|
-
May 19th, 2004, 09:20 PM
#31
don't you dare give up.. not after I (and others) went to all that trouble posting info for you.
it's not gonna fix itself.. you do have to do a bit of work.. at least read all the info carefully that's been presented.. if you really want someone to hold your hand thru it all.. there are folks that could do just that. send me a pm and I'll see what we can work out.
and if you really just want to bite the bullet and reinstall your win98 OS and have a cdrom for it.. well then we "could" take that route.. but you'd be a much happier and knowledgeable person if you stuck to it and got rid of this yourself..
-
May 19th, 2004, 09:51 PM
#32
Junior Member
this is what yous keep telling me to do, i got HiJackThis in a solid folder i scanned with ad-ware then HiJackThis in safe mode and heres the log....
Logfile of HijackThis v1.97.7
Scan saved at 4:52:02 PM, on 5/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Downloads (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...104.6878356481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialer...ecomendada.cab
-
May 19th, 2004, 10:56 PM
#33
This isn't really my area, but here's what I see:
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/diale...Recomendada.cab The page no longer exists, that's why your pop-up is getting page not found. Deleting that should take care of your pop-up.
Actually, that's all I see. sumdumguy might see more (hint, hint)
EDIT: AACK...missed these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com...
-
May 21st, 2004, 02:08 PM
#34
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
See this link for more information. I would uninstall it ASAP.
-
May 21st, 2004, 05:14 PM
#35
hmm yes I thought that looked suspicious too,but since it was installed in the program files folder I assumed that it was some kind of trojan killer he had,I also googled for it,there IS a program called spykiller,sure you arent removing a legit program here?
-
May 21st, 2004, 05:56 PM
#36
therenegade, in that searching, did you run across all the complaints? Spykiller has been purported to give false positives in order to entice people into buying it. I'm not saying it is true, just the accusation.
Also, there are hijacked links that when people go to download Spybot, they are directed to SpyKiller and mistakenly download it, instead of Spybot. http://www.safer-networking.org/inde...ail=2004-02-05
Most of the time, people don't know they have it. 
-
May 21st, 2004, 07:06 PM
#37
I did actually,it was just the fact that the program started from the program files folder rather than system which made me hesitate lol,my bad
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote