my add/remove shows: "shoppingwizard", "offeroptimizer", "casprog"
booted in safemode ran adaware & spybot.
Ad-aware shows coolwebsearch (3 objects) and mru list (6 objects)
Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 7:53:49 PM, on 6/6/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SOL.EXE
C:\UTILITY\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://myhome.sunyocc.edu/~lewism/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sunyocc.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.sunyocc.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sunyocc.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.sunyocc.edu/~lewism
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage",
"
http://www.sunyocc.edu/~lewism"); (C:\Netscape\Users\marty\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {6BFD224C-67B6-C2E3-74F7-A2ED6711C74F} -
C:\WINDOWS\SYSTEM\CRRQ32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\ZoneLabs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WINWA32.EXE] C:\WINDOWS\SYSTEM\WINWA32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
-service
O4 - HKLM\..\RunServices: [CRDE.EXE] C:\WINDOWS\SYSTEM\CRDE.EXE /s
O4 - HKLM\..\RunServices: [IEZE.EXE] C:\WINDOWS\SYSTEM\IEZE.EXE /s
O4 - HKLM\..\RunServices: [WINPO.EXE] C:\WINDOWS\WINPO.EXE /s
O4 - HKLM\..\RunServices: [IPRE.EXE] C:\WINDOWS\SYSTEM\IPRE.EXE /s
O4 - HKLM\..\RunServices: [MSQP32.EXE] C:\WINDOWS\MSQP32.EXE /s
O4 - HKLM\..\RunServices: [MSGG.EXE] C:\WINDOWS\MSGG.EXE /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Creative Detector]
C:\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Kodak\Kodak EasyShare
software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) -
http://-Web.Washer-/ie_add
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM
FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: PRDIE - {1609CE00-5651-11D7-B870-0050DA5EE774} - C:\PRIVACY
DEFENDER\PRD.EXE
O9 - Extra button: AbsoluteShield Internet Eraser -
{4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} - C:\winapps\Internet Eraser\cseraser.exe
(HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX
Control) -
http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control)
-
http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control)
-
http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
http://www.trojanscan.com/trojanscan/TDECntrl.CAB
next step will be to go to one of the foums.
Jan said:
Hi Martin
Most likely you have scumware on your system causing the problem. Follow
the information here to clean your system:
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
If this does not resolve the problem post back here and we'll take further
steps.
Hope this helps
Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
--
Martin Lewis
Media Development Specialist
Onondaga Community College
Syracuse, NY
www.sunyocc.edu/~lewism
(e-mail address removed)
(e-mail address removed)