hijack this log report
More options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
Show message list >
Proportional text Fixed font
[Click the star to watch this topic]
[Click the envelope to receive email updates]
flag
6 messages - Collapse all
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
GET OFF
View profile
More options Mar 9 2004, 9:18 pm
Newsgroups: 24hoursupport.helpdesk
From: "GET OFF"
Date: Wed, 10 Mar 2004 02:18:17 GMT
Local: Tues, Mar 9 2004 9:18 pm
Subject: hijack this log report
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
I need some help with my log report. Something is screwing me up again and
I don't know what it is.
Thanks
Logfile of HijackThis v1.97.7
Scan saved at 6:13:00 PM, on 3/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\msbb.exe
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VBouncer\VirtualBouncer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http:...
ahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http:...
ahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://rd.companion.yahoo.com/slv/ycheck/hp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http:...
hoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http:...
ahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http:...
ahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http:...
hoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http:...
ahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http:...
ahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: IncrediFindBHO Class -
{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program
Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} -
C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program
Files\Lycos\Sidesearch\sidesearch1211.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
C:\WINDOWS\System32\bolae9.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program
Files\Kontiki\bin\bh212112.dll
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program
Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\windows\downloaded program files\googletoolbar_en_2.0.108-deleon.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} -
C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\windows\downloaded program files\googletoolbar_en_2.0.108-deleon.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WT GameChannel] C:\Program
Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\
realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points
manager\points manager.exe -s
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common
files\updater\wupdater.exe
O4 - HKLM\..\Run: [BHOUBIOV] C:\WINDOWS\BHOUBIOV.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Acme.PCHButton]
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink
TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program
Files\VBouncer\VirtualBouncer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program
Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG
CreataCard\AGRemind.exe
O4 - Global Startup: Image Transfer.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded
program files\GoogleToolbar_en_2.0.108-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded
program files\GoogleToolbar_en_2.0.108-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\windows\downloaded program
files\GoogleToolbar_en_2.0.108-deleon.dll/cmcache.html
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program
Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: MyPoints - file://C:\Program
Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded
program files\GoogleToolbar_en_2.0.108-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\windows\downloaded program
files\GoogleToolbar_en_2.0.108-deleon.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Point Alert (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=ht...
w.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.07.02&http://www.scion.
com/config/xb/xb_include.htm
O16 - DPF: ...
read more »
Reply Reply to author Forward Rate this post: Text for clearing space
pcbutts1
View profile
More options Mar 9 2004, 10:15 pm
Newsgroups: 24hoursupport.helpdesk
From: "pcbutts1"
Date: Wed, 10 Mar 2004 03:15:01 GMT
Local: Tues, Mar 9 2004 10:15 pm
Subject: Re: hijack this log report
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
Remove Virtual Bouncer to start.
--
The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com
"GET OFF" wrote in message
news:JVu3c.12282$%06.6264@newsread2.news.pas.earthlink.net...
- Hide quoted text -
- Show quoted text -
> I need some help with my log report. Something is screwing me up again
and
> I don't know what it is.
> Thanks
> Logfile of HijackThis v1.97.7
> Scan saved at 6:13:00 PM, on 3/9/2004
> Platform: Windows XP (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 (6.00.2600.0000)
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\windows\system\hpsysdrv.exe
> C:\HP\KBD\KBD.EXE
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
> C:\WINDOWS\System32\msbb.exe
> C:\Program Files\ClearSearch\Loader.exe
> C:\Program Files\AWS\WeatherBug\Weather.exe
> C:\Program Files\Yahoo!\Messenger\ypager.exe
> C:\WINDOWS\system32\crypserv.exe
> C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\VBouncer\VirtualBouncer.exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http:...
> ahoo.com/ext/search/search.html
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http:...
> ahoo.com
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://rd.companion.yahoo.com/slv/ycheck/hp/*http://www.yahoo.com
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://start.earthlink.net/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> http://www.earthlink.net/partner/more/msie/button/search.html
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http:...
> hoo.com
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http:...
> ahoo.com/ext/search/search.html
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http:...
> ahoo.com
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http:...
> hoo.com
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http:...
> ahoo.com
> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http:...
- Hide quoted text -
- Show quoted text -
> ahoo.com
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = localhost
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
> C:\WINDOWS\SYSTEM\blank.htm
> R3 - URLSearchHook: IncrediFindBHO Class -
> {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
> C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
> F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
> O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} -
C:\Program
> Files\ClearSearch\IE_ClrSch.DLL
> O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} -
> C:\WINDOWS\bi.dll
> O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program
> Files\Lycos\Sidesearch\sidesearch1211.dll
> O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
> C:\WINDOWS\System32\bolae9.dll
> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
> Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
> O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program
> Files\Kontiki\bin\bh212112.dll
> O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
> Files\MyWay\myBar\2.bin\MYBAR.DLL
> O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program
> Files\EarthLink TotalAccess\PnEL.dll
> O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
> C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
> O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\windows\downloaded program files\googletoolbar_en_2.0.108-deleon.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program
> Files\Microsoft Money\System\mnyviewer.dll
> O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no
file)
> O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} -
> C:\Program Files\EarthLink TotalAccess\PnEL.dll
> O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
> C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\windows\downloaded program files\googletoolbar_en_2.0.108-deleon.dll
> O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
> O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
> O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
> O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
> O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
> O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
> O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [WT GameChannel] C:\Program
> Files\WildTangent\Apps\GameChannel.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\
- Hide quoted text -
- Show quoted text -
> realsched.exe" -osboot
> O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
> Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
> O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
> Networking.exe /AUTOSTART
> O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
> O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
> O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points
> manager\points manager.exe -s
> O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
> O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
> O4 - HKLM\..\Run: [updater] C:\Program Files\Common
> files\updater\wupdater.exe
> O4 - HKLM\..\Run: [BHOUBIOV] C:\WINDOWS\BHOUBIOV.exe
> O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
> O4 - HKCU\..\Run: [Acme.PCHButton]
> C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
> O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program
> Files\Microsoft Works\WkDetect.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
> Files\Yahoo!\Messenger\ypager.exe -quiet
> O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink
> TotalAccess\TaskPanl.exe" -winstart
> O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
> O4 - Startup: PowerReg SchedulerV2.exe
> O4 - Startup: Virtual Bouncer.lnk = C:\Program
> Files\VBouncer\VirtualBouncer.exe
> O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
> O4 - Global Startup: Device Detector 2.lnk = C:\Program
> Files\Olympus\DeviceDetector\DevDtct2.exe
> O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
> C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
> O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG
> CreataCard\AGRemind.exe
> O4 - Global Startup: Image Transfer.lnk = ?
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
> present
> O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded
> program files\GoogleToolbar_en_2.0.108-deleon.dll/cmsearch.html
> O8 - Extra context menu item: Backward &Links -
res://c:\windows\downloaded
- Hide quoted text -
- Show quoted text -
> program files\GoogleToolbar_en_2.0.108-deleon.dll/cmbacklinks.html
> O8 - Extra context menu item: Cac&hed Snapshot of Page -
> res://c:\windows\downloaded program
> files\GoogleToolbar_en_2.0.108-deleon.dll/cmcache.html
> O8 - Extra context menu item: Get It With Kontiki - res://C:\Program
> Files\Kontiki\bin\bh212112.dll/201
> O8 - Extra context menu item: MyPoints - file://C:\Program
> Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
> O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded
> program files\GoogleToolbar_en_2.0.108-deleon.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English -
> res://c:\windows\downloaded program
> files\GoogleToolbar_en_2.0.108-deleon.dll/cmtrans.html
> O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
> Files\Yahoo!\Common/ycsrch.htm
> O9 - Extra button: Sidesearch (HKLM)
> O9 - Extra button: Messenger (HKLM)
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
> O9 - Extra button: Related (HKLM)
> O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
> O9 - Extra button: MoneySide (HKLM)
> O9 - Extra button: Messenger
...
read more »
Reply Reply to author Forward Rate this post: Text for clearing space
°Mike°
View profile
More options Mar 10 2004, 1:36 pm
Newsgroups: 24hoursupport.helpdesk
From: °Mike°
Date: Wed, 10 Mar 2004 18:36:03 +0000
Local: Wed, Mar 10 2004 1:36 pm
Subject: Re: hijack this log report
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
On Wed, 10 Mar 2004 02:18:17 GMT, in
GET OFF scrawled:
>I need some help with my log report. Something is screwing me up again and
>I don't know what it is.
>Thanks
>Logfile of HijackThis v1.97.7
>Scan saved at 6:13:00 PM, on 3/9/2004
>Platform: Windows XP (WinNT 5.01.2600)
>MSIE: Internet Explorer v6.00 (6.00.2600.0000)
>Running processes:
>C:\WINDOWS\System32\msbb.exe
Web3000 spyware. Terminate this process.
http://www.liutilities.com/products/wintaskspro/processlibrary/msbb/
>C:\Program Files\ClearSearch\Loader.exe
AdWare. Terminate this process.
http://sarc.com/avcenter/venc/data/adware.clearsearch.html
>C:\Program Files\AWS\WeatherBug\Weather.exe
Spyware. Terminate this process.
>C:\Program Files\VBouncer\VirtualBouncer.exe
Worm.Win32.Ircobus. Terminate this process.
http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp
- Hide quoted text -
- Show quoted text -
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
>http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http:...
>ahoo.com/ext/search/search.html
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
>http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http:...
>ahoo.com
>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>http://rd.companion.yahoo.com/slv/ycheck/hp/*http://www.yahoo.com
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
>http://start.earthlink.net/
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
>http://www.earthlink.net/partner/more/msie/button/search.html
>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
>http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http:...
>hoo.com
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
>http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http:...
>ahoo.com/ext/search/search.html
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
>http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http:...
>ahoo.com
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
>http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http:...
>hoo.com
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
>http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http:...
>ahoo.com
>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
>http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http:...
>ahoo.com
Have HijackThis fix ALL of the above 'R0' and 'R1' entries.
>R3 - URLSearchHook: IncrediFindBHO Class -
>{5D60FF48-95BE-4956-B4C6-6BB168A70310}
>C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
Have HijackThis fix the above.
>F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
Have HijackThis fix the above.
>O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program
>Files\ClearSearch\IE_ClrSch.DLL
Have HijackThis fix the above.
>O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} -
>C:\WINDOWS\bi.dll
Have HijackThis fix the above.
>O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program
>Files\Lycos\Sidesearch\sidesearch1211.dll
AdWare. Have HijackThis fix the above.
>O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
>C:\WINDOWS\System32\bolae9.dll
Have HijackThis fix the above.
>O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
>Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
Have HijackThis fix the above.
>O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program
>Files\Kontiki\bin\bh212112.dll
Have HijackThis fix the above.
>O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
>Files\MyWay\myBar\2.bin\MYBAR.DLL
Have HijackThis fix the above.
>O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
>C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
Have HijackThis fix the above.
>O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
Have HijackThis fix the above.
>O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
>C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
Have HijackThis fix the above.
>O4 - HKLM\..\Run: [WT GameChannel] C:\Program
>Files\WildTangent\Apps\GameChannel.exe
AdWare. Have HijackThis fix the above.
>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\
>realsched.exe" -osboot
You really should disable Real Player from starting. Better
still, uninstall it and use Real Alternative.
http://home.hccnet.nl/h.edskes/finalbuilds.htm
>O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
Uninstall. Get Kazaa Lite.
>O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points
>manager\points manager.exe -s
Boy, you sure have some crap on your system.
>O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
Have HijackThis fix the above.
>O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
Have HijackThis fix the above.
>O4 - HKLM\..\Run: [updater] C:\Program Files\Common
>files\updater\wupdater.exe
Have HijackThis fix the above.
>O4 - HKLM\..\Run: [BHOUBIOV] C:\WINDOWS\BHOUBIOV.exe
Have HijackThis fix the above.
>O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
Have HijackThis fix the above.
>O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
Have HijackThis fix the above.
>O4 - Startup: PowerReg SchedulerV2.exe
Have HijackThis fix the above.
>O4 - Startup: Virtual Bouncer.lnk = C:\Program
>Files\VBouncer\VirtualBouncer.exe
Have HijackThis fix the above.
>O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
Have HijackThis fix the above.
>O4 - Global Startup: Device Detector 2.lnk = C:\Program
>Files\Olympus\DeviceDetector\DevDtct2.exe
Legitimate Olympus DSS Player tray application, but can cause
the system to freeze. Have HijackThis fix it.
>O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG
>CreataCard\AGRemind.exe
Have HijackThis fix the above.
>O4 - Global Startup: Image Transfer.lnk = ?
Have HijackThis fix the above.
>O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
>present
Have HijackThis fix the above.
>O8 - Extra context menu item: Get It With Kontiki - res://C:\Program
>Files\Kontiki\bin\bh212112.dll/201
Have HijackThis fix the above.
>O8 - Extra context menu item: MyPoints - file://C:\Program
>Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
Have HijackThis fix the above.
>O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded
>program files\GoogleToolbar_en_2.0.108-deleon.dll/cmsimilar.html
Have HijackThis fix the above.
>O9 - Extra button: Sidesearch (HKLM)
Have HijackThis fix the above.
>O9 - Extra button: Related (HKLM)
Have HijackThis fix the above.
>O9 - Extra button: Point Alert (HKCU)
Have HijackThis fix the above.
>O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
>https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=ht...
>w.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.07.02&http://www.scion.
>com/config/xb/xb_include.htm
Have HijackThis fix the above.
>O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Have HijackThis fix the above.
>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
>http://207.188.7.150/2511e862d0d63b3abe03/netzip/RdxIE2.cab
Have HijackThis fix the above.
>O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
>http://www.webshots.com/samplers/WSDownloader.ocx
Have HijackThis fix the above.
>O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
>http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie...
Have HijackThis fix the above.
>O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) -
>http://expressit.broderbund.com/plugin/Download.cab
Have HijackThis fix the above.
SHEESH!!!!!!!!!!!
--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
Reply Reply to author Forward Rate this post: Text for clearing space
joevan
View profile
More options Mar 10 2004, 2:02 pm
Newsgroups: 24hoursupport.helpdesk
From: joevan
Date: Wed, 10 Mar 2004 19:02:27 GMT
Local: Wed, Mar 10 2004 2:02 pm
Subject: Re: hijack this log report
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
On Wed, 10 Mar 2004 18:36:03 +0000, °Mike°
wrote:
>Have HijackThis fix the above.
>SHEESH!!!!!!!!!!!
I feel you pain. How can you do that day after day. I looked over that
stuff and said maybe he should format and start over with some decent
programs.
You are not just a gentleman, but a gentleman and a scholar.
Maybe you should add Job as in "patience of" .
joevan
Reply Reply to author Forward Rate this post: Text for clearing space
°Mike°
View profile
More options Mar 10 2004, 2:18 pm
Newsgroups: 24hoursupport.helpdesk
From: °Mike°
Date: Wed, 10 Mar 2004 19:17:49 +0000
Local: Wed, Mar 10 2004 2:17 pm
Subject: Re: hijack this log report
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
On Wed, 10 Mar 2004 19:02:27 GMT, in
joevan scrawled:
>On Wed, 10 Mar 2004 18:36:03 +0000, °Mike°
> wrote:
>>Have HijackThis fix the above.
>>SHEESH!!!!!!!!!!!
>I feel you pain. How can you do that day after day.
I sometimes ask myself that.
>I looked over that stuff and said maybe he should format
>and start over with some decent programs.
I had the same thoughts. :)
>You are not just a gentleman, but a gentleman and a scholar.
Hmmm. There are some that think otherwise.
>Maybe you should add Job as in "patience of" .
I'm not always this patient.
--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
Reply Reply to author Forward Rate this post: Text for clearing space
lsj7
View profile
More options Mar 24 2004, 2:34 pm
Newsgroups: 24hoursupport.helpdesk
From: "lsj7"
Date: Wed, 24 Mar 2004 13:34:14 -0600
Local: Wed, Mar 24 2004 2:34 pm
Subject: Re: hijack this log report
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
GET OFF wrote:
> I need some help with my log report. Something is screwing me up
> again and I don't know what it is.
> Thanks
> Logfile of HijackThis v1.97.7
> Scan saved at 6:13:00 PM, on 3/9/2004
> Platform: Windows XP (WinNT 5.01.2600)
> C:\Program Files\AWS\WeatherBug\Weather.exe
Weatherbug is a spyware program. get rid of it and get a good free ware one
with no spyware crap here:
http://www.singerscreations.com/
.--
Cherish, therefore, the spirit of our people, and keep alive their
attention. .If once they become inattentive to the public affairs, you
and I, and congress and Assemblies, Judges and governors, shall all
become wolves.
_________Jefferson to Carrington 1787
lsj7
Reply Reply to author Forward Rate this post: Text for clearing space
End of messages - back to Discussions
« Newer topic - Unable to logon to server, connection to server has failed Radioshack - Older topic »
― jessez (ex machina), Tuesday, 30 January 2007 22:14 (eighteen years ago)
seven months pass...