• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Jillie

VX2 Log

28 posts in this topic

My computer has turned into a never ending commerical! I have no clue where all this stuff came from, but I'm frustrated and can't seem to get it all cleaned off. Can you please help me... I've added my HighjackThis log.

Thanks in advance.

 

Logfile of HijackThis v1.97.7

Scan saved at 7:15:26 PM, on 6/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\PROGRA~1\EXTRAM~1\Barb book.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\System32\hphmon03.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\HPHipm09.exe

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...rudgereport.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

N1 - Netscape 4: user_pref("browser.startup.homepage", "allaboutsearching.com"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "allaboutsearching.com"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

O1 - Hosts: 207.36.196.189 ieautosearch

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: MATH CITY - {F43F9FAE-6648-2E6C-9AAE-19D7CBD2C5C5} - C:\PROGRA~1\CHINWA~1\newdownload.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [Lies The] C:\PROGRA~1\EXTRAM~1\Barb book.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab

O16 - DPF: Tornado 21 - http://download.yahoo.com/games/clients/y/t21s0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xs0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.yahoo.com/games/clients/y/ccs1_x.cab

O16 - DPF: Yahoo! Dice - http://download.yahoo.com/games/clients/y/dcs0_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.yahoo.com/games/clients/y/dos0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dts0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.snv.yahoo.com/yog/y/fs9_x.cab

O16 - DPF: Yahoo! Go - http://download.yahoo.com/games/clients/y/gs0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.yahoo.com/games/clients/y/zs0_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.yahoo.com/games/clients/y/sds0_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.yahoo.com/games/clients/y/fs0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/yws0_x.cab

O16 - DPF: Yahoo! Trivia - http://download.yahoo.com/games/clients/y/tvs0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...porter.cab?RND=

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://audio.gov.pe.ca/islandcam/AxisCamControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7597.6276273148

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://imbum.com/Imbum_bw.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nauticom.net

Share this post


Link to post
Share on other sites

Hold on, looking through your log.

 

Fix these lines -

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...rudgereport.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

 

R3 - Default URLSearchHook is missing

 

N1 - Netscape 4: user_pref("browser.startup.homepage", "allaboutsearching.com"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "allaboutsearching.com"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

 

O1 - Hosts: 207.36.196.189 ieautosearch

 

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

 

 

O9 - Extra button: WeatherBug (HKCU)

 

 

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...porter.cab?RND=

 

Now, post a new HijackThis log. Did this help?

Edited by Nemesis6

Share this post


Link to post
Share on other sites

*Sigh* Still got the pop ups like crazy :weep: Here's the new Hijack Log

 

Logfile of HijackThis v1.97.7

Scan saved at 8:28:40 PM, on 6/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\PROGRA~1\EXTRAM~1\Barb book.exe

C:\WINDOWS\System32\hphmon03.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Messenger\msmsgs.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

O1 - Hosts: 207.36.196.189 ieautosearch

O1 - Hosts: 207.36.196.189 auto.search.msn.com

O1 - Hosts: 207.36.196.189 search.netscape.com

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: MATH CITY - {F43F9FAE-6648-2E6C-9AAE-19D7CBD2C5C5} - C:\PROGRA~1\CHINWA~1\newdownload.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [Lies The] C:\PROGRA~1\EXTRAM~1\Barb book.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab

O16 - DPF: Tornado 21 - http://download.yahoo.com/games/clients/y/t21s0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xs0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.yahoo.com/games/clients/y/ccs1_x.cab

O16 - DPF: Yahoo! Dice - http://download.yahoo.com/games/clients/y/dcs0_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.yahoo.com/games/clients/y/dos0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dts0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.snv.yahoo.com/yog/y/fs9_x.cab

O16 - DPF: Yahoo! Go - http://download.yahoo.com/games/clients/y/gs0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.yahoo.com/games/clients/y/zs0_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.yahoo.com/games/clients/y/sds0_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.yahoo.com/games/clients/y/fs0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/yws0_x.cab

O16 - DPF: Yahoo! Trivia - http://download.yahoo.com/games/clients/y/tvs0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://audio.gov.pe.ca/islandcam/AxisCamControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7597.6276273148

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nauticom.net

Share this post


Link to post
Share on other sites

Ok, no problem. Go to www.download.com and search for SpyBot and AdAware Now, install these two programs, non other, upgrade them from within the programs - In AdAware, click the little globe in the interface. In SpyBot, click the "Update" tab on the left. Alright, now, run these two seperatly. Did this help?

