Jump to content


Photo

Spyware infection and Internet connection broken?


  • This topic is locked This topic is locked
9 replies to this topic

#1 hinarei

hinarei

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 20 May 2004 - 04:26 AM

Hi! I'm new!

Like to know if anyone can help, please. I clicked on a link this morning, and afterwards received firewall messages (I use Norton 2003) saying about several programs wanting to access the internet. These included, optmize.exe, and wast.exe. I ran doxdesk's parasite checker and it said I had 'webhancer' parasite. I also recognised optimize being from another parasite/problem prog, Intenet Optimizer. So I started up Ad-Aware, scanned and removed what it found. After a reboot it finished removing reg entires and other processes it couldn't remove first time, as usual.

After it finished, I tried to connect to the internet, content that I had removed the problem.

Symantec Email Proxy came up with a message saying that "Symantec Email Proxy cannot scan your email messages because your network is not properly configured" error 1003,13. It had worked fine before I got the software on the comp.

Every time I run IE now I get a DNS error, not found page, with address "www.errorplace.com/red.php?c={86F78809-3B4B-41F68E8B-54BC8B09CC39}&aff=0catch&q=symantec", symantec if I try to click the link in the Symantec error message, or "q=hotmail" if I go to Hotmail, etc.

I ran a HJT check, and the error 10 looks rather ominous... :blink:

HJT Log

Logfile of HijackThis v1.97.7
Scan saved at 07:54:12, on 20/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\hdixlxq.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animemusicvideos.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.animemusicvideos.org/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.freeserve.com/
O1 - Hosts: 100.50.50.70 "WHITBY_BIRD \0x1b" #PRE
O1 - Hosts: 100.50.50.70 ATHENA #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.30 ZEUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.250 TITAN #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.140 DELPHI #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.180 PANDORA #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.10 DIONYSUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.20 APOLLO #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.150 CEREBERUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.59.1 POLLUX #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.59.2 CASTOR #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.52.102 ROMULUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.52.103 REMUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.200 ARES #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 192.60.60.30 "BATH \0x1b" #PRE
O1 - Hosts: 192.60.60.30 SATURN #PRE #DOM:BATH
O1 - Hosts: 192.60.60.60 MORPHEUS #PRE #DOM:BATH
O1 - Hosts: 192.60.60.70 JUPITER #PRE #DOM:BATH
O1 - Hosts: 99.50.50.10 "MANCHESTER \0x1b" #PRE
O1 - Hosts: 99.50.50.10 VENUS #PRE #DOM:MANCHESTER
O1 - Hosts: 99.50.50.20 JANUS #PRE #DOM:MANCHESTER
O1 - Hosts: 102.50.50.10 "CAMBRIDGE \0x1b" #PRE
O1 - Hosts: 102.50.50.10 EROS #PRE #DOM:CAMBRIDGE
O1 - Hosts: 105.50.50.10 "GLASGOW \0x1b" #PRE
O1 - Hosts: 105.50.50.10 GAIA #PRE #DOM:GLASGOW
O1 - Hosts: 106.50.50.10 "WINCHESTER \0x1b" #PRE
O1 - Hosts: 106.50.50.10 HESTIA #PRE #DOM:WINCHESTER
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {384F1DAE-B446-4929-B7EB-453AD32F9C06} - C:\WINDOWS\muftc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [amzlv] C:\WINDOWS\hdixlxq.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Kev\Application Data\urpo.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\windows\webhdll.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://access.gamesp...s/fullgames.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {78156E2A-B98E-423F-942D-3925F2BC0B0A} (JobListControls4.JobSuffixFinder) - http://100.50.50.140...stControls4.CAB
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...37962.569525463
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://pv2fd.pav2.ho...ex/HMAtchmt.ocx

any help would be appreciated!

#2 hinarei

hinarei

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 20 May 2004 - 08:19 AM

I think I've posted this in the right place, as I have scanned my machine with an up-to-date Ad-Aware before posting it here... That's right, isn't it?

#3 hinarei

hinarei

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 20 May 2004 - 10:16 AM

I think when I removed the webhancer with AdAware, its killed my connection, I just like to know how to repair it please, if anyone's ever had this before...

#4 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 20 May 2004 - 12:43 PM

You do have a few things that need to be removed, o fellow Su-fan. (I'm more partial to Shinobu myself, but Su would be right at home here at SWI.)

Tap Ctrl+Alt+Delete, click the Processes tab, and end the following process:

hdixlxq.exe

Close all programs, tick the following for removal in HJT, and click "Fix Checked:"

O2 - BHO: (no name) - {384F1DAE-B446-4929-B7EB-453AD32F9C06} - C:\WINDOWS\muftc.dll

O4 - HKLM\..\Run: [amzlv] C:\WINDOWS\hdixlxq.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Kev\Application Data\urpo.exe

Next, get a copy of LSPFix from the link below.

http://www.cexx.org/lspfix.htm

Run it.

Select all instances of "webhdll.dll" in it, then click "I Know What I'm Doing," then click "Fix."

Reboot.

Find and delete the following files/folders:

C:\Documents and Settings\Kev\Application Data\urpo.exe
C:\Program Files\webHancer\
C:\WINDOWS\hdixlxq.exe

Scan with HJT again and post the new log into a reply to this thread.

"Spyware? Is it delicious?"

And if memory serves, that avatar of yours is from the Love Hina manga where Motoko went off to her kendo training camp and Keitaro ended up being Su's playmate... thus ruining his back in the process and becoming the victim of a few Naru-punches.

Edited by Tuxedo Jack, 20 May 2004 - 12:44 PM.

Signature file is under revision. This will be back shortly.

#5 hinarei

hinarei

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 20 May 2004 - 12:46 PM

Thanks! Su would fit right in here, little hacker that she is! Not that any of us are hackers...

