in dire need of some assistance

EvilMe5 · Nov 24, 2004

just today i clicked in a porn website, you know how it is, and now my computer is freaking out. well, random pop ups come up and my home page is about:blank. i have allof these pop up stoppers AND hijacker programs. this problem will NOT go away. pleeasse help!

Praetor · Nov 24, 2004

i have allof these pop up stoppers AND hijacker programs

Well what happens when you run them?

Lorand · Nov 24, 2004

Post a HijackThis log to see what's wrong with your system.

EvilMe5 · Nov 24, 2004

Logfile of HijackThis v1.97.7
Scan saved at 2:24:03 PM, on 11/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\APPMS32.EXE
C:\WINDOWS\SYSTEM\SYSDB32.EXE
C:\WINDOWS\NETQW.EXE
C:\WINDOWS\SYSTEM\ATLZD.EXE
C:\WINDOWS\SYSTEM\MFCWX.EXE
C:\WINDOWS\CRAU.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\MFCWX.EXE
C:\WINDOWS\SYSTEM\WINAD32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\MFCWX.EXE
C:\WINDOWS\APIKW32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WINAD32.EXE
C:\WINDOWS\IEDL.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nogxe.dll/sp.html#28129
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {3AF33C37-48A6-C94F-A43F-172B31546D29} - C:\WINDOWS\SYSTEM\NETFD.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\RunServices: [ATLZD.EXE] C:\WINDOWS\SYSTEM\ATLZD.EXE
O4 - HKLM\..\RunServices: [CRAU.EXE] C:\WINDOWS\CRAU.EXE
O4 - HKLM\..\RunServices: [MFCWX.EXE] C:\WINDOWS\SYSTEM\MFCWX.EXE
O4 - HKLM\..\RunServices: [NETQW.EXE] C:\WINDOWS\NETQW.EXE
O4 - HKLM\..\RunServices: [SYSDB32.EXE] C:\WINDOWS\SYSTEM\SYSDB32.EXE
O4 - HKLM\..\RunServices: [APPMS32.EXE] C:\WINDOWS\SYSTEM\APPMS32.EXE
O4 - HKLM\..\RunServices: [WINAD32.EXE] C:\WINDOWS\SYSTEM\WINAD32.EXE
O4 - HKLM\..\RunServices: [APIKW32.EXE] C:\WINDOWS\APIKW32.EXE
O4 - HKLM\..\RunServices: [IEDL.EXE] C:\WINDOWS\IEDL.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

Lorand · Nov 24, 2004

Disable these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nogxe.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nogxe.dll/sp.html#28129
O2 - BHO: (no name) - {3AF33C37-48A6-C94F-A43F-172B31546D29} - C:\WINDOWS\SYSTEM\NETFD.DLL
O4 - HKLM\..\RunServices: [ATLZD.EXE] C:\WINDOWS\SYSTEM\ATLZD.EXE
O4 - HKLM\..\RunServices: [CRAU.EXE] C:\WINDOWS\CRAU.EXE
O4 - HKLM\..\RunServices: [MFCWX.EXE] C:\WINDOWS\SYSTEM\MFCWX.EXE
O4 - HKLM\..\RunServices: [NETQW.EXE] C:\WINDOWS\NETQW.EXE
O4 - HKLM\..\RunServices: [SYSDB32.EXE] C:\WINDOWS\SYSTEM\SYSDB32.EXE
O4 - HKLM\..\RunServices: [APPMS32.EXE] C:\WINDOWS\SYSTEM\APPMS32.EXE
O4 - HKLM\..\RunServices: [WINAD32.EXE] C:\WINDOWS\SYSTEM\WINAD32.EXE
O4 - HKLM\..\RunServices: [APIKW32.EXE] C:\WINDOWS\APIKW32.EXE
O4 - HKLM\..\RunServices: [IEDL.EXE] C:\WINDOWS\IEDL.EXE

Also run a virus check: http://housecall.trendmicro.com/housecall/start_corp.asp
After that post a new log.

EvilMe5 · Nov 24, 2004

whenever i try to go to the site it says im performing an illegal operation and closes it. i even tried restaring. i checked off all the things you had said and this is how it came out again with i scanned again:

Logfile of HijackThis v1.97.7
Scan saved at 2:50:55 PM, on 11/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\APIKW32.EXE
C:\WINDOWS\SYSTEM\IEYV32.EXE
C:\WINDOWS\NTZE.EXE
C:\WINDOWS\SYSTEM\SYSSC32.EXE
C:\WINDOWS\IEDL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {3AF33C37-48A6-C94F-A43F-172B31546D29} - C:\WINDOWS\SYSTEM\NETFD.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\RunServices: [APIKW32.EXE] C:\WINDOWS\APIKW32.EXE
O4 - HKLM\..\RunServices: [IEDL.EXE] C:\WINDOWS\IEDL.EXE
O4 - HKLM\..\RunServices: [SYSSC32.EXE] C:\WINDOWS\SYSTEM\SYSSC32.EXE
O4 - HKLM\..\RunServices: [IEYV32.EXE] C:\WINDOWS\SYSTEM\IEYV32.EXE
O4 - HKLM\..\RunServices: [NTZE.EXE] C:\WINDOWS\NTZE.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Lorand · Nov 24, 2004

Quit all Internet Explorer window and close these tasks in task manager:

C:\WINDOWS\APIKW32.EXE
C:\WINDOWS\SYSTEM\IEYV32.EXE
C:\WINDOWS\NTZE.EXE
C:\WINDOWS\SYSTEM\SYSSC32.EXE
C:\WINDOWS\IEDL.EXE

Then disable these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\eodye.dll/sp.html#28129
O2 - BHO: (no name) - {3AF33C37-48A6-C94F-A43F-172B31546D29} - C:\WINDOWS\SYSTEM\NETFD.DLL
O4 - HKLM\..\RunServices: [APIKW32.EXE] C:\WINDOWS\APIKW32.EXE
O4 - HKLM\..\RunServices: [IEDL.EXE] C:\WINDOWS\IEDL.EXE
O4 - HKLM\..\RunServices: [SYSSC32.EXE] C:\WINDOWS\SYSTEM\SYSSC32.EXE
O4 - HKLM\..\RunServices: [IEYV32.EXE] C:\WINDOWS\SYSTEM\IEYV32.EXE
O4 - HKLM\..\RunServices: [NTZE.EXE] C:\WINDOWS\NTZE.EXE

EvilMe5 · Nov 24, 2004

not to sound like a complete idiot but what exactly is task manager?

Lorand · Nov 24, 2004

Hit <Ctrl> + <Alt> + <Del> and it will show up.

EvilMe5 · Nov 24, 2004

those programs are not running

Lorand · Nov 24, 2004

Try this program: http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
If they show up in the list, right-click on them, then kill process.

EvilMe5 · Nov 24, 2004

alright it's scanning now

EvilMe5 · Nov 24, 2004

there was no viruses

Lorand · Nov 24, 2004

And how the log looks like?

EvilMe5 · Nov 24, 2004

Logfile of HijackThis v1.97.7
Scan saved at 3:35:36 PM, on 11/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Lorand · Nov 24, 2004

It looks clean to me...

Does your computer behave ok now?

EvilMe5 · Nov 24, 2004

i shall have to see. should i restart to recheck if everything is fine?

Lorand · Nov 24, 2004

Restart and post another log. Hope it will be clean...

EvilMe5 · Nov 24, 2004

Logfile of HijackThis v1.97.7
Scan saved at 4:19:27 PM, on 11/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Lorand · Nov 24, 2004

Yep, it's clean now...

in dire need of some assistance

New Member

Administrator

<b>VIP Member</b>

New Member

<b>VIP Member</b>

New Member

<b>VIP Member</b>

New Member

<b>VIP Member</b>

New Member

<b>VIP Member</b>

New Member

New Member

<b>VIP Member</b>

New Member

<b>VIP Member</b>

New Member

<b>VIP Member</b>

New Member

<b>VIP Member</b>