Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Explorer error message


  • Please log in to reply

#1
Helenwatermelon

Helenwatermelon

    New Member

  • Member
  • Pip
  • 9 posts
I would imagine this topic has been covered before but I am soooooo frustrated I can't look.

We use a racing site frequently - Rosnet2000- everything was fine until they updated their site and required Internet Explorer 6.

Ok, we have a real old and abused Packard [bleep] with Windows 98 second edition and had da nada problems - in order to view the races, I downloaded and installed IE6.

Waaaaaaaaaaaah, now everytime I try to use ANY drop down menu a message error that Explorer has performed an illegal something and will shut down. It does, every time.

I have tried to understand the kernals and dll's listed, but I am lost as how to repair this or skirt the issue.

Can someone help this poor computer illiterate???

Thanks.

Helen the Unhappy watermelon
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
Helenwatermelon

Helenwatermelon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok, here goes..................... LMAO, I don't know much, but all those times when "No (insert here, Dear, mom, honey......) I wasn't online today " mayb means "Yes (insert here, Dear, mom, honey) I sure was online today."


Logfile of HijackThis v1.97.7
Scan saved at 2:04:13 PM, on 4/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\SVCINIT.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ESCORCHER\ESCORCHER.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\WINDOWS\REALTIME.EXE
C:\PROGRAM FILES\WEATHER PULSE\WEATHERPULSE.EXE
C:\PROGRAM FILES\COMMON FILES\EACCELERATION\EANTHOLOGY.EXE
C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE
C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ACCELERATION SOFTWARE\VELOZDEFENDER\VELOZSYS.EXE
C:\PROGRAM FILES\ACCELERATION SOFTWARE\VELOZDEFENDER\VELOZ.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\FD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...px?tb_id=%tb_id
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.seekwell.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ultralinks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seekwell.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.seekwell.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...px?tb_id=%tb_id
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.greytalk.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...px?tb_id=%tb_id
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
O1 - Hosts: 66.197.26.230 www.ccbill.com
O1 - Hosts: 66.197.26.230 www.maximumcash.com
O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
O1 - Hosts: 66.197.26.230 www.silvercash.com
O1 - Hosts: 66.197.26.230 www.freeticketcash.com
O1 - Hosts: 66.197.26.230 www.epiccash.com
O1 - Hosts: 66.197.26.230 www.aebn.net
O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
O1 - Hosts: 66.197.26.230 www.fatpockets.com
O1 - Hosts: 66.197.26.230 www.adultplatinum.com
O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
O1 - Hosts: 66.197.26.230 www.cumfiesta.com
O1 - Hosts: 66.197.26.230 www.nastydollars.com
O1 - Hosts: 66.197.26.230 www.hawgscash.com
O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
O1 - Hosts: 66.197.26.230 www.oxcash.com
O1 - Hosts: 66.197.26.230 www.amateurpages.com
O1 - Hosts: 66.197.26.230 www.milfhunter.com
O1 - Hosts: 66.197.26.230 www.gammae.com
O1 - Hosts: 66.197.26.230 www.captainstabbin.com
O1 - Hosts: 66.197.26.230 www.bignaturals.com
O1 - Hosts: 66.197.26.230 www.sweetmoney.com
O1 - Hosts: 66.197.26.230 www.karasxxx.com
O1 - Hosts: 66.197.26.230 www.albionmedical.com
O1 - Hosts: 66.197.26.230 www.wegcash.com
O1 - Hosts: 66.197.26.230 www.karupspc.com
O1 - Hosts: 66.197.26.230 www.pillsmoney.com
O1 - Hosts: 66.197.26.230 adultrevenueservice.com
O1 - Hosts: 66.197.26.230 ccbill.com
O1 - Hosts: 66.197.26.230 maximumcash.com
O1 - Hosts: 66.197.26.230 freeezinebucks.com
O1 - Hosts: 66.197.26.230 silvercash.com
O1 - Hosts: 66.197.26.230 freeticketcash.com
O1 - Hosts: 66.197.26.230 epiccash.com
O1 - Hosts: 66.197.26.230 aebn.net
O1 - Hosts: 66.197.26.230 lightspeedcash.com
O1 - Hosts: 66.197.26.230 fatpockets.com
O1 - Hosts: 66.197.26.230 adultplatinum.com
O1 - Hosts: 66.197.26.230 vidsandtoys.com
O1 - Hosts: 66.197.26.230 cumfiesta.com
O1 - Hosts: 66.197.26.230 nastydollars.com
O1 - Hosts: 66.197.26.230 hawgscash.com
O1 - Hosts: 66.197.26.230 pure-pornstars.com
O1 - Hosts: 66.197.26.230 oxcash.com
O1 - Hosts: 66.197.26.230 amateurpages.com
O1 - Hosts: 66.197.26.230 milfhunter.com
O1 - Hosts: 66.197.26.230 gammae.com
O1 - Hosts: 66.197.26.230 captainstabbin.com
O1 - Hosts: 66.197.26.230 bignaturals.com
O1 - Hosts: 66.197.26.230 sweetmoney.com
O1 - Hosts: 66.197.26.230 karasxxx.com
O1 - Hosts: 66.197.26.230 albionmedical.com
O1 - Hosts: 66.197.26.230 wegcash.com
O1 - Hosts: 66.197.26.230 karupspc.com
O1 - Hosts: 66.197.26.230 pillsmoney.com
O1 - Hosts: 66.197.93.224 sublimedirectory.com
O1 - Hosts: 66.197.93.224 www.sublimedirectory.com
O1 - Hosts: 66.197.93.224 uh-oh.net
O1 - Hosts: 66.197.93.224 www.uh-oh.net
O1 - Hosts: 66.197.93.224 wetcircle.com
O1 - Hosts: 66.197.93.224 www.wetcircle.com
O1 - Hosts: 66.197.93.224 free64all.com
O1 - Hosts: 66.197.93.224 www.free64all.com
O1 - Hosts: 66.197.93.224 teeniefiles.com
O1 - Hosts: 66.197.93.224 www.teeniefiles.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 hardcorejunky.net
O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
O1 - Hosts: 66.197.93.224 mmm100.com
O1 - Hosts: 66.197.93.224 www.mmm100.com
O1 - Hosts: 66.197.93.224 mature-post.com
O1 - Hosts: 66.197.93.224 www.mature-post.com
O1 - Hosts: 66.197.93.224 elephant-list.com
O1 - Hosts: 66.197.93.224 www.elephant-list.com
O1 - Hosts: 66.197.93.224 sleazydream.com
O1 - Hosts: 66.197.93.224 www.sleazydream.com
O1 - Hosts: 66.197.93.224 al4a.com
O1 - Hosts: 66.197.93.224 www.al4a.com
O1 - Hosts: 66.197.93.224 call-kelly.com
O1 - Hosts: 66.197.93.224 www.call-kelly.com
O1 - Hosts: 66.197.93.224 chubbyland.com
O1 - Hosts: 66.197.93.224 www.chubbyland.com
O1 - Hosts: 66.197.93.224 blitzpics.com
O1 - Hosts: 66.197.93.224 www.blitzpics.com
O1 - Hosts: 66.197.93.224 bondagewizard.com
O1 - Hosts: 66.197.93.224 www.bondagewizard.com
O1 - Hosts: 66.197.93.224 pichunter.com
O1 - Hosts: 66.197.93.224 www.pichunter.com
O1 - Hosts: 66.197.93.224 male-movies.com
O1 - Hosts: 66.197.93.224 www.male-movies.com
O1 - Hosts: 66.197.93.224 silent-screams.com
O1 - Hosts: 66.197.93.224 www.silent-screams.com
O1 - Hosts: 66.197.93.224 citizencane.org
O1 - Hosts: 66.197.93.224 www.citizencane.org
O1 - Hosts: 66.197.93.224 persiankitty.com
O1 - Hosts: 66.197.93.224 www.persiankitty.com
O1 - Hosts: 66.197.93.224 easypic.com
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\PROGRAM FILES\PAYYATEC\POPUPKILLER\POPUPKILLER.DLL (file missing)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [siscolor] color.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [eScorcher] C:\Program Files\eScorcher\eScorcher.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EanthologyApp] "C:\PROGRAM FILES\COMMON FILES\EACCELERATION\EANTHOLOGY.EXE" /b Startup
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\VELOZSYS.EXE runstart
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe
O4 - HKCU\..\Run: [VCatch] C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\RunServices: [VCatch] C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Popup Killer Options (HKLM)
O9 - Extra 'Tools' menuitem: Popup Killer (HKLM)
O9 - Extra 'Tools' menuitem: Free Software Downloads (HKLM)
O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
O16 - DPF: Yahoo! Towers 2.0 - http://download.yaho...ts/y/ywr3_x.cab
O16 - DPF: Yahoo! Dots - http://download.yaho...ts/y/dtr2_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.

