MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: browser hijack_please help...
November 22, 2019, 07:46:12 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 07:46:12 AM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: browser hijack_please help...  (Read 3846 times)
cat_lover
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 10


Bookmark and Share

View Profile
« on: September 25, 2004, 02:31:18 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows98
Problem Application Name & Version: not sure
Problem Hardware Make & Model: not sure
Error Messages:



We have tried various removal tools to remove the 4bf65.ilxt.info hijack from our computer.  We have taken it in to our repair people as well and they have not been successful in removing it.  If there is any way you can help us remove this - it would be greatly appreciated!

Here is the copy of the log file after running Hijack this:

Logfile of HijackThis v1.98.2
Scan saved at 9:06:04 PM, on 9/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NOVATEL WIRELESS\SPRINTPORT\SPRINTPORTA.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\FREE SURFER\FS20.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NOVATEL WIRELESS\WIRELESSCONNECTIONMANAGER\WIRELESSCONNECTIONMANAGER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\HIJACK_THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {745BD484-0E2E-11D9-8537-4445DC9E829B} - C:\WINDOWS\SYSTEM\BCDA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SprintPort] "C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [freesurfer] C:\PROGRAM FILES\FREE SURFER\fs20.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab
O18 - Filter: text/html - {745BD483-0E2E-11D9-8537-444553771AEF} - C:\WINDOWS\SYSTEM\BCDA.DLL
O18 - Filter: text/plain - {745BD483-0E2E-11D9-8537-444553771AEF} - C:\WINDOWS\SYSTEM\BCDA.DLL


« Last Edit: September 25, 2004, 07:45:28 AM by benditup » Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: September 25, 2004, 03:45:44 AM »

We can help you get rid of it but first Please download and run the following programs:If you have these programs make sure you have the latest versions

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer.


SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems'', Then restart your computer.Run Hijack this and post a new log
Logged

John Vickers
cat_lover
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 10


Bookmark and Share

View Profile
« Reply #2 on: September 25, 2004, 01:02:46 PM »

After I posted the log file and request for assistance last night, I came across a previous post from someone with a similar problem and compared the files and determined that I needed to delete the bcda.dll file so I did that.  I also fixed and deleted the other sp.htm file that showed up in the second log file.  So far, that has worked and we are able to get our email.  Thank you for your help.
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: September 26, 2004, 02:23:57 PM »

You should fix these entries with Hijack This

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {745BD484-0E2E-11D9-8537-4445DC9E829B} - C:\WINDOWS\SYSTEM\BCDA.DLL
O18 - Filter: text/html - {745BD483-0E2E-11D9-8537-444553771AEF} - C:\WINDOWS\SYSTEM\BCDA.DLL
O18 - Filter: text/plain - {745BD483-0E2E-11D9-8537-444553771AEF} - C:\WINDOWS\SYSTEM\BCDA.DLL

Logged

John Vickers
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: September 26, 2004, 07:24:55 PM »

Hi CatLover, Not all logs are identical, you should post a fresh hijackthis log to ensure that you are clean......
Logged

 
cat_lover
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 10


Bookmark and Share

View Profile
« Reply #5 on: September 26, 2004, 07:50:36 PM »

I ran several fresh hijackthis logs but was in a hurry to leave at that time and we had everything fixed.  All day yesterday, hubby's computer ran fine, he could check email and everything.  Then this morning the stupid 4bf65.ilxt.info popup came back so we ran hijackthis again and found that somehow the computer is putting the sp.html file back on even after we delete it from both the log and the windows/temp... file.

Is there a way to keep that from getting back on the computer?  We don't know exactly where it's coming from.  All he does is go to check email at hotmail.com and it comes back.  We've deleted that stupid file several times plus the .dll file that shows up at the bottom of the hijack this log.  That file name keeps changing.

I can't post the current log b/c I'm using my computer this time and not his but I know basically what to look for in the log.  

Just cant figure out why the sp.html file keeps coming back.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: September 26, 2004, 07:54:51 PM »

An updated Hijackthis log from the infected computer would be nice, as we can tell you exactly what to get rid of
Also, I would like to check for a Hidden installer

Download STARTDRECK

Make sure you run this on the infected computer

Unzip it to it's own folder

run StartDreck.exe:
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log!

Also post a Fresh hijackthis log, thanks
Logged

 
cat_lover
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 10


Bookmark and Share

View Profile
« Reply #7 on: September 26, 2004, 08:02:51 PM »

I'll try to get that to you here shortly.  It may be a few minutes though.
Logged

 
cat_lover
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 10


Bookmark and Share

View Profile
« Reply #8 on: September 26, 2004, 08:25:22 PM »

Ok, here is the log file from Startdrek:

StartDreck (build 2.1.7 public stable) - 2004-09-26 @ 15:12:15 (GMT -05:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2800.1106
Logged in as valued customer at V3F2G2

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: September 26, 2004, 08:57:36 PM »

Good, that showed it in Startdreck

Set Windows to Show Hidden Files and Folders

Know how to RESTART your computer into SAFE MODE
Because you will need to do this

Can you download a Couple tools please
Download and save to desktop CWShredder
Don't run this yet

Could you also, if you haven't done so already, Download and Install
Ad-Aware SE Personal 1.05
You can download it from HERE
After installation-CHECK FOR UPDATES
Don't run this yet

I'm uploading a file called Win98fix.zip
Download it and save it to desktop

Disconnect from the NET

Now, ensure that Win98Fix.zip is unzipped

-DoubleClick on: 'RunFix.reg' file, Answer 'yes'
to the prompt!
-Restart computer into SAFE MODE

Find and delete:
C:\WINDOWS\SYSTEM\COMKI.DLL <---this file



Stay in Safe Mode
These entries can be fixed with hijackthis, they are optional, NOT required on startup, considered resource hogs
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

If you opt to fix them, after you have Fix Checked and closed hijackthis
Open up Just CWShredder and let it FIX all problems

RESTART back in Normal Mode--Stay disconnected from the Internet
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page
Do a Disk Cleanup--START>>>RUN>>>type in cleanmgr

Navigate to C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RENAME realsched.exe>>>>realsched.old

Open Ad-Aware (ensure you updated beforehand)
Do a Full System Scan--Remove All Critical Objects
RESTART your Computer to finish the Cleaning process

Do another scan with hijackthis and Post back with a Fresh log

Download Attachment: Win98fix.zip 97.16 KB
Right click and select Save Target As... then rename the file as shown here and save.
Logged

 
cat_lover
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 10


Bookmark and Share

View Profile
« Reply #10 on: September 26, 2004, 10:41:40 PM »

ok, here is the latest log file fromm hijack this after following the above instructions posted by your forum moderator.  Gosh, what a process!  I hope we can  get this thing completely cleaned up before hubby has to leave in the morning and take his computer with him.  I really appreciate your help with this.

Logfile of HijackThis v1.98.2
Scan saved at 5:19:35 PM, on 9/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NOVATEL WIRELESS\SPRINTPORT\SPRINTPORTA.EXE
C:\PROGRAM FILES\FREE SURFER\FS20.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\DISKSERV.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\SUPREME OFFICE SUITE3.0\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACK_THIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SprintPort] "C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [freesurfer] C:\PROGRAM FILES\FREE SURFER\fs20.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Supreme Office Suite 3.0.lnk = C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Wireless Connection Manager Update.lnk = C:\Program Files\Novatel Wireless\WirelessConnectionManager\WiseUpdt.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #11 on: September 26, 2004, 10:57:44 PM »

Your not quite there yet

RESTART your computer back into safe mode
With Windows showing hidden files

Look for and delete this file
C:\windows\diskserv.exe <--this file, it's a trojan

Stay in safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab

Optionally, fix the next ones, they are not needed on startup
Programs work fine without them
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

RESTART your computer

Your not running any Anti-Virus Software on your computer
I definitely recommend that if you don't have one of your own
Go and download the Free Version of
AVG by Grisoft
After Installation---Ensure it is right up to date
This AV is yours to keep, never safe to browse around without one
http://free.grisoft.com/freeweb.php/doc/2/

Supply them with a legitimate Email address, not a webbased such as hotmail
I use this on my XP machine, I've never had a problem

You should install these 2 apps., they add extra security while
silently protecting you, without running in the background

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==http://www.bleepingcomputer.com/forums/index.php?showtutorial=53
Download link==https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
Scroll down and click on IE-SPYAD.EXE Free!

With both, Check for updates every couple of weeks

Post back with a Fresh hijackthis log when you are done

When was the last time you did a Disk Defragment on the computer?
This isn't a security issue, just checking...
Logged

 
cat_lover
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 10


Bookmark and Share

View Profile
« Reply #12 on: September 27, 2004, 12:58:29 AM »

ok finished downloading those programs and ran the current hijack this log - posted as follows:

Logfile of HijackThis v1.98.2
Scan saved at 7:47:55 PM, on 9/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NOVATEL WIRELESS\SPRINTPORT\SPRINTPORTA.EXE
C:\PROGRAM FILES\FREE SURFER\FS20.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\SUPREME OFFICE SUITE3.0\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\NOVATEL WIRELESS\WIRELESSCONNECTIONMANAGER\WIRELESSCONNECTIONMANAGER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACK_THIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SprintPort] "C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [freesurfer] C:\PROGRAM FILES\FREE SURFER\fs20.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Supreme Office Suite 3.0.lnk = C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe
O4 - Startup: Wireless Connection Manager Update.lnk = C:\Program Files\Novatel Wireless\WirelessConnectionManager\WiseUpdt.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #13 on: September 27, 2004, 01:22:45 AM »

Looks good Cat_Lover, how's everything running

I've never used SUPREME OFFICE SUITE
Is it a good program? Just enquiring

If you didn't run a Full system scan with AVG make sure you do one

I also mentioned defragging your system
I was just checking to see if you have done it lately....
I get to nosey, like to keep my machines running smooth
You may want to do one every month or so.....

If not, here's what I do on my 98SE machine
Right click an empty spot on desktop---left click properites
Under Screen Saver---Select  None
Under Power options--set to Always on

RESTART in safe mode
Go to START>>Programs>>>Accessories>>System Tools
Scandisk--->Set to Auto Fix
Let that run
Go back to System Tools and do a Disk Defragment
Logged

 
cat_lover
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 10


Bookmark and Share

View Profile
« Reply #14 on: September 27, 2004, 01:55:48 AM »

my hubby hasnt had the computer very long so we havent run the defrag.  As far as I know he has not run the Supreme office suite (he's new to computers and just learning the how-to's)

We probably should run the defrag just to be safe.  I will check the operation of his computer in the morning before he leaves for his four week road trip lol that's his job.  He will be taking the computer with him so I won't know unless he calls to tell me if there is a problem.  But guess what... I just  found out my computer has had a browser redirect with the auto.search.msn.com and has taken me to sites that I dont allow on my computer at all. My antivirus and spyware blockers didnt pick it up but the hijack this did and the adware grabbed about 950 criticals on mine.  This is a new thing for me even though I've had more experience than my hubby has with computers.  As a matter of fact, I hadnt heard of most of this before.  Is it all fairly new?  Or am I just a bit behind?  I thought my norton anti-virus would pick up all of this stuff and tell me if I had any problems.  Gosh I could cry.

Thank you very much for all your help.
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page October 03, 2016, 03:38:56 AM