Share this post


Link to post
Share on other sites

Thanks, I'm running them now (I'm on my laptop, computer in question is my desktop). I do run window washer, adaware and spybot and spysweeper at least once a day which makes me wonder where all this garbage came from, hubby or kids. Who to blame? :D I'll post a new log asap. OT, what's your opinion on reformatting, I havent done it in over 4 years, I just try to keep the pc clean.

Share this post


Link to post
Share on other sites

Ok, I ran adaware (found Ezula, Lop.com) Ran S&D (found inet, netscape search) and ran spysweeper (found vx2 Transponder, Ezula i lookup and lopdotcom) Deleted everything and rebooted and still getting a few pop ups, nothing like before. Here is my latest HT log

 

Logfile of HijackThis v1.97.7

Scan saved at 11:02:48 PM, on 6/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\WINDOWS\System32\hphmon03.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\WINDOWS\System32\HPHipm09.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\HPGS2WNF.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\extra mpeg\Barb book.exe

C:\unzipped\hijackthis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...rudgereport.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: MATH CITY - {F43F9FAE-6648-2E6C-9AAE-19D7CBD2C5C5} - C:\PROGRA~1\CHINWA~1\newdownload.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab

O16 - DPF: Tornado 21 - http://download.yahoo.com/games/clients/y/t21s0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xs0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.yahoo.com/games/clients/y/ccs1_x.cab

O16 - DPF: Yahoo! Dice - http://download.yahoo.com/games/clients/y/dcs0_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.yahoo.com/games/clients/y/dos0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dts0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.snv.yahoo.com/yog/y/fs9_x.cab

O16 - DPF: Yahoo! Go - http://download.yahoo.com/games/clients/y/gs0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.yahoo.com/games/clients/y/zs0_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.yahoo.com/games/clients/y/sds0_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.yahoo.com/games/clients/y/fs0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/yws0_x.cab

O16 - DPF: Yahoo! Trivia - http://download.yahoo.com/games/clients/y/tvs0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://audio.gov.pe.ca/islandcam/AxisCamControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7597.6276273148

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nauticom.net

Share this post


Link to post
Share on other sites

Alright, fix these lines -

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...rudgereport.com

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com

 

Now, I think I might have located the little bastard who's giving you some popups... Here's what I need you to do: Fix theses lines -

 

O4 - HKLM\..\Run: [Lies The] C:\PROGRA~1\EXTRAM~1\Barb book.exe

 

O3 - Toolbar: MATH CITY - {F43F9FAE-6648-2E6C-9AAE-19D7CBD2C5C5} - C:\PROGRA~1\CHINWA~1\newdownload.dll

 

 

Did this help?

Edited by Nemesis6

Share this post


Link to post
Share on other sites

Ok, did what you said, and ran all my scans again, Adaware found a couple, deleted those, S&D found none and spysweeper found coolwww and vx2transponder, deleted those. I can't seem to get rid of that Barb Book exe (whatever it is). I found it in the programs files but it won't let me delete it there, says its in use. Can I delete that in safe mode? :techsupport:

Here is the latest HT log.

Thanks again for all your help.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:50:44 AM, on 6/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\WINDOWS\System32\hphmon03.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\EXTRAM~1\Barb book.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\HPHipm09.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab

O16 - DPF: Tornado 21 - http://download.yahoo.com/games/clients/y/t21s0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xs0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.yahoo.com/games/clients/y/ccs1_x.cab

O16 - DPF: Yahoo! Dice - http://download.yahoo.com/games/clients/y/dcs0_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.yahoo.com/games/clients/y/dos0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dts0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.snv.yahoo.com/yog/y/fs9_x.cab

O16 - DPF: Yahoo! Go - http://download.yahoo.com/games/clients/y/gs0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.yahoo.com/games/clients/y/zs0_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.yahoo.com/games/clients/y/sds0_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.yahoo.com/games/clients/y/fs0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/yws0_x.cab

O16 - DPF: Yahoo! Trivia - http://download.yahoo.com/games/clients/y/tvs0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://audio.gov.pe.ca/islandcam/AxisCamControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7597.6276273148

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nauticom.net

Share this post


Link to post
Share on other sites

Yes, you should be able to delete it in Safe-Mode. By the way, it would be a good idea to run this tool - http://www.spywareinfo.com/~merijn/files/cwshredder.zip

 

Unzip it to a directory and run the file. Inside the program, check for updates. When updating, if required, is finished, then click "Fix". One last thing - Try restarting in Safe-Mode and scanning with both AdAware and SpyBot.

While we're at it, might as well delete the C:\Program Files\extra mpeg\ directory. (Not Program Files of course, hence the highlighting)

 

What did they find / remove? And most importantly, after following these instructions, are you still having problems? Post a HijackThis log in any case.

Edited by Nemesis6

Share this post


Link to post
Share on other sites

Did all of the above, AdAware found allaboutsearching and one other, S&D found igetnet, deleted all of those. Still getting zestyfind and spotresults popping up. I have a feeling this all came from my daughter being at ibum getting icons, I'm ready to delete the aol msg here since I dont use it and she can just stay on her own computer. Anyhow, here's the latest HT log. Have I said thank you for trying to help me lately? THANK YOU!

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:25:01 PM, on 6/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\WINDOWS\System32\hphmon03.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\WINDOWS\System32\HPHipm09.exe

C:\Program Files\Messenger\msmsgs.exe

C:\unzipped\hijackthis\HijackThis.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab

O16 - DPF: Tornado 21 - http://download.yahoo.com/games/clients/y/t21s0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xs0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.yahoo.com/games/clients/y/ccs1_x.cab

O16 - DPF: Yahoo! Dice - http://download.yahoo.com/games/clients/y/dcs0_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.yahoo.com/games/clients/y/dos0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dts0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.snv.yahoo.com/yog/y/fs9_x.cab

O16 - DPF: Yahoo! Go - http://download.yahoo.com/games/clients/y/gs0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.yahoo.com/games/clients/y/zs0_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.yahoo.com/games/clients/y/sds0_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.yahoo.com/games/clients/y/fs0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/yws0_x.cab

O16 - DPF: Yahoo! Trivia - http://download.yahoo.com/games/clients/y/tvs0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://audio.gov.pe.ca/islandcam/AxisCamControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7597.6276273148

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nauticom.net

Share this post


Link to post
Share on other sites

Go to the bottom of this page, click "I accept" and follow the instructions -

 

http://www.look2me.com/cgi-bin/UnInstaller

 

Now, after this, download and run this tool just to be sure -

http://www.spywareinfo.com/~merijn/files/kill2me.zip

 

This should really help. Please report back to me after following the instructions and post a new HijackThis log just in case.

Edited by Nemesis6

Share this post


Link to post
Share on other sites

All done. Kill2me said it didn't find it but I ran it anyhow. New HT log below. I did about 5 minutes of surfing and everything seems ok now. I'd still like to know where I picked all that shit up.

I bow to you kind Sir :thumbsup: Thanks a ton!

 

Logfile of HijackThis v1.97.7

Scan saved at 4:03:57 PM, on 6/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\WINDOWS\System32\hphmon03.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\WINDOWS\System32\HPHipm09.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\explorer.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\HPGS2WNF.EXE

C:\unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab

O16 - DPF: Tornado 21 - http://download.yahoo.com/games/clients/y/t21s0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xs0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.yahoo.com/games/clients/y/ccs1_x.cab

O16 - DPF: Yahoo! Dice - http://download.yahoo.com/games/clients/y/dcs0_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.yahoo.com/games/clients/y/dos0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dts0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.snv.yahoo.com/yog/y/fs9_x.cab

O16 - DPF: Yahoo! Go - http://download.yahoo.com/games/clients/y/gs0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.yahoo.com/games/clients/y/zs0_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.yahoo.com/games/clients/y/sds0_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.yahoo.com/games/clients/y/fs0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/yws0_x.cab

O16 - DPF: Yahoo! Trivia - http://download.yahoo.com/games/clients/y/tvs0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://audio.gov.pe.ca/islandcam/AxisCamControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7597.6276273148

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nauticom.net

Share this post


Link to post
Share on other sites

Well, this article might help explain it - http://forums.net-integration.net/index.php?showtopic=3051

 

I'd recommend that you download SpywareBlaster, it's a program that blocks a large number (2900 +) of adware, spyware, viruses, cookies, malware, generally a lot of bad stuff from getting into your computer. All of this is done without the program running in the background or anything like that. Here's a link that contain some mirrors for it - http://www.javacoolsoftware.com/sbdownload.html

Remember to update it regularly.

