Hijacked Homepage / Wupdater junk

Computing.Net > Forums > Windows 95/98 > Hijacked Homepage / Wupdater junk

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hijacked Homepage / Wupdater junk

Name: razzmatazz
Date: December 12, 2003 at 10:07:41 Pacific
OS: WIN98
CPU/Ram: 400Mhz(AMD)/320Mb

Comment:

I guess I can be added to the long list of PC users that have been invaded by the hacker tribe. I ran the spybots program and asked for a cleansing of the junk it uncovered. I am attaching the post-spybot HJT log file, can someone please help me get control of my PC?
P.S. DOS was so much easier to dealt with...
####
Logfile of HijackThis v1.97.7
Scan saved at 12:57:36 PM, on 12/12/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\MPRMMON.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.exe
C:\WINDOWS\SYSTEM\M2AUDMON.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\STARTER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\TASKMON.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\POINT32.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.exe
C:\PROGRAM FILES\VERIZONONLINEDSL\WINPOET\WINPPPOVERETHERNET.exe
C:\WINDOWS\SYSTEM\LVCOMS.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\TVTMD.exe
C:\WINDOWS\SYSTEM\MSWHEEL.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.exe
C:\PROGRAM FILES\ISTSVC\ISTSVC.exe
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\UPTODATE.exe
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.exe
C:\WINDOWS\SYSTEM\M2AUDMCON.exe
C:\PROGRAM FILES\SCANSUITE\SDETECT.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDLOG.exe
C:\TOOLS_95\IOWATCH.exe
C:\TOOLS_95\IMGICON.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.exe
C:\WINDOWS\BACKUP\SCHED95.exe
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDDB.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\AOL COMPANION\COMPANION.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\SHELLMON.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\TEMP\HIJACKTHIS\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tjem.com/passthrough/index.html?http://about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50039
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {86b98700-29fd-11d8-a723-0040f452c310} - C:\WINDOWS\APPLICATION DATA\MVFRTHGLTRR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\PROGRAM FILES\ZIPCLIX\ZIPCLIX.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
O3 - Toolbar: osseeobrout - {86b98701-29fd-11d8-a723-0040f452c310} - C:\WINDOWS\APPLICATION DATA\MVFRTHGLTRR.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1\SSAVER\USSSHREG.exe /r
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~3\point32.exe
O4 - HKLM\..\Run: [mmpti] c:\windows\SYSTEM\m1mmpti.exe
O4 - HKLM\..\Run: [HPID Scheduler] "C:\Program Files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe"
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonOnlineDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe
O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain
O4 - HKLM\..\Run: [m2audmcon.exe] C:\WINDOWS\SYSTEM\m2audmcon.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TVWatch] c:\windows\SYSTEM\TVWatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rmmon] c:\windows\SYSTEM\mprmmon.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\SYSTEM\reminder.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\Run: [m2audmcon.exe] C:\WINDOWS\SYSTEM\m2audmcon.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.exe
O4 - Startup: Scanner Detector.lnk = C:\Program Files\ScanSuite\SDetect.exe
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.exe
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.exe
O4 - Startup: Scheduler.lnk = C:\WINDOWS\BACKUP\SCHED95.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\Companion.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.exe
O4 - User Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.exe
O4 - User Startup: Scanner Detector.lnk = C:\Program Files\ScanSuite\SDetect.exe
O4 - User Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.exe
O4 - User Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.exe
O4 - User Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - User Startup: Event Reminder.lnk = C:\pmw\PMREMIND.exe
O4 - User Startup: Scheduler.lnk = C:\WINDOWS\BACKUP\SCHED95.exe
O4 - User Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\Companion.exe
O4 - User Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37869.4385532407
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50037/QDow.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Sponsored Link

Ads by Google

Response Number 1

Name: cpm
Date: December 12, 2003 at 13:15:17 Pacific

Reply:

go here http://www.spywareinfo.com/~merijn/
and download coolwebshredder
unzip it and open the cws.exe file then sign off/close all browser windows and then click next and then re-post another hjt log after scanning with cws and spybot off line

citrix junk hijack.homepage removal hijacked homepage	HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Pan microsoft hijack homepage how to change a hijacked homepage on internet explorer
See More

1.44MB Floppy Drive reads...

Partition for my harddisk

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 95/98 Forum Home

Sponsored links

Ads by Google

Results for: Hijacked Homepage / Wupdater junk

hijacked homepage

Summary

www.computing.net/answers/windows-95/hijacked-homepage/150309.html

Help, hijacked homepage

Summary

www.computing.net/answers/windows-95/help-hijacked-homepage/126389.html

cool-search.net homepage hijack

Summary

www.computing.net/answers/windows-95/coolsearchnet-homepage-hijack/152111.html

From the Geek Dictionary
nerd - Stefan Fong

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Video Playing

Paste work-around

CPU Speeds

rolling screen

how can i run geexbox mplayer in debug mode ?

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

TV Market to Launch Cross-Platform App Store

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE