Tech Support Forum - View Single Post - IE browser hijacked

Countryboy · 12-15-2007, 08:41 AM

Hi Ried, thanks for your help. Herewith the files that you asked for:

7-Zip 4.32
AceFTP 3 Freeware
Ad-aware 6 Personal
Adobe Acrobat 4.0, 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe PhotoDeluxe Home Edition 3.1
Adobe Reader 6.0.1
Adobe Type Manager
ArcSoft VideoImpression 1.6
Atomic Clock Sync
BCWipe 2.0
BT Openworld
BTO Connect PAYG Dialler Manager 3.3
ClearSkinFX for Digital Cameras
Cryptainer LE
DAEMON Tools
Delete Windows 98 Second Edition uninstall information
Digital Camera Enhancer 1.3
DP Editor Ver.1.0
Evidence Eliminator
Exif Launcher Ver.1.1
exPressIT 5
FilterSIM for Digital Cameras
FinePixViewer Ver.1.1
HijackThis 1.99.1
Hitware Popup Killer Lite 3.0.1.12
HSP56 MR Drivers
IBM Infoprint Color 8 Software
IDcide Privacy Companion
InCD (ahead software)
IrfanView (remove only)
Kai's Power SHOW
Kaspersky Online Scanner
KeyMaestro Multimedia Driver V1.02.00
Lexmark X73
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Dreamweaver 4
Macromedia Flash Player 8
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft DirectX Transform optional components
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office 97, Professional Edition
Microsoft Outlook Express 6
Microsoft Publisher 2000 SR-1
Microsoft VGX Q833989
Microsoft Windows Critical Update Notification
Mozilla Firefox (1.5.0.5)
Mozilla Thunderbird (0.8)
MSN Messenger 7.0
Nero - Burning Rom
Neuratron PhotoScore Lite Sibelius Plugin 1.61
NVIDIA Windows 95/98/ME Display Drivers
Outlook Express Q837009
Panda ActiveScan
PC Registry Cleaner 1.0
PCI Audio Applications
Polaroid Digital Cam
PowerDVD
QuickTime
Serif PhotoPlus 6.0
Sibelius v1.105
SiS 900 PCI Fast Ethernet Adapter Driver
Spybot - Search & Destroy 1.3
Sygate Personal Firewall
Symantec AntiVirus
The Proxomitron Ver. Naoko-4.1
Tweak UI
Uninstall Windows 98 Second Edition
Westell DSL Modem
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q888113 Update
Windows 98 Q890175 Update
Windows Media Player system update (9 Series)
WinZip

Logfile of HijackThis v1.99.1
Scan saved at 3:36:20 PM, on 15-12-07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080
O2 - BHO: Hitware Popup Killer Lite - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\SYPCMS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...bscan_ansi.cab

Cheers,

CB

12-15-2007, 08:41 AM	#3 (permalink)
Countryboy Registered User Join Date: Aug 2006 Posts: 31 OS: Win98SE	Re: IE browser hijacked - home page problem Hi Ried, thanks for your help. Herewith the files that you asked for: 7-Zip 4.32 AceFTP 3 Freeware Ad-aware 6 Personal Adobe Acrobat 4.0, 5.0 Adobe Download Manager 1.2 (Remove Only) Adobe PhotoDeluxe Home Edition 3.1 Adobe Reader 6.0.1 Adobe Type Manager ArcSoft VideoImpression 1.6 Atomic Clock Sync BCWipe 2.0 BT Openworld BTO Connect PAYG Dialler Manager 3.3 ClearSkinFX for Digital Cameras Cryptainer LE DAEMON Tools Delete Windows 98 Second Edition uninstall information Digital Camera Enhancer 1.3 DP Editor Ver.1.0 Evidence Eliminator Exif Launcher Ver.1.1 exPressIT 5 FilterSIM for Digital Cameras FinePixViewer Ver.1.1 HijackThis 1.99.1 Hitware Popup Killer Lite 3.0.1.12 HSP56 MR Drivers IBM Infoprint Color 8 Software IDcide Privacy Companion InCD (ahead software) IrfanView (remove only) Kai's Power SHOW Kaspersky Online Scanner KeyMaestro Multimedia Driver V1.02.00 Lexmark X73 LiveUpdate 2.0 (Symantec Corporation) Macromedia Dreamweaver 4 Macromedia Flash Player 8 MGI PhotoSuite 8.1 (Remove Only) Microsoft .NET Framework 1.1 Microsoft Data Access Components KB870669 Microsoft DirectX Transform optional components Microsoft Internet Explorer 6 SP1 and Internet Tools Microsoft Office 97, Professional Edition Microsoft Outlook Express 6 Microsoft Publisher 2000 SR-1 Microsoft VGX Q833989 Microsoft Windows Critical Update Notification Mozilla Firefox (1.5.0.5) Mozilla Thunderbird (0.8) MSN Messenger 7.0 Nero - Burning Rom Neuratron PhotoScore Lite Sibelius Plugin 1.61 NVIDIA Windows 95/98/ME Display Drivers Outlook Express Q837009 Panda ActiveScan PC Registry Cleaner 1.0 PCI Audio Applications Polaroid Digital Cam PowerDVD QuickTime Serif PhotoPlus 6.0 Sibelius v1.105 SiS 900 PCI Fast Ethernet Adapter Driver Spybot - Search & Destroy 1.3 Sygate Personal Firewall Symantec AntiVirus The Proxomitron Ver. Naoko-4.1 Tweak UI Uninstall Windows 98 Second Edition Westell DSL Modem Windows 98 KB891711 Update Windows 98 KB896358 Update Windows 98 Q823559 Update Windows 98 Q840315 Update Windows 98 Q888113 Update Windows 98 Q890175 Update Windows Media Player system update (9 Series) WinZip Logfile of HijackThis v1.99.1 Scan saved at 3:36:20 PM, on 15-12-07 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\LOADQM.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE C:\WINDOWS\SYSTEM\GSICON.EXE C:\WINDOWS\SYSTEM\DSLAGENT.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\HJT\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080 O2 - BHO: Hitware Popup Killer Lite - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\SYPCMS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...bscan_ansi.cab Cheers, CB