml?tag=lst-0-2 , install it, update it, and run the scan. When it is done, fix everything. This will get rid of the bad things, if a useful program stops working let us know and we can reverse that.

Then I need you to download (save) this program somewhere (preferably in its own folder) on your computer:
http://tomcoyote.com/hjt/HijackThis.exe

Run the File> Click Scan> Click Save Log> Save it anywhere> and paste the log here (copy and paste) after quickly scanning through it to make sure that it doesn't say your name anywhere if you are concerned about privacy.

This program shows us all the changes that have been made to internet explorer, the only reason it would show your name is if that is a folder name.


Get back to us
Reply With Quote
  #3  
Old July 9th, 2004, 03:16 AM
RF5 RF5 is offline
New Member
 
Join Date: Jul 2004
Posts: 11
Im own my way

I am downloading the two files you told me too.And as soon as i get them ill get right back to you.So keep checking this post please.I have to dc.and get back so brb
Reply With Quote
  #4  
Old July 9th, 2004, 03:25 AM
RF5 RF5 is offline
New Member
 
Join Date: Jul 2004
Posts: 11
This is what it found

Logfile of HijackThis v1.97.7
Scan saved at 9:26:54 PM, on 7/8/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\HELPW.EXE
C:\WINDOWS\SYSTEM32\DEINST_QFE002.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\CVCHOST.EXE
C:\WINDOWS\SYSTEM\NDRV.EXE
C:\WINDOWS\SYSTEM32\WINMM64.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\CONNECTIONS\CM\INTERLNK\IEX PLORE.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://countere.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://countere.com/?a=2&b=hc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://countere.com/?b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://countere.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://countere.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://countere.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seark.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://countere.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\ROZAEHY4PCFU5C.DLL (file missing)
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\SYSTEM\NDRV.DLL (file missing)
O2 - BHO: (no name) - {B8523881-C95C-11D8-A7C8-44452FB4D814} - C:\WINDOWS\SYSTEM\BFIPFJ.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [vtucumpu] C:\WINDOWS\SYSTEM\vtucumpu.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe
O4 - HKLM\..\Run: [STOPzilla] "c:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKLM\..\Run: [helpw] "helpw.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\SYSTEM32\DEINST_QFE002.EXE
O4 - HKLM\..\RunServices: [1A:Stardock TrayMonitor] "C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [STOPzilla Service] C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [Wrts] C:\WINDOWS\Application Data\pmss.exe
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - HKCU\..\Run: [Morpheus] "C:\Program Files\StreamCast\Morpheus\Morpheus.exe" -min
O4 - HKCU\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe
O4 - HKCU\..\Run: [SpywareGuard] C:\WINDOWS\SYSTEM32\WINMM64.EXE
O4 - HKCU\..\Run: [warez] "C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE" -h
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Locators.com Search Bar (HKLM)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.seark.net
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
Reply With Quote
  #5  
Old July 9th, 2004, 03:51 AM
enat66's Avatar
enat66 enat66 is offline
CTH Subscriber
 
Join Date: Dec 2001
O/S: Windows Vista
Location: Wisconsin
Age: 29
Posts: 3,101
Did you run spybot before hijack this or after? If you did it after I need you to make sure you have run spybot and had it scan and fix the problems it finds and then run hijack again and post a new log.

If you ran hijack after spybot fixed everything, then spybot missed a few things that I don't know how to remove, but someone else will.
Reply With Quote
  #6  
Old July 9th, 2004, 04:00 AM
RF5 RF5 is offline
New Member
 
Join Date: Jul 2004
Posts: 11
I just ran hijack.Do you want me to go run spybot then fix/selected problems then run hijack again
Reply With Quote
  #7  
Old July 9th, 2004, 04:12 AM
RF5 RF5 is offline
New Member
 
Join Date: Jul 2004
Posts: 11
Here it is

Logfile of HijackThis v1.97.7
Scan saved at 10:18:08 PM, on 7/8/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\HELPW.EXE
C:\WINDOWS\SYSTEM32\DEINST_QFE002.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\CVCHOST.EXE
C:\WINDOWS\SYSTEM32\WINMM64.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\CONNECTIONS\CM\INTERLNK\IEX PLORE.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://any-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://any-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://countere.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://countere.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://countere.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seark.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://any-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\ROZAEHY4PCFU5C.DLL (file missing)
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\SYSTEM\NDRV.DLL (file missing)
O2 - BHO: (no name) - {B8523881-C95C-11D8-A7C8-44452FB4D814} - C:\WINDOWS\SYSTEM\BFIPFJ.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [vtucumpu] C:\WINDOWS\SYSTEM\vtucumpu.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe
O4 - HKLM\..\Run: [STOPzilla] "c:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKLM\..\Run: [helpw] "helpw.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\SYSTEM32\DEINST_QFE002.EXE
O4 - HKLM\..\RunServices: [1A:Stardock TrayMonitor] "C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [STOPzilla Service] C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [Wrts] C:\WINDOWS\Application Data\pmss.exe
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - HKCU\..\Run: [Morpheus] "C:\Program Files\StreamCast\Morpheus\Morpheus.exe" -min
O4 - HKCU\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe
O4 - HKCU\..\Run: [SpywareGuard] C:\WINDOWS\SYSTEM32\WINMM64.EXE
O4 - HKCU\..\Run: [warez] "C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE" -h
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Locators.com Search Bar (HKLM)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.seark.net
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
Reply With Quote
  #8  
Old July 9th, 2004, 07:29 PM
RF5 RF5 is offline
New Member
 
Join Date: Jul 2004
Posts: 11
Why

Why want any of you guys help me out.Im beggging here
Reply With Quote
  #9  
Old July 9th, 2004, 10:59 PM
und3rtak3r und3rtak3r is offline
New Member
 
Join Date: Mar 2004
Location: Queensland, Australia
Age: 56
Posts: 22
You seem to have a Virus in there the startup prog "cvchost.exe" .. when Spybot was run was it updated before the scan?

also visit this site to remove sysstartup.jopa IF YOU ARE NOT CONFIDENT WITH REGISTRY EDITING wait for one of the HJT experts to assist you with the repair..
http://www.kephyr.com/spywarescanner...pa/index.phtml
Spybot should have detected this.. Try restarting the PC in Safe Mode and running Spybot

You could also d/l and run Stinger from McAfee: free tool.

http://vil.nai.com/vil/stinger/

as well there are a number of online scanner tools:
ie :
Trend Micro.. house call
Symantec
McAfee
to name just a few..

I hope this helps till help arrives

Cheers

Last edited by und3rtak3r; July 9th, 2004 at 11:03 PM.
Reply With Quote
  #10  
Old July 9th, 2004, 11:39 PM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 10 Home
Location: Newport News VA
Age: 73
Posts: 17,025
Close all windows and rerun HJT. Then check the following to be fixed:

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\ROZAEHY4PCFU5C.DLL (file missing)
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\SYSTEM\NDRV.DLL (file missing)
O2 - BHO: (no name) - {B8523881-C95C-11D8-A7C8-44452FB4D814} - C:\WINDOWS\SYSTEM\BFIPFJ.DLL

O4 - HKCU\..\Run: [warez] "C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE" -h
O4 - HKLM\..\Run: [vtucumpu] C:\WINDOWS\SYSTEM\vtucumpu.exe
O4 - HKLM\..\Run: [vtucumpu] C:\WINDOWS\SYSTEM\vtucumpu.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.seark.net

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

Then reboot run another log and come back
Reply With Quote
  #11  
Old July 11th, 2004, 02:28 AM
RF5 RF5 is offline
New Member
 
Join Date: Jul 2004
Posts: 11
Thank's

Murf whatever you told me to do seems to be working bro.Thank you man thanks alot.Do you still want me to run hijjack again and show log.Also what about the porn in favorites
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:36 AM.