Jump to content


Photo

Bargains, Lycos SideSearch keeps showing up


  • Please log in to reply
3 replies to this topic

#1 funnie11

funnie11

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 24 May 2004 - 09:12 AM

hey...everytime i run Spybot Search and Destroy, lycos sidesearch and bargains (bargain buddy) keep showing up. but i got rid of most of their files and programs and keys. wut am i missing??? thank you so much for any help u can give me.


Logfile of HijackThis v1.97.7
Scan saved at 10:11:41 AM, on 5/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPCLIENT.EXE
C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\BIN\MPBTN.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPCLIENT.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPCLIENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\SONIA\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Internet Explorer] c:\windows\freebar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PP5300usb] C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP3\\winampa.exe"
O4 - HKLM\..\Run: [CFJ] C:\WINDOWS\CFJ.exe
O4 - HKLM\..\Run: [BEHKO] C:\WINDOWS\BEHKO.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [DGNTXRLO] C:\WINDOWS\DGNTXRLO.exe
O4 - HKLM\..\Run: [ADGKNQTX] C:\WINDOWS\ADGKNQTX.exe
O4 - HKLM\..\Run: [OKKMOSDR] C:\WINDOWS\SYSTEM\OKKMOSDR.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [XTMSFT3D] C:\WINDOWS\SYSTEM\XTMSFT3D.exe
O4 - HKLM\..\Run: [11_STDD] C:\WINDOWS\SYSTEM\11_STDD.exe
O4 - HKLM\..\Run: [twfkbgt] C:\WINDOWS\twfkbgt.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\Program Files\Network Associates\McAfee VirusScan\WebScanX.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Quickenw\bagent.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Quicken Startup.lnk = C:\Quickenw\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Quickenw\billmind.exe
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7981.7623611111
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} -

#2 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 24 May 2004 - 08:38 PM

Hi funnie11
Close all browsers and rerun HJT. Check and click fix checked for the following-
O4 - HKLM\..\Run: [Internet Explorer] c:\windows\freebar.exe
O4 - HKLM\..\Run: [CFJ] C:\WINDOWS\CFJ.exe
O4 - HKLM\..\Run: [BEHKO] C:\WINDOWS\BEHKO.exe
O4 - HKLM\..\Run: [DGNTXRLO] C:\WINDOWS\DGNTXRLO.exe
O4 - HKLM\..\Run: [ADGKNQTX] C:\WINDOWS\ADGKNQTX.exe
O4 - HKLM\..\Run: [OKKMOSDR] C:\WINDOWS\SYSTEM\OKKMOSDR.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [XTMSFT3D] C:\WINDOWS\SYSTEM\XTMSFT3D.exe
O4 - HKLM\..\Run: [11_STDD] C:\WINDOWS\SYSTEM\11_STDD.exe
O4 - HKLM\..\Run: [twfkbgt] C:\WINDOWS\twfkbgt.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
Now reboot and delete the above files
Find this one and post it's properties
TrayComm.exe and then rename it
TrayComm.old until we know what it is.

#3 funnie11

funnie11

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 May 2004 - 04:53 PM

thank u very much. when i went to delete them they were gone, so i guess HJT did that. also, traycomm is a screensaver program thing, my brother downloaded it, so that if its running and the computer is idle, a LA lakers screensaver comes up. (there are many types and categories of screensavers i guess u could choose from it)

#4 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 26 May 2004 - 05:20 PM

You are welcome. Glad we could help.Thanks for the info on Traycom.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button