I'll go through this and see if I can get online to post back here.

Your memory has not failed you. That's the right scene. Funny as heck!

"CWS? Can I eat it?"

Edited by hinarei, 20 May 2004 - 12:48 PM.


#6 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 20 May 2004 - 12:49 PM

Bah. The true definition of hacker is one who can make machines do cool things. Su most certainly fits that definition, as do most of the Helpers and everyone in the Experts, Mods, and Admin groups.

Except for what she did in episode 13 with her Cherry-kun robot.
Signature file is under revision. This will be back shortly.

#7 fhaspeaker

fhaspeaker

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 20 May 2004 - 12:50 PM

Hi my name is Darrick >fhaspeaker> the same thing happened to me and I cabt get online at all. when i reboot I get an error message fash.exe and that Symantec Email Proxy came up with a message saying that "Symantec Email Proxy cannot scan your email messages because your network is not properly configured.

The only software I have on that computer is adware and thats it. whats the first step you took to get that report from hj

#8 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 20 May 2004 - 12:55 PM

FHASpeaker, you can download HijackThis from the link in my signature. Save it to a new folder, then run it, click "Scan," then click "Save Log." Copy and paste the text of that log into a new thread in the Malware Removal forum. Please do not post your log into this thread, as it will make the thread harder to follow.
Signature file is under revision. This will be back shortly.

#9 hinarei

hinarei

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 20 May 2004 - 02:32 PM

The cherry-kun robot was strange, but a good idea. Practice makes perfect, and no-one's gonna kiss you if you're no good at it, right ? ;)

I appear to be online! Hooray! Here's my new log:

HJT Log - after LSPFix

Logfile of HijackThis v1.97.7
Scan saved at 20:27:29, on 20/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wacom\TabUserW.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animemusicvideos.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.animemusicvideos.org/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.freeserve.com/
O1 - Hosts: 100.50.50.70 "WHITBY_BIRD \0x1b" #PRE
O1 - Hosts: 100.50.50.70 ATHENA #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.30 ZEUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.250 TITAN #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.140 DELPHI #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.180 PANDORA #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.10 DIONYSUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.20 APOLLO #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.150 CEREBERUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.59.1 POLLUX #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.59.2 CASTOR #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.52.102 ROMULUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.52.103 REMUS #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 100.50.50.200 ARES #PRE #DOM:WHITBY_BIRD
O1 - Hosts: 192.60.60.30 "BATH \0x1b" #PRE
O1 - Hosts: 192.60.60.30 SATURN #PRE #DOM:BATH
O1 - Hosts: 192.60.60.60 MORPHEUS #PRE #DOM:BATH
O1 - Hosts: 192.60.60.70 JUPITER #PRE #DOM:BATH
O1 - Hosts: 99.50.50.10 "MANCHESTER \0x1b" #PRE
O1 - Hosts: 99.50.50.10 VENUS #PRE #DOM:MANCHESTER
O1 - Hosts: 99.50.50.20 JANUS #PRE #DOM:MANCHESTER
O1 - Hosts: 102.50.50.10 "CAMBRIDGE \0x1b" #PRE
O1 - Hosts: 102.50.50.10 EROS #PRE #DOM:CAMBRIDGE
O1 - Hosts: 105.50.50.10 "GLASGOW \0x1b" #PRE
O1 - Hosts: 105.50.50.10 GAIA #PRE #DOM:GLASGOW
O1 - Hosts: 106.50.50.10 "WINCHESTER \0x1b" #PRE
O1 - Hosts: 106.50.50.10 HESTIA #PRE #DOM:WINCHESTER
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://access.gamesp...s/fullgames.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {78156E2A-B98E-423F-942D-3925F2BC0B0A} (JobListControls4.JobSuffixFinder) - http://100.50.50.140...stControls4.CAB
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...37962.569525463
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://pv2fd.pav2.ho...ex/HMAtchmt.ocx

Edited by hinarei, 20 May 2004 - 02:33 PM.


#10 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 20 May 2004 - 02:42 PM

You are indeed clean.


Clear your Temporary Internet Files immediately. To do this, go to the Internet Controls control panel, then click "Delete Files." Tick the checkbox there, then click "OK.'

You may wish to look at Mozilla Firefox instead of IE. It has no security holes, doesn't integrate into the Windows shell (which is a bad thing due to the shell's control over the system), doesn't download anything without your approval, and doesn't get hijacked.

It also takes up less resources and uses tabs or new windows (tabs save desktop and taskbar space and make closing windows easier). It also comes with a built-in popup blocker as well as the ability to block images from servers (i.e. advertisements) with a right-click.

Firefox is immune to CWS in all its forms. You will _never_ get hijacked by CWS or any of its affiliates ever again if you use Firefox.

There's a link to it in my signature.

IE-SPYAD places over 4,000 known evil sites into the Restricted Sites zone in Internet Explorer so they can't execute ActiveX, Java, or place cookies on your machine. It's a rather nice thing to have. There's a link to it in my signature.

SpywareBlaster can prevent spyware from installing itself on your computer. It does require updating every now and again, but it's rather easy to operate. Just install, run, update, click "Protect," and you're done. Update once every month or so. There's a link in my signature.

Don't forget to use Windows Update once a week.

Also, just for kicks and giggles, you may want to check out my Love Hina/Sailormoon fusion story, "Over-Violent Student Double Hail Hina." It's both on tuxedojack.com and fanfiction.net. I've also got a chapter of Andrew Talon's "Love Hina Fanboy War: The Bonds of Time" that'll be up soon, and there's a screwy Love Hina/Weiß Kreuz fusion that I have in the pipe.

Happy computing, and yes, it is delicious!
Signature file is under revision. This will be back shortly.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button