Let's start with a couple of free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run Spybot Search & Destroy.

Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. <_<

CLICK HERE to download CWShredder
CLICK HERE to download Spybot S&D
  • 0

#5
Helenwatermelon

Helenwatermelon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Wow, you are too quick. Just wanted to say thanks and now I'm going to do what you just told me too.

I think I'm in love <_<


helen
  • 0

#6
Helenwatermelon

Helenwatermelon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok, here's the Hijack report number 2.......................

Logfile of HijackThis v1.97.7
Scan saved at 5:23:40 PM, on 4/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ESCORCHER\ESCORCHER.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\REALTIME.EXE
C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.greytalk.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
O1 - Hosts: 66.197.26.230 www.ccbill.com
O1 - Hosts: 66.197.26.230 www.maximumcash.com
O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
O1 - Hosts: 66.197.26.230 www.silvercash.com
O1 - Hosts: 66.197.26.230 www.freeticketcash.com
O1 - Hosts: 66.197.26.230 www.epiccash.com
O1 - Hosts: 66.197.26.230 www.aebn.net
O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
O1 - Hosts: 66.197.26.230 www.fatpockets.com
O1 - Hosts: 66.197.26.230 www.adultplatinum.com
O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
O1 - Hosts: 66.197.26.230 www.cumfiesta.com
O1 - Hosts: 66.197.26.230 www.nastydollars.com
O1 - Hosts: 66.197.26.230 www.hawgscash.com
O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
O1 - Hosts: 66.197.26.230 www.oxcash.com
O1 - Hosts: 66.197.26.230 www.amateurpages.com
O1 - Hosts: 66.197.26.230 www.milfhunter.com
O1 - Hosts: 66.197.26.230 www.gammae.com
O1 - Hosts: 66.197.26.230 www.captainstabbin.com
O1 - Hosts: 66.197.26.230 www.bignaturals.com
O1 - Hosts: 66.197.26.230 www.sweetmoney.com
O1 - Hosts: 66.197.26.230 www.karasxxx.com
O1 - Hosts: 66.197.26.230 www.albionmedical.com
O1 - Hosts: 66.197.26.230 www.wegcash.com
O1 - Hosts: 66.197.26.230 www.karupspc.com
O1 - Hosts: 66.197.26.230 www.pillsmoney.com
O1 - Hosts: 66.197.26.230 adultrevenueservice.com
O1 - Hosts: 66.197.26.230 ccbill.com
O1 - Hosts: 66.197.26.230 maximumcash.com
O1 - Hosts: 66.197.26.230 freeezinebucks.com
O1 - Hosts: 66.197.26.230 silvercash.com
O1 - Hosts: 66.197.26.230 freeticketcash.com
O1 - Hosts: 66.197.26.230 epiccash.com
O1 - Hosts: 66.197.26.230 aebn.net
O1 - Hosts: 66.197.26.230 lightspeedcash.com
O1 - Hosts: 66.197.26.230 fatpockets.com
O1 - Hosts: 66.197.26.230 adultplatinum.com
O1 - Hosts: 66.197.26.230 vidsandtoys.com
O1 - Hosts: 66.197.26.230 cumfiesta.com
O1 - Hosts: 66.197.26.230 nastydollars.com
O1 - Hosts: 66.197.26.230 hawgscash.com
O1 - Hosts: 66.197.26.230 pure-pornstars.com
O1 - Hosts: 66.197.26.230 oxcash.com
O1 - Hosts: 66.197.26.230 amateurpages.com
O1 - Hosts: 66.197.26.230 milfhunter.com
O1 - Hosts: 66.197.26.230 gammae.com
O1 - Hosts: 66.197.26.230 captainstabbin.com
O1 - Hosts: 66.197.26.230 bignaturals.com
O1 - Hosts: 66.197.26.230 sweetmoney.com
O1 - Hosts: 66.197.26.230 karasxxx.com
O1 - Hosts: 66.197.26.230 albionmedical.com
O1 - Hosts: 66.197.26.230 wegcash.com
O1 - Hosts: 66.197.26.230 karupspc.com
O1 - Hosts: 66.197.26.230 pillsmoney.com
O1 - Hosts: 66.197.93.224 uh-oh.net
O1 - Hosts: 66.197.93.224 www.uh-oh.net
O1 - Hosts: 66.197.93.224 wetcircle.com
O1 - Hosts: 66.197.93.224 www.wetcircle.com
O1 - Hosts: 66.197.93.224 free64all.com
O1 - Hosts: 66.197.93.224 www.free64all.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 hardcorejunky.net
O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
O1 - Hosts: 66.197.93.224 mmm100.com
O1 - Hosts: 66.197.93.224 www.mmm100.com
O1 - Hosts: 66.197.93.224 mature-post.com
O1 - Hosts: 66.197.93.224 www.mature-post.com
O1 - Hosts: 66.197.93.224 elephant-list.com
O1 - Hosts: 66.197.93.224 www.elephant-list.com
O1 - Hosts: 66.197.93.224 sleazydream.com
O1 - Hosts: 66.197.93.224 www.sleazydream.com
O1 - Hosts: 66.197.93.224 call-kelly.com
O1 - Hosts: 66.197.93.224 www.call-kelly.com
O1 - Hosts: 66.197.93.224 chubbyland.com
O1 - Hosts: 66.197.93.224 www.chubbyland.com
O1 - Hosts: 66.197.93.224 blitzpics.com
O1 - Hosts: 66.197.93.224 www.blitzpics.com
O1 - Hosts: 66.197.93.224 bondagewizard.com
O1 - Hosts: 66.197.93.224 www.bondagewizard.com
O1 - Hosts: 66.197.93.224 pichunter.com
O1 - Hosts: 66.197.93.224 www.pichunter.com
O1 - Hosts: 66.197.93.224 male-movies.com
O1 - Hosts: 66.197.93.224 www.male-movies.com
O1 - Hosts: 66.197.93.224 silent-screams.com
O1 - Hosts: 66.197.93.224 www.silent-screams.com
O1 - Hosts: 66.197.93.224 citizencane.org
O1 - Hosts: 66.197.93.224 www.citizencane.org
O1 - Hosts: 66.197.93.224 persiankitty.com
O1 - Hosts: 66.197.93.224 www.persiankitty.com
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\PROGRAM FILES\PAYYATEC\POPUPKILLER\POPUPKILLER.DLL (file missing)
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [siscolor] color.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [eScorcher] C:\Program Files\eScorcher\eScorcher.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\VELOZSYS.EXE runstart
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [VCatch] C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\RunServices: [VCatch] C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Popup Killer Options (HKLM)
O9 - Extra 'Tools' menuitem: Popup Killer (HKLM)
O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: Yahoo! Towers 2.0 - http://download.yaho...ts/y/ywr3_x.cab
O16 - DPF: Yahoo! Dots - http://download.yaho...ts/y/dtr2_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
  • 0

#7
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
You should create a folder for Hijack This (i.e. C:\HJT). If not it will create multiple backup files on your desktop.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

