Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alexa keeps coming back :( [RESOLVED]


  • This topic is locked This topic is locked

#1
retrac

retrac

    Visiting Staff

  • Member
  • PipPipPip
  • 578 posts
Thanks you guys so much !!!

Well this is my parents PC and well it is a dinosaur to say the least....
Its got a woping 56 Mb RAM not to mention a slow proccesser ( about 8 years old )

If there are any "Uneeded resource hogs" here please let me know :tazz:
Did everything in "Start Here" except Ewido( not 98 compatible)

ACTIVE SCAN
Incident Status Location

Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}

Logfile of HijackThis v1.99.1
Scan saved at 1:56:50 PM, on 7/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\CIJ3P2PS.EXE
C:\WINDOWS\SYSTEM\FPDISP3A.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\SMC\SMC.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...&LC=0409&c=1c00
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.luckyhomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckyhomepage.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: QPHlprObj Class - {EFD440C0-0943-11d3-9D65-00A0CC22CBC4} - C:\WINDOWS\QPHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CIJ3P2PSERVER] CIJ3P2PS.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINDOWS\SYSTEM\fpdisp3a.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=1c00&lc=0409 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab



Thanks Again ! ;)

Edited by retrac, 19 July 2005 - 01:00 AM.

  • 0

Advertisements


#2
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hey :tazz:

Before I look at this log, is normal startup selected?
  • 0

#3
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
hehe yes
i just edited it before you got here :tazz:
  • 0

#4
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I still don't understand why you do that... :tazz:

Ok, give me a minute. And what do you mean "Alexa keeps coming back" an explanation would help and have you run the latest version of Ad-Aware?
  • 0

#5
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
Yeah i did everything in Start Here(AdAwareSE) ....Spybot has gotten rid of Alexa Related 3 times now

Edited by retrac, 19 July 2005 - 01:13 AM.

  • 0

#6
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
What was the location of these items, temp/temporary folders?
  • 0

#7
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
C:/Windows/Web/Related.htm (maybe not related, but something like that ...
  • 0

#8
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You're in luck :tazz: They have 98SE so you can run this program - however with such low memory I highly recommend shutting all other programs while it runs:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#9
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
When you say shut down all other programs u mean like uncheck in Msconfig...or just right click on em in System tray and close them????
  • 0

#10
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do not uncheck anything in msconfig, all I mean is don't run anything else!
  • 0

Advertisements


#11
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
47,000 registry items OMG should i use RegClean (microsoft made)


********
2:39 PM: |··· Start of Session, Monday, July 18, 2005 ···|
2:39 PM: Spy Sweeper started
2:39 PM: Sweep initiated using definitions version 505
2:39 PM: Starting Memory Sweep
2:41 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSGSRV32.EXE
2:41 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MMTASK.TSK
2:41 PM: Warning: Failed to load image: c:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
2:42 PM: Warning: Failed to load image: C:\WINDOWS\PTSNOOP.EXE
2:46 PM: Memory Sweep Complete, Elapsed Time: 00:06:17
2:46 PM: Starting Registry Sweep
2:47 PM: Found Adware: luckyhomepage.com hijack
2:47 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search page (ID = 4395251)
2:47 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search bar (ID = 4395252)
2:48 PM: Registry Sweep Complete, Elapsed Time:00:02:36
2:48 PM: Starting Cookie Sweep
2:48 PM: Found Cookie: com.com cookie
2:48 PM: default@com[2].txt (ID = 180866)
2:48 PM: Found Cookie: belnk cookie
2:48 PM: anyuser@belnk[1].txt (ID = 180713)
2:48 PM: anyuser@dist.belnk[2].txt (ID = 180714)
2:48 PM: anyuser@com[2].txt (ID = 180866)
2:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
2:48 PM: Starting File Sweep
2:49 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
2:55 PM: File Sweep Complete, Elapsed Time: 00:06:20
2:55 PM: Full Sweep has completed. Elapsed time 00:15:20
2:55 PM: Traces Found: 6
2:55 PM: Removal process initiated
2:55 PM: Quarantining All Traces: luckyhomepage.com hijack
2:55 PM: Quarantining All Traces: com.com cookie
2:55 PM: Quarantining All Traces: belnk cookie
2:55 PM: Removal process completed. Elapsed time 00:00:09
********
2:28 PM: |··· Start of Session, Monday, July 18, 2005 ···|
2:28 PM: Spy Sweeper started
2:30 PM: Updating spyware definitions
2:30 PM: Your definitions are up to date.

Edited by retrac, 19 July 2005 - 02:02 AM.

  • 0

#12
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
What are you talking about 47,000 reg entries?
  • 0

#13
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
when it was scanning it scanned 47,000 registry items
  • 0

#14
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
lol yes it scanned your registry - there were only a couple of bad registry entries found that were removed. I was thinking that must be the whole dang registry on a 98 :tazz: No you don't need to use a registry cleaner.
  • 0

#15
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
cool iwas just wondering cause that sounds like alot of registry keys, this computer is 8 years old i imagine there prolly are alot of dead and duplicate keys ????
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP