Logfile of HijackThis v1.98.2 Scan saved at 12:25:09, on 29/10/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\WINMODEM.101\PBWexe.exe C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\MOUSE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE C:\SP.EXE C:\PROGRAM FILES\F-SECURE ANTI-VIRUS\BACKWEB\4476822\PROGRAM\FSPEX.EXE C:\COREL\GRAPHICS8_TV\PROGRAMS\MFINDEXER.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\SERIF\GRAPHICSPLUS\GPSTART.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\F-SECURE ANTI-VIRUS\BACKWEB\4476822\PROGRAM\FSBWSYS.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\SPYWAREREMOVALFOLDER\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beeb.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.beeb.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F1 - win.ini: load=c:\ N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.which.net/index.html"); (C:\Program Files\WhichOL\Communicator\Users\WO\prefs.js) O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [PBWmodem] C:\WINDOWS\Init.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [WinCast] Q:\SETUP.EXE O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [LexStart] lexstart.exe O4 - HKLM\..\Run: [ADQuickAccess] C:\AFTERDRK\ADTRAY.EXE O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\RunServices: [PBWmodem] WINMODEM.101\PBWexe.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [sp] C:\sp.exe O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\COREL\Graphics8_TV\Programs\MFIndexer.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OFFICE\OSA.EXE O4 - Startup: GraphicsPlus.lnk = C:\Program Files\Serif\GraphicsPlus\GpStart.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe O4 - Global Startup: F-Secure Anti-Virus 2005.lnk = C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Send to My Mobile - C:\PROGRA~1\O2POCKET/exec_ctools.htm O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: -->Mobile - {C37751A4-A423-42a9-A364-106D9613AB61} - C:\PROGRA~1\O2POCKET\PocketCompanion.exe (file missing) (HKCU) O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .aiff: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .com/d/sr?xargs=02u3hs9yoajmUOuyECBRTFfxKKqzAsbMgo1K7+Fg3AJQ8XIuh5a+8TXDxjFMWYp/9MmZU9kCxQ2icsL2Y3kfGCIhFlbyDNBJPWlANclr6RVzi5Xf67t+K: C:\PROGRAM FILES\WHICHOL\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.beeb.net O15 - Trusted Zone: http://mysite.freeserve.com O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
computer constantyly shows popups
Started by
chopyaedoff
, Oct 29 2004 05:26 AM
#1
Posted 29 October 2004 - 05:26 AM
#2
Posted 01 November 2004 - 12:16 PM
What kind of problems are you having?
#3
Posted 02 November 2004 - 02:13 PM
it seams to have stopped now but now my computer is very very slow here is my lastest hjt log
Logfile of HijackThis v1.98.2 Scan saved at 20:16:02, on 02/11/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\WINMODEM.101\PBWexe.exe C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\MOUSE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE C:\COREL\GRAPHICS8_TV\PROGRAMS\MFINDEXER.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\SERIF\GRAPHICSPLUS\GPSTART.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\SPYWAREREMOVALFOLDER\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beeb.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.beeb.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.which.net/index.html"); (C:\Program Files\WhichOL\Communicator\Users\WO\prefs.js) O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [PBWmodem] C:\WINDOWS\Init.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [WinCast] Q:\SETUP.EXE O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [LexStart] lexstart.exe O4 - HKLM\..\Run: [ADQuickAccess] C:\AFTERDRK\ADTRAY.EXE O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [win32app] c:\windows\System\winpup32.exe O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.EXE O4 - HKLM\..\RunServices: [PBWmodem] WINMODEM.101\PBWexe.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon O4 - HKLM\..\RunOnce: [Registering itss.dll..] c:\windows\SYSTEM\regsvr32 /s itss.dll O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o O4 - HKLM\..\RunOnce: [RegTLib] c:\windows\RegTLib.exe c:\windows\SYSTEM\StdOle2.Tlb O4 - HKLM\..\RunOnce: [RunOnceEx] rundll32.exe c:\windows\SYSTEM\iernonce.dll,RunOnceExProcess O4 - HKLM\..\RunOnce: [Registering xenroll.dll..] c:\windows\SYSTEM\regsvr32 /s xenroll.dll O4 - HKLM\..\RunOnce: [Registering hhctrl.ocx..] c:\windows\SYSTEM\regsvr32 /s hhctrl.ocx O4 - HKLM\..\RunOnce: [Registering itircl.dll..] c:\windows\SYSTEM\regsvr32 /s itircl.dll O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\msdxm.ocx" O4 - HKLM\..\RunOnce: [WMC_1] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\dxmasf.dll" O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [sp] C:\sp.exe O4 - HKCU\..\Run: [PktAnything] C:\PROGRA~1\O2POCKET\PocketCompanion.exe -NoShowPC O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\COREL\Graphics8_TV\Programs\MFIndexer.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OFFICE\OSA.EXE O4 - Startup: GraphicsPlus.lnk = C:\Program Files\Serif\GraphicsPlus\GpStart.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Send to My Mobile - C:\PROGRA~1\O2POCKET/exec_ctools.htm O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .aiff: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .com/d/sr?xargs=02u3hs9yoajmUOuyECBRTFfxKKqzAsbMgo1K7+Fg3AJQ8XIuh5a+8TXDxjFMWYp/9MmZU9kCxQ2icsL2Y3kfGCIhFlbyDNBJPWlANclr6RVzi5Xf67t+K: C:\PROGRAM FILES\WHICHOL\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.beeb.net O15 - Trusted Zone: http://mysite.freeserve.com O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users