C:\PROGRAM FILES\ESCORCHER\ESCORCHER.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\REALTIME.EXE
C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
O1 - Hosts: 66.197.26.230 www.ccbill.com
O1 - Hosts: 66.197.26.230 www.maximumcash.com
O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
O1 - Hosts: 66.197.26.230 www.silvercash.com
O1 - Hosts: 66.197.26.230 www.freeticketcash.com
O1 - Hosts: 66.197.26.230 www.epiccash.com
O1 - Hosts: 66.197.26.230 www.aebn.net
O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
O1 - Hosts: 66.197.26.230 www.fatpockets.com
O1 - Hosts: 66.197.26.230 www.adultplatinum.com
O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
O1 - Hosts: 66.197.26.230 www.cumfiesta.com
O1 - Hosts: 66.197.26.230 www.nastydollars.com
O1 - Hosts: 66.197.26.230 www.hawgscash.com
O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
O1 - Hosts: 66.197.26.230 www.oxcash.com
O1 - Hosts: 66.197.26.230 www.amateurpages.com
O1 - Hosts: 66.197.26.230 www.milfhunter.com
O1 - Hosts: 66.197.26.230 www.gammae.com
O1 - Hosts: 66.197.26.230 www.captainstabbin.com
O1 - Hosts: 66.197.26.230 www.bignaturals.com
O1 - Hosts: 66.197.26.230 www.sweetmoney.com
O1 - Hosts: 66.197.26.230 www.karasxxx.com
O1 - Hosts: 66.197.26.230 www.albionmedical.com
O1 - Hosts: 66.197.26.230 www.wegcash.com
O1 - Hosts: 66.197.26.230 www.karupspc.com
O1 - Hosts: 66.197.26.230 www.pillsmoney.com
O1 - Hosts: 66.197.26.230 adultrevenueservice.com
O1 - Hosts: 66.197.26.230 ccbill.com
O1 - Hosts: 66.197.26.230 maximumcash.com
O1 - Hosts: 66.197.26.230 freeezinebucks.com
O1 - Hosts: 66.197.26.230 silvercash.com
O1 - Hosts: 66.197.26.230 freeticketcash.com
O1 - Hosts: 66.197.26.230 epiccash.com
O1 - Hosts: 66.197.26.230 aebn.net
O1 - Hosts: 66.197.26.230 lightspeedcash.com
O1 - Hosts: 66.197.26.230 fatpockets.com
O1 - Hosts: 66.197.26.230 adultplatinum.com
O1 - Hosts: 66.197.26.230 vidsandtoys.com
O1 - Hosts: 66.197.26.230 cumfiesta.com
O1 - Hosts: 66.197.26.230 nastydollars.com
O1 - Hosts: 66.197.26.230 hawgscash.com
O1 - Hosts: 66.197.26.230 pure-pornstars.com
O1 - Hosts: 66.197.26.230 oxcash.com
O1 - Hosts: 66.197.26.230 amateurpages.com
O1 - Hosts: 66.197.26.230 milfhunter.com
O1 - Hosts: 66.197.26.230 gammae.com
O1 - Hosts: 66.197.26.230 captainstabbin.com
O1 - Hosts: 66.197.26.230 bignaturals.com
O1 - Hosts: 66.197.26.230 sweetmoney.com
O1 - Hosts: 66.197.26.230 karasxxx.com
O1 - Hosts: 66.197.26.230 albionmedical.com
O1 - Hosts: 66.197.26.230 wegcash.com
O1 - Hosts: 66.197.26.230 karupspc.com
O1 - Hosts: 66.197.26.230 pillsmoney.com
O1 - Hosts: 66.197.93.224 uh-oh.net
O1 - Hosts: 66.197.93.224 www.uh-oh.net
O1 - Hosts: 66.197.93.224 wetcircle.com
O1 - Hosts: 66.197.93.224 www.wetcircle.com
O1 - Hosts: 66.197.93.224 free64all.com
O1 - Hosts: 66.197.93.224 www.free64all.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 hardcorejunky.net
O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
O1 - Hosts: 66.197.93.224 mmm100.com
O1 - Hosts: 66.197.93.224 www.mmm100.com
O1 - Hosts: 66.197.93.224 mature-post.com
O1 - Hosts: 66.197.93.224 www.mature-post.com
O1 - Hosts: 66.197.93.224 elephant-list.com
O1 - Hosts: 66.197.93.224 www.elephant-list.com
O1 - Hosts: 66.197.93.224 sleazydream.com
O1 - Hosts: 66.197.93.224 www.sleazydream.com
O1 - Hosts: 66.197.93.224 call-kelly.com
O1 - Hosts: 66.197.93.224 www.call-kelly.com
O1 - Hosts: 66.197.93.224 chubbyland.com
O1 - Hosts: 66.197.93.224 www.chubbyland.com
O1 - Hosts: 66.197.93.224 blitzpics.com
O1 - Hosts: 66.197.93.224 www.blitzpics.com
O1 - Hosts: 66.197.93.224 bondagewizard.com
O1 - Hosts: 66.197.93.224 www.bondagewizard.com
O1 - Hosts: 66.197.93.224 pichunter.com
O1 - Hosts: 66.197.93.224 www.pichunter.com
O1 - Hosts: 66.197.93.224 male-movies.com
O1 - Hosts: 66.197.93.224 www.male-movies.com
O1 - Hosts: 66.197.93.224 silent-screams.com
O1 - Hosts: 66.197.93.224 www.silent-screams.com
O1 - Hosts: 66.197.93.224 citizencane.org
O1 - Hosts: 66.197.93.224 www.citizencane.org
O1 - Hosts: 66.197.93.224 persiankitty.com
O1 - Hosts: 66.197.93.224 www.persiankitty.com
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O4 - HKLM\..\Run: [eScorcher] C:\Program Files\eScorcher\eScorcher.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\VELOZSYS.EXE runstart
O4 - HKCU\..\Run: [VCatch] C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\RunServices: [VCatch] C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O14 - IERESET.INF: START_PAGE_URL=

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of asiclayer.dll.

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log.

Spykiller is not recommended, Vcatch anti-virus actually contains spyware, and Stop-Sign also contains spyware.

Use Spybot S&D ocassionally to scan for new spyware. AVG has a great free version of its anti-virus program: http://www.grisoft.c...s_dwnl_free.php
  • 0

#8
Helenwatermelon

Helenwatermelon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here we go, but it looks the same to me............

Logfile of HijackThis v1.97.7
Scan saved at 7:17:52 PM, on 4/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ESCORCHER\ESCORCHER.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\REALTIME.EXE
C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.greytalk.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
O1 - Hosts: 66.197.26.230 www.ccbill.com
O1 - Hosts: 66.197.26.230 www.maximumcash.com
O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
O1 - Hosts: 66.197.26.230 www.silvercash.com
O1 - Hosts: 66.197.26.230 www.freeticketcash.com
O1 - Hosts: 66.197.26.230 www.epiccash.com
O1 - Hosts: 66.197.26.230 www.aebn.net
O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
O1 - Hosts: 66.197.26.230 www.fatpockets.com
O1 - Hosts: 66.197.26.230 www.adultplatinum.com
O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
O1 - Hosts: 66.197.26.230 www.cumfiesta.com
O1 - Hosts: 66.197.26.230 www.nastydollars.com
O1 - Hosts: 66.197.26.230 www.hawgscash.com
O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
O1 - Hosts: 66.197.26.230 www.oxcash.com
O1 - Hosts: 66.197.26.230 www.amateurpages.com
O1 - Hosts: 66.197.26.230 www.milfhunter.com
O1 - Hosts: 66.197.26.230 www.gammae.com
O1 - Hosts: 66.197.26.230 www.captainstabbin.com
O1 - Hosts: 66.197.26.230 www.bignaturals.com
O1 - Hosts: 66.197.26.230 www.sweetmoney.com
O1 - Hosts: 66.197.26.230 www.karasxxx.com
O1 - Hosts: 66.197.26.230 www.albionmedical.com
O1 - Hosts: 66.197.26.230 www.wegcash.com
O1 - Hosts: 66.197.26.230 www.karupspc.com
O1 - Hosts: 66.197.26.230 www.pillsmoney.com
O1 - Hosts: 66.197.26.230 adultrevenueservice.com
O1 - Hosts: 66.197.26.230 ccbill.com
O1 - Hosts: 66.197.26.230 maximumcash.com
O1 - Hosts: 66.197.26.230 freeezinebucks.com
O1 - Hosts: 66.197.26.230 silvercash.com
O1 - Hosts: 66.197.26.230 freeticketcash.com
O1 - Hosts: 66.197.26.230 epiccash.com
O1 - Hosts: 66.197.26.230 aebn.net
O1 - Hosts: 66.197.26.230 lightspeedcash.com
O1 - Hosts: 66.197.26.230 fatpockets.com
O1 - Hosts: 66.197.26.230 adultplatinum.com
O1 - Hosts: 66.197.26.230 vidsandtoys.com
O1 - Hosts: 66.197.26.230 cumfiesta.com
O1 - Hosts: 66.197.26.230 nastydollars.com
O1 - Hosts: 66.197.26.230 hawgscash.com
O1 - Hosts: 66.197.26.230 pure-pornstars.com
O1 - Hosts: 66.197.26.230 oxcash.com
O1 - Hosts: 66.197.26.230 amateurpages.com
O1 - Hosts: 66.197.26.230 milfhunter.com
O1 - Hosts: 66.197.26.230 gammae.com
O1 - Hosts: 66.197.26.230 captainstabbin.com
O1 - Hosts: 66.197.26.230 bignaturals.com
O1 - Hosts: 66.197.26.230 sweetmoney.com
O1 - Hosts: 66.197.26.230 karasxxx.com
O1 - Hosts: 66.197.26.230 albionmedical.com
O1 - Hosts: 66.197.26.230 wegcash.com
O1 - Hosts: 66.197.26.230 karupspc.com
O1 - Hosts: 66.197.26.230 pillsmoney.com
O1 - Hosts: 66.197.93.224 uh-oh.net
O1 - Hosts: 66.197.93.224 www.uh-oh.net
O1 - Hosts: 66.197.93.224 wetcircle.com
O1 - Hosts: 66.197.93.224 www.wetcircle.com
O1 - Hosts: 66.197.93.224 free64all.com
O1 - Hosts: 66.197.93.224 www.free64all.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 hardcorejunky.net
O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
O1 - Hosts: 66.197.93.224 mmm100.com
O1 - Hosts: 66.197.93.224 www.mmm100.com
O1 - Hosts: 66.197.93.224 mature-post.com
O1 - Hosts: 66.197.93.224 www.mature-post.com
O1 - Hosts: 66.197.93.224 elephant-list.com
O1 - Hosts: 66.197.93.224 www.elephant-list.com
O1 - Hosts: 66.197.93.224 sleazydream.com
O1 - Hosts: 66.197.93.224 www.sleazydream.com
O1 - Hosts: 66.197.93.224 call-kelly.com
O1 - Hosts: 66.197.93.224 www.call-kelly.com
O1 - Hosts: 66.197.93.224 chubbyland.com
O1 - Hosts: 66.197.93.224 www.chubbyland.com
O1 - Hosts: 66.197.93.224 blitzpics.com
O1 - Hosts: 66.197.93.224 www.blitzpics.com
O1 - Hosts: 66.197.93.224 bondagewizard.com
O1 - Hosts: 66.197.93.224 www.bondagewizard.com
O1 - Hosts: 66.197.93.224 pichunter.com
O1 - Hosts: 66.197.93.224 www.pichunter.com
O1 - Hosts: 66.197.93.224 male-movies.com
O1 - Hosts: 66.197.93.224 www.male-movies.com
O1 - Hosts: 66.197.93.224 silent-screams.com
O1 - Hosts: 66.197.93.224 www.silent-screams.com
O1 - Hosts: 66.197.93.224 citizencane.org
O1 - Hosts: 66.197.93.224 www.citizencane.org
O1 - Hosts: 66.197.93.224 persiankitty.com
O1 - Hosts: 66.197.93.224 www.persiankitty.com
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\PROGRAM FILES\PAYYATEC\POPUPKILLER\POPUPKILLER.DLL (file missing)
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [siscolor] color.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [eScorcher] C:\Program Files\eScorcher\eScorcher.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\VELOZSYS.EXE runstart
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [VCatch] C:\PROGRAM FILES\COMMONSEARCH\VCATCH.EXE
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Popup Killer Options (HKLM)
O9 - Extra 'Tools' menuitem: Popup Killer (HKLM)
O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: Yahoo! Towers 2.0 - http://download.yaho...ts/y/ywr3_x.cab
O16 - DPF: Yahoo! Dots - http://download.yaho...ts/y/dtr2_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab
  • 0