Edited by Nemesis6

Share this post


Link to post
Share on other sites

Thanks! We have 3 desktops and a laptop here, and I'll load it on all of them for sure, especially the kids since they are so nonchalant in their surfing. :)

Share this post


Link to post
Share on other sites

I just ran VX2 Finder and below is the low from that. This stuff shouldn't be on my computer should it? I tried to delete it as in the directions but no luck, it's still there. Do I need to get rid of it and how do I do that?

Thanks again

 

Log for VX2.BetterInternet File Finder

 

Files Found---

C:\WINDOWS\System32\Dongerous Creatures.dll

C:\WINDOWS\System32\Dsngerous Creatures.dll

C:\WINDOWS\System32\Dwngerous Creatures.dll

C:\WINDOWS\System32\Icside your Computer.dll

C:\WINDOWS\System32\Ikside your Computer.dll

C:\WINDOWS\System32\Irside your Computer.dll

C:\WINDOWS\System32\Iyside your Computer.dll

C:\WINDOWS\System32\Lconardo da Vinci.dll

C:\WINDOWS\System32\Lhonardo da Vinci.dll

C:\WINDOWS\System32\Ljonardo da Vinci.dll

C:\WINDOWS\System32\Llonardo da Vinci.dll

C:\WINDOWS\System32\Loonardo da Vinci.dll

C:\WINDOWS\System32\Lqonardo da Vinci.dll

C:\WINDOWS\System32\Txe Golden Era.dll

 

 

Guardian Key--- is called:

 

User Agent String---

Share this post


Link to post
Share on other sites

I ran VX2 Finder and below is the log from that. This stuff shouldn't be on my computer should it? I tried to delete it as in the directions but no luck, it's still there. Do I need to get rid of it and how do I do that?

Thanks

 

Log for VX2.BetterInternet File Finder

 

Files Found---

C:\WINDOWS\System32\Dongerous Creatures.dll

C:\WINDOWS\System32\Dsngerous Creatures.dll

C:\WINDOWS\System32\Dwngerous Creatures.dll

C:\WINDOWS\System32\Icside your Computer.dll

C:\WINDOWS\System32\Ikside your Computer.dll

C:\WINDOWS\System32\Irside your Computer.dll

C:\WINDOWS\System32\Iyside your Computer.dll

C:\WINDOWS\System32\Lconardo da Vinci.dll

C:\WINDOWS\System32\Lhonardo da Vinci.dll

C:\WINDOWS\System32\Ljonardo da Vinci.dll

C:\WINDOWS\System32\Llonardo da Vinci.dll

C:\WINDOWS\System32\Loonardo da Vinci.dll

C:\WINDOWS\System32\Lqonardo da Vinci.dll

C:\WINDOWS\System32\Txe Golden Era.dll

 

 

Guardian Key--- is called:

 

User Agent String---

Edited by Jillie

Share this post


Link to post
Share on other sites

Hello Jillie,

 

* Edit..I see from earlier posts in another thread that you have already carried out some of the steps. Please post a fresh HiJackThis log to this thread.

 

picard*

 

Please download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet. This log will allow us to ascertain what is going on with your computer.

 

picard.

Edited by picard_uk

Share this post


Link to post
Share on other sites

Threads merged to here.

Please stay in this thread until your problem is resolved.

Share this post


Link to post
Share on other sites

Sorry about the thread mix up, I thought since the pop ups seemed to have stopped but I had a question about the vx2finder.exe scan it would be different yadda yadda yadda.. anyhow, here is my latest HT log and my vx2finder log is posted above.

TIA! :)

 

Logfile of HijackThis v1.97.7

Scan saved at 6:27:53 PM, on 6/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\HPGS2WNF.EXE

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Messenger\msmsgs.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab

O16 - DPF: Tornado 21 - http://download.yahoo.com/games/clients/y/t21s0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xs0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.yahoo.com/games/clients/y/ccs1_x.cab

O16 - DPF: Yahoo! Dice - http://download.yahoo.com/games/clients/y/dcs0_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.yahoo.com/games/clients/y/dos0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dts0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.snv.yahoo.com/yog/y/fs9_x.cab

O16 - DPF: Yahoo! Go - http://download.yahoo.com/games/clients/y/gs0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.yahoo.com/games/clients/y/zs0_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.yahoo.com/games/clients/y/sds0_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.yahoo.com/games/clients/y/fs0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/yws0_x.cab

O16 - DPF: Yahoo! Trivia - http://download.yahoo.com/games/clients/y/tvs0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://audio.gov.pe.ca/islandcam/AxisCamControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7597.6276273148

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nauticom.net

Share this post


Link to post
Share on other sites

Please close all open windows and browsers, open HJT and mark/fix:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

 

I am not seeing anymore obvious problems, are you still having problems with your computer?? Please post details if you are....

Share this post


Link to post
Share on other sites

I fixed the 2 lines you said to fix. No, I'm not really having any problems now, I was just questioning the stuff coming up in the vx2finder log. I tend to panic if I see stuff that is misspelled since that's usually not a good thing. Thanks.

Share this post


Link to post
Share on other sites

Those do look like they are probably bad... Boot into Safe Mode and see if you can delete them directly... You will probably need to make sure that Windows is set to show all hidden files and system files... Then look for them in:

 

C:\WINDOWS\System32\

 

If you can't delete them, give detailed info about what got in the way...

Share this post


Link to post
Share on other sites

This is the weirdest thing. I went into Windows/System32 and none of those files are in there. I did a search for them too, nothing. Yet when I run the vx2finder it shows them there, I delete thru that and keep getting the message that they will be deleted upon reboot. I guess I should just stop being paranoid since AdAware, SpyBot and Spysweeper, Norton and Housecall all come up clean?

Share this post


Link to post
Share on other sites

I'll ask some experts and see if anyone knows what is up with that... I am not familiar enough with the program to know for sure... In the meanwhile, make sure AdAware is updated and set custom settings to the deepest level, then do a scan with it... We will see if it turns anything up. The malware detected and fixed by that program is very aggressive adware, so it won't even show up in things like Norton...

Share this post


Link to post
Share on other sites

Jillie

 

Those VX2 files usually have hidden attributes, so unless you have Windows options to "Show hidden files & folders" they will not be found in a normal Windows search.

If the VX2Finder lists them, you can be sure they are there.

You also have no registry information listed, which is very strange as well

 

When you do the VX2 scan, make sure you put checks beside all those files that are found, (or nothing will be removed)

 

I dont see "Rundll32.exe" running in your HiJackthis scan either, so either you have uninstalled the VX2 from your computer and the Finder is just listing orphaned files(which can be deleted with no trouble) or the VX2 trojan has a updated version which is not being fully detected.

Share this post


Link to post
Share on other sites

Hi, I did have hidden files showing but not the protected OS files, so I unhid those and found all the files that vx2finder found. Below is the latest HT log... Thanks :) I'm going to have to run HT on my daughters computer, I'm guessing it's polluted

:(:techsupport:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:39:17 AM, on 6/8/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\HPGS2WNF.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jillie\Application Data\Mozilla\Profiles\default\j2wx5za3.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\phdintl.dll/phdContext.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab

O16 - DPF: Tornado 21 - http://download.yahoo.com/games/clients/y/t21s0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xs0_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.yahoo.com/games/clients/y/ccs1_x.cab

O16 - DPF: Yahoo! Dice - http://download.yahoo.com/games/clients/y/dcs0_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.yahoo.com/games/clients/y/dos0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dts0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.snv.yahoo.com/yog/y/fs9_x.cab

O16 - DPF: Yahoo! Go - http://download.yahoo.com/games/clients/y/gs0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.yahoo.com/games/clients/y/zs0_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.yahoo.com/games/clients/y/sds0_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.yahoo.com/games/clients/y/fs0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/yws0_x.cab

O16 - DPF: Yahoo! Trivia - http://download.yahoo.com/games/clients/y/tvs0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://audio.gov.pe.ca/islandcam/AxisCamControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7597.6276273148

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF946C3C-434A-413E-A017-D8A762E0B4E9}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: Domain = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5F91BC-17D5-4ABA-973D-1E982D6C55BE}: NameServer = 198.190.226.3,198.190.226.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nauticom.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nauticom.net

Share this post


Link to post
Share on other sites

Your log looks clean... congratulations... Here is my prevention speech to keep it that way:

 

This is a good time to set up protection against further attacks. Read the article linked below about "How did I get infected". You need an antivirus that is updated, a good firewall (a router firewall is not enough) and a spyware blocker like SpywareBlaster and also IE-Spyads. All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0