Browser will not go to the Internet

Discussion in 'adware, spyware & hijack cleaning' started by bandonisp, Mar 2, 2004.

Thread Status:
Not open for further replies.
  1. bandonisp

    bandonisp Registered Member

    Joined:
    Feb 24, 2004
    Posts:
    53
    Location:
    Bandon, Oregon
    Have run SbyBot! Keep getting illegal shut down with both Netscape and Internet EXplorer. Here is the Log!
    Have a dial up connection and both browsers will not load to the Internet.


    Logfile of HijackThis v1.97.7
    Scan saved at 12:13:16 AM, on 3/2/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\LXSUPMON.EXE
    C:\WINDOWS\SYSTEM\PROMON.EXE
    C:\WINDOWS\MWSVM.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\STARTER.EXE
    D:\WIN98\SETUP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=129176
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=129176
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=3DCF63E6-86AE-43EF-AF7D-7232772050C9&version_id=18
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.gte.net"); (C:\Program Files\Netscape\Users\res7a17k\prefs.js)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
    O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .dcr: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NP32DSW.DLL
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab
     
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Hi bandonisp,

    you have got hit by coolwebsearch malware.

    Download CWShredder.

    Unzip and open the program.
    close all other windows except CWShredder
    run FIX
    reboot and post a fresh Hijack log
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Stage two:

    Download LSPfix here: http://www.cexx.org/lspfix.htm
    Launch the application, and click the "I know what I'm doing" checkbox.
    Check all instances of inetadpt.dll (and nothing else), and move them to the "Remove" pane.
    Then click Finish.

    If that works you should be able to connect again.

    If so, download Spybot - Search & Destroy
    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all IE windows, hit 'Check for Problems', and have SpyBot remove all it marks in red.

    Or, download Ad-Aware at lavasoft.usa.com
    After installing AAW, and before running the program, update by using the Globe icon.
    Shut down and restart Ad-Aware.
    Now press "Scan Now", "Select drives\folders to scan" and select the active partition (usually C: ), then 'next', and let Ad-Aware scan your drives.
    It will find a number of "bad" files and registry keys. Click 'Next' again.
    Rightclick in that pane and choose "select all" and click 'next'.
    It will ask you whether you'd like to remove all checked items. Click OK.
    Finally, close Ad-Aware, and reboot.

    Then post a new log.

    Regards,

    Pieter
     
  4. bandonisp

    bandonisp Registered Member

    Joined:
    Feb 24, 2004
    Posts:
    53
    Location:
    Bandon, Oregon
    Good News I can go to the Internet

    I did run the cwshredder. Question. Can I delete C:\windows\twunk_32exe. It said I should ask before deleting?
    But I can go to the Internet. Got The Winsock298 update that Pieter advise on. Have done the spybot update. Have not run Adware. Will do that next. Here is my log at present. Thanks again for the help!!! Also I will be putting the sygate firewall on the computer




    Logfile of HijackThis v1.97.7
    Scan saved at 11:44:10 AM, on 3/2/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\LXSUPMON.EXE
    C:\WINDOWS\SYSTEM\PROMON.EXE
    C:\WINDOWS\MWSVM.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\ZIPFREE 2000!\ZIPFREE.EXE
    C:\WINDOWS\ZPTEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://3rs.homestead.com/onramp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.gte.net"); (C:\Program Files\Netscape\Users\res7a17k\prefs.js)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .dcr: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NP32DSW.DLL
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi bandonisp,

    Good news. :cool:
    C:\windows\twunk_32.exe is a legitimate Windows file and it can stay.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

    O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe

    Then reboot and delete:
    C:\WINDOWS\frsk.exe

    Regards,

    Pieter
     
  6. bandonisp

    bandonisp Registered Member

    Joined:
    Feb 24, 2004
    Posts:
    53
    Location:
    Bandon, Oregon
    Have done the above

    Have done the above items. Can I delet the AOL one. It wants to go there!! Thanks a much it is working a little better each time I reboot. This is a addon: Crazy browser will go to the Internet. Internet Explore will not go to the Internet!! Also have removed Netscape getting ready to put Mozilla on the PC. Did a virus scan at housecall. Four virus could you advise on removal.

    Logfile of HijackThis v1.97.7
    Scan saved at 1:51:26 PM, on 3/2/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\LXSUPMON.EXE
    C:\WINDOWS\SYSTEM\PROMON.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\DESKTOP\HIGHJACK\HIJACKTHIS.EXE

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [OfotoNow for Amazon.com USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTON~1.COM\OFUSBS.DLL,WatchForConnection OfotoNow for Amazon.com
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .dcr: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NP32DSW.DLL
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab
     

    Attached Files:

  7. bandonisp

    bandonisp Registered Member

    Joined:
    Feb 24, 2004
    Posts:
    53
    Location:
    Bandon, Oregon
    Need a NO NO

    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

    On my first post this came up. Did a No No I deleted it. Now my IE will not load up, But Crazy Browser loads up.
    Did I cause this by deleting it??
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi bandonisp,

    Those are about the hardest things to fix, so that definately was no nono. As you can see, it is still there.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    Then in IE click Tools > reset Websettings and also in IE click Tools > Internet-options > Programs tab also click Reset settings.
    Also check if you have not blocked IE in your firewall.

    Regards,

    Pieter
     
  9. bandonisp

    bandonisp Registered Member

    Joined:
    Feb 24, 2004
    Posts:
    53
    Location:
    Bandon, Oregon
    On the Internet again!! Thanks Kindly

    I did a de-frag in the Safe Mode and scan disk. It went to the Internet and I went right to windows update and got a 1hour and 17minute download of IE6 and it runs good. I also clean the register with a program called Win-Cleaner. Thanks again Pieter for all your help.
    Also had four viruses. Think I got them also. Will be doing another virus scan on housecall. Here is the final log!!

    Logfile of HijackThis v1.97.7
    Scan saved at 1:25:36 AM, on 3/3/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\DESKTOP\HIGHJACK\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gct21.net/~jeris/news
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.bandonisp.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38048.8543171296
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  11. bandonisp

    bandonisp Registered Member

    Joined:
    Feb 24, 2004
    Posts:
    53
    Location:
    Bandon, Oregon
    Harding Thanks to the staff for the Help!!

    Thanks again for the help. I did go to the forum you suggested. Yes I am going to adopt that policy. My computers are clean. The above computer is a friends. I have been search for a tutorial on HighJack. Would like to learn more on how to read the log. Thanks again for all the Help. Your half way around the world from me and you fixed the computer.
    Cheers from the Oregon coast!!
    Walt
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    My pleasure Walt. :)

    HijackThis log tutorials:
    http://www.wilderssecurity.com/showthread.php?t=15983
    http://hjt.wizardsofwebsites.com/
    http://www.spywareinfoforum.com/~merijn/htlogtutorial.html

    Classes:
    http://www.spywareinfoforum.com/forums/index.php?showtopic=32637&st=0

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.