#9
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Well, actually it does look better. Try CWShredder one more time. and post a new log. If that doesn't work I'll have you try something else. <_<

CLICK HERE to download CWShredder
  • 0

#10
Helenwatermelon

Helenwatermelon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Good morning!!!

Ok, will do.

Actually, it's much better already. I uninstalled both VCatch and Escorcher and downloaded and installed your suggested program, AVG. It immediately detected a trojan something.

I used Google last evening - the worst offender - three times with no trouble.

Off to do the shredder thing...


Helen
  • 0

Advertisements


#11
Helenwatermelon

Helenwatermelon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here ya go..............I have one thing to add, about creating the folder for Hijackthis?? I did experience a moment of blind panic when all those "thingies" did indeed show up on the desktop. Like almost 100 of them. I figured it out soon enough..............


Logfile of HijackThis v1.97.7
Scan saved at 10:03:51 AM, on 4/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.greytalk.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\PROGRAM FILES\PAYYATEC\POPUPKILLER\POPUPKILLER.DLL (file missing)
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [siscolor] color.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Popup Killer Options (HKLM)
O9 - Extra 'Tools' menuitem: Popup Killer (HKLM)
O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: Yahoo! Towers 2.0 - http://download.yaho...ts/y/ywr3_x.cab
O16 - DPF: Yahoo! Dots - http://download.yaho...ts/y/dtr2_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab
  • 0

#12
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Just a little cleaning up to do. <_< Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O14 - IERESET.INF: START_PAGE_URL=

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log.
  • 0

#13
Helenwatermelon

Helenwatermelon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.97.7
Scan saved at 10:46:31 AM, on 4/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 8.0\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.greytalk.com/
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\PROGRAM FILES\PAYYATEC\POPUPKILLER\POPUPKILLER.DLL (file missing)
O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [siscolor] color.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: Yahoo! Towers 2.0 - http://download.yaho...ts/y/ywr3_x.cab
O16 - DPF: Yahoo! Dots - http://download.yaho...ts/y/dtr2_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab

<_<
  • 0

#14
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Congratulations! Your system is CLEAN <_<

If everything seems to be working okay you can delete the Hijack This folder.

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.

SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web.

And unlike other programs, SpywareBlaster does not have to remain running in the background.

Link to SpywareBlaster: http://www.javacools...areblaster.html

It's very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.
  • 0

#15
Helenwatermelon

Helenwatermelon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks a bunch, all of the previous problems are fixed and computer is running pretty good - considering what we are using.

However, the site that started all of this Rosnet 2000 - which I must have for my job - now will not come up - I get a message that says my Active X controls are not set for this page and therefore it may not display properly. That's correct, it doesn't display at all.

I am hoping with all the new programs - Spybot, Spyblaster - one of the "anti spy" links or whatever it is called is stopping the page from loading.

My question is how do I know which ones??? I have to uncheck them.

Also, Windows no longer shuts down. I turn off the computer, and it sticks on the screen Windows is shutting down.


Helen
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP