• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
glu80

offeroptimizer & spyware - hijack log included

7 posts in this topic

Hi, i've recently noticed a bunch of popups on my computer, some coming from "Offeroptimizer" among others. My computer and internet is running extremely slow as a result now and I don't know what to do! I've run spyassasin from adaware and it found some spyware which I deleted but it still doesn't get rid of the popups and slowdown. Please help!!! Thanks

 

Here is my hijackthis log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 2:44:17 AM, on 6/27/2004

Platform: Windows XP  (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\WINDOWS\Explorer.EXE

C:\windows\temp\ASTa.exe

C:\WINDOWS\System32\syixih.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\Program Files\over.exe

c:\Program Files\over.exe

C:\WINDOWS\System32\Gcg0LIcr.exe

C:\WINDOWS\System32\Mmashag.exe

C:\Temp\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ubprnp] C:\WINDOWS\System32\ubprnp.exe

O4 - HKLM\..\Run: [ASTa.exe] C:\windows\temp\ASTa.exe

O4 - HKLM\..\Run: [tqeqlxvw] C:\WINDOWS\System32\syixih.exe

O4 - HKLM\..\Run: [5BQDP#256G7546] C:\WINDOWS\System32\TagqXPno.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [spynuker_download] C:\Documents and Settings\Garrett Lu\Desktop\SpywareNukerInstaller.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Garrett Lu\Start Menu\Programs\HP DeskJet 930C Series v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Garrett Lu\Start Menu\Programs\HP DeskJet 930C Series v2.1"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: RealDownload.lnk = C:\Program Files\REAL\RealDownload\REALDOWNLOAD.EXE

O4 - Global Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .smi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppl3260.dll

O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.yahoo.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/aol/plug...oad.9.0.0.2.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_5.cab

Share this post


Link to post
Share on other sites

Can anyone please help me with this problem? This popups are killing my computer! =(

Thanks for any help!

Share this post


Link to post
Share on other sites

Hello glu80,

 

Please start out by putting Hijackthis in a Permanent folder.

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

This will allow backups to be made and saved By hijackthis in case something goes wrong

Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.

 

______

 

First download the PeperFix.exe, a tool made by Option^Explicit, from here:

 

http://downloads.subratam.org/PeperFix.exe

 

Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

You will be prompted to reboot.

 

Reboot and it will delete the files.

 

______

 

Click Start, click Control Panel, and then double-click Add or Remove Programs "Change or Remove Programs"

and Remove Spyware Nuker using the Add/Remove Programs utility.

______

 

 

Now, open HijackThis, click Scan, then put a check next to the following entries:

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/

 

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

 

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

 

O4 - HKLM\..\Run: [ubprnp] C:\WINDOWS\System32\ubprnp.exe

O4 - HKLM\..\Run: [ASTa.exe] C:\windows\temp\ASTa.exe

O4 - HKLM\..\Run: [tqeqlxvw] C:\WINDOWS\System32\syixih.exe

O4 - HKCU\..\Run: [spynuker_download] C:\Documents and Settings\Garrett Lu\Desktop\SpywareNukerInstaller.exe

 

O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe

O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab

 

 

Then Close all open Windows and Browsers (have only HJT open) and click "Fix Checked".

 

Then, reboot to safe mode (tap F8 while restarting) and delete these files (if still there)

 

C:\WINDOWS\System32\ubprnp.exe

C:\WINDOWS\System32\syixih.exe

C:\Documents and Settings\Garrett Lu\Desktop\SpywareNukerInstaller.exe

 

You may have to show hidden files:

 

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Then browse to the C:\documents and settings\<Your Profile> (repeat for all users)\local settings\temp folder and delete all files and folders in it.

Then browse to the C:\Windows\Temp folder and delete all files in it.

This will delete all your cached internet content including cookies

 

Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

 

 

After you do the above, please reboot normally and post a new HJT log.

Share this post


Link to post
Share on other sites

Hi Autodad. Thank you so much for taking the time to help me with this, I really appreciate it! I did everything you listed, the only things I couldn't do were:

 

1) I couldn't find the Spyware Nuker program in the Add/Remove Programs utility. I assume its already been deleted.

 

2) After fixing the listed files, I rebooted in safe mode, but I couldn't not find the file c:\WINDOWS\SYSTEM32\ubprnp.exe. I was able to delete syixih.exe however.

 

Now here is my new HijackThis log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 1:55:58 PM, on 6/27/2004

Platform: Windows XP  (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [5BQDP#256G7546] C:\WINDOWS\System32\TagqXPno.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Garrett Lu\Start Menu\Programs\HP DeskJet 930C Series v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Garrett Lu\Start Menu\Programs\HP DeskJet 930C Series v2.1"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: RealDownload.lnk = C:\Program Files\REAL\RealDownload\REALDOWNLOAD.EXE

O4 - Global Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .smi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppl3260.dll

O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.yahoo.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/aol/plug...oad.9.0.0.2.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_5.cab

 

 

Again, thank you so much for your help! So far no popus have come up!

Share this post


Link to post
Share on other sites

Hi glu80,

 

Just some clean up left to do.

 

Download Registrar Lite from here: http://www.resplendence.com/download/reglite.exe

 

Put it in its own folder. You may want to keep this program. It is an excellent free, registry editor.

 

Copy and paste the follow text into the address bar, then hit 'Go':

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

 

In the pane on the right are the values associated with that key.

We want to remove this one {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_

 

Notice the underscore at the end, It should be the first one.

 

Right click on it, and select delete. If you get a confirmation question, respond OK then close out the program.

 

_____

 

Open Hijackthis, click Scan, then put a check next to the following entries:

 

 

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

 

O4 - HKLM\..\Run: [5BQDP#256G7546] C:\WINDOWS\System32\TagqXPno.exe

 

 

Then, Close all open Windoes and Browsers (have only HJT open) and click "Fix Checked".

 

Reboot normally, and please post another HJT log.

Share this post


Link to post
Share on other sites

Hi Autodad,

I made all the changes you said and here is my new HijackThis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:18:36 PM, on 6/27/2004

Platform: Windows XP  (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Garrett Lu\Start Menu\Programs\HP DeskJet 930C Series v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Garrett Lu\Start Menu\Programs\HP DeskJet 930C Series v2.1"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: RealDownload.lnk = C:\Program Files\REAL\RealDownload\REALDOWNLOAD.EXE

O4 - Global Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .smi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppl3260.dll

O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.yahoo.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/aol/plug...oad.9.0.0.2.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_5.cab

 

Thanks so much for your time and help!!

Share this post


Link to post
Share on other sites

Hi glu80,

 

You're welcome!

 

Sorry I didn't notice these before:

 

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: PowerReg Scheduler.exe

 

They are unneeded registration reminders that is reported to send data about the user back to the company that put them out.

You can fix them in HJT.

 

Other than that, your log looks good. Let us know if you have any concerns.

Here is some free protection you should consider:

Download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies.

 

IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

 

Check for updates occaisionally.

 

And also see So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0