Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows 95/98 > sexpatriot /royalsearch

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

sexpatriot /royalsearch

Reply to Message Icon

Name: Sebastian
Date: November 25, 2003 at 11:57:32 Pacific
OS: 98
CPU/Ram: 475/64
Comment:

I guess this has been going around lately. My homepage keeps being reset to sexpatriot. This is the log I got from HiJack this.....any help would be greatly appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 14:37:54, on 2003-11-25
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
C:\PROGRAM\VANLIGA FILER\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM\VANLIGA FILER\SYMANTEC SHARED\CCSETMGR.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\IRMON.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM\VANLIGA FILER\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\MSHTA.exe
C:\PROGRAM\VANLIGA FILER\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.exe
C:\PROGRAM FILES\FUJITSU\PMSET98\PMSET98.exe
C:\PROGRAM FILES\LAPLINK PROFESSIONAL\TSISCHED.exe
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.exe
C:\PROGRAM FILES\FUJITSU\APPLICATION PANEL\AUVCORE.exe
C:\PROGRAM FILES\COMMON FILES\FUJITSU SHARED\BTNHND.exe
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.royalsearch.net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stockholmsborsen.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.royalsearch.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.royalsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sexpatriot.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.royalsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.royalsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.royalsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchxp.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\WINSHOW.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.exe
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.exe /SHOWWARNING
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.exe -l
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Common Files\Fujitsu Shared\BtnHnd.exe
O4 - HKLM\..\Run: [ISDNMonitor] C:\Program Files\TELES\ISDN Drivers\tisdnmon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.exe
O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program\Vanliga filer\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Vanliga filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program\Vanliga filer\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program\Vanliga filer\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program\Vanliga filer\Symantec Shared\ccSetMgr.exe"
O4 - Startup: PMSet98.lnk = C:\Program Files\Fujitsu\PMSet98\PMSet98.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\LapLink Professional\tsisched.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.exe
O4 - Startup: LifeBook Application Panel.lnk = C:\Program Files\Fujitsu\Application Panel\AUVCore.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - User Startup: PMSet98.lnk = C:\Program Files\Fujitsu\PMSet98\PMSet98.exe
O4 - User Startup: Scheduler.lnk = C:\Program Files\LapLink Professional\tsisched.exe
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.exe
O4 - User Startup: LifeBook Application Panel.lnk = C:\Program Files\Fujitsu\Application Panel\AUVCore.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37868.0270949074
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/076c13f558e6e0bb2605/netzip/RdxIE601.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab



Sponsored Link
Ads by Google

Response Number 1
Name: Abnormal
Date: November 25, 2003 at 19:41:56 Pacific
Reply:

Sebastian,
run cwshredder, any one that works for you.

cwshreddder.zip

cwshredder.exe

Reboot and post another hijackthis log.
Good luck

Abnormal



0

Response Number 2
Name: FZWG
Date: November 25, 2003 at 19:45:37 Pacific
Reply:

Would recommend that you do the following:

Download and run Spybot Search and Destroy:
http://tomcoyote.org/SPYBOT/index1.php

Download and run AdAware:
http://www.lavasoftusa.com/support/download/

Next, use CWShredder:
http://www.spychecker.com/program/cwshredder.html

Run HijackThis! again, and re-post the log.


0

Response Number 3
Name: Sebastian
Date: November 26, 2003 at 04:35:17 Pacific
Reply:

I ran cwshreddar and it seems to have solved the problem. I no longer get that file coming up. No I have to deal with uninstalling a trialware on symantec that I have. what a f---ing pain.


Logfile of HijackThis v1.97.7
Scan saved at 07:31:54, on 2003-11-26
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
C:\PROGRAM\VANLIGA FILER\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM\VANLIGA FILER\SYMANTEC SHARED\CCSETMGR.exe
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\IRMON.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM\VANLIGA FILER\REAL\UPDATE_OB\REALSCHED.exe
C:\PROGRAM\VANLIGA FILER\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.exe
C:\PROGRAM\VANLIGA FILER\SYMANTEC SHARED\CCAPP.exe
C:\PROGRAM FILES\FUJITSU\PMSET98\PMSET98.exe
C:\PROGRAM FILES\LAPLINK PROFESSIONAL\TSISCHED.exe
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.exe
C:\PROGRAM FILES\FUJITSU\APPLICATION PANEL\AUVCORE.exe
C:\PROGRAM FILES\COMMON FILES\FUJITSU SHARED\BTNHND.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stockholmsborsen.se/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.exe
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.exe /SHOWWARNING
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.exe -l
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Common Files\Fujitsu Shared\BtnHnd.exe
O4 - HKLM\..\Run: [ISDNMonitor] C:\Program Files\TELES\ISDN Drivers\tisdnmon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program\Vanliga filer\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Vanliga filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program\Vanliga filer\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program\Vanliga filer\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program\Vanliga filer\Symantec Shared\ccSetMgr.exe"
O4 - Startup: PMSet98.lnk = C:\Program Files\Fujitsu\PMSet98\PMSet98.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\LapLink Professional\tsisched.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.exe
O4 - Startup: LifeBook Application Panel.lnk = C:\Program Files\Fujitsu\Application Panel\AUVCore.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - User Startup: PMSet98.lnk = C:\Program Files\Fujitsu\PMSet98\PMSet98.exe
O4 - User Startup: Scheduler.lnk = C:\Program Files\LapLink Professional\tsisched.exe
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.exe
O4 - User Startup: LifeBook Application Panel.lnk = C:\Program Files\Fujitsu\Application Panel\AUVCore.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37868.0270949074
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/076c13f558e6e0bb2605/netzip/RdxIE601.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll



0

Response Number 4
Name: Abnormal
Date: November 26, 2003 at 11:35:37 Pacific
Reply:

Here are the Norton entries to remove.

O4 - HKLM\..\Run: [Symantec Core LC] C:\Program\Vanliga filer\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [ccApp] "C:\Program\Vanliga filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program\Vanliga filer\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program\Vanliga filer\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program\Vanliga filer\Symantec Shared\ccSetMgr.exe"

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

You don't need this!
O4 - HKLM\..\Run: [LoadQM] loadqm.exe

LoadQM.exe
This task loads the MSN Queue Manager and is installed when you install MSN Explorer or MSN Messenger. LOADQM gobbles up system resources and appears on most end-users’ Task Lists who come to us complaining of low System & User Resources or very slow, "crawling", PCs. In January 2003 this is still one of the worst behaved Microsoft programs !

Recommendation :
Disable immediately, or Delete using Starter. Next, reboot your PC and find LOADQM in the C:\WINDOWS folder. Rename it to LOADQM.exe.OLD as if you do not it will otherwise get put back in your Task List at some stage or other (on some PCs you may need to boot into Safe Mode before you are able to rename LOADQM). Note : LOADQM gets re-installed every time you install a new version of Microsoft’s MSN Messenger.

http://www.answersthatwork.com/Tasklist_pages/tasklist_l.htm



0

Response Number 5
Name: Abnormal
Date: November 26, 2003 at 19:05:11 Pacific
Reply:

A tool from Symantec to help with removal.

How to uninstall Norton Anti-Virus by using the Rnav2003.exe removal utility



0

Related Posts

See More



Response Number 6
Name: KENNETH MCGUIRE
Date: December 12, 2003 at 12:30:02 Pacific
Reply:

I've done the spybot and adaware and i am posting my programs can some one help me by telling me which files I need to fix Thank you. Logfile of HijackThis v1.97.7
Scan saved at 9:58:35 AM, on 12/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\msrexe.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\winlogon.exe
C:\Documents and Settings\KENETH MCGUIRE\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hand-book.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.royalsearch.net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sexpatriot.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.royalsearch.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.royalsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sexpatriot.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.royalsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.royalsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.winbook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hand-book.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.royalsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.hand-book.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.hand-book.com/search/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 66.98.142.163 auto.search.msn.com
O1 - Hosts: 66.98.142.163 search.msn.com
O1 - Hosts: 66.98.142.163 msn.com
O1 - Hosts: 66.98.142.163 www.msn.com
O1 - Hosts: 66.98.142.163 yahoo.com
O1 - Hosts: 66.98.142.163 www.yahoo.com
O1 - Hosts: 66.98.142.163 google.com
O1 - Hosts: 66.98.142.163 www.google.com
O1 - Hosts: 66.98.142.163 thenun.com
O1 - Hosts: 66.98.142.163 www.thehun.com
O1 - Hosts: 66.98.142.163 thehun.net
O1 - Hosts: 66.98.142.163 www.thehun.net
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem216.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\Fonts\msoffice.hta
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://ehttp.cc/?
O13 - WWW Prefix: http://ehttp.cc/?
O13 - WWW. Prefix: http://ehttp.cc/?
O14 - IERESET.INF: START_PAGE_URL=http://www.winbook.com
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A820785B-5626-40A5-98DC-36A091B2D691}: NameServer = 216.81.128.200 216.81.128.201
O19 - User stylesheet: C:\WINDOWS\my.css
O19 - User stylesheet: C:\WINDOWS\my.css (HKLM)

ch programs to fix.


0

Sponsored Link
Ads by Google
Reply to Message Icon

Win 95 wont boot from cd E-mail attachment grayed ...



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows 95/98 Forum Home


Sponsored links
Ads by Google


Results for: sexpatriot /royalsearch
royalsearch.net problems www.computing.net/answers/windows-95/royalsearchnet-problems/151599.html

royalsearch trojan www.computing.net/answers/windows-95/royalsearch-trojan/151958.html