• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
c_and_jsmom

Can anyone help us?

9 posts in this topic

Hi!

 

Since my last post I have installed and run Spybot and deleted about 57 files. It still comes up with DSO Exploits and our homepage keeps going back to passthrough/index.html?http://bellsouth.net/

 

Zestyfind is still popping up. What course of action do I take now??

 

Here is my last Hijackthis scan.

 

Logfile of HijackThis v1.97.7

Scan saved at 2:54:19 PM, on 6/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\BCMSMMSG.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\PROGRA~1\GPLFLA~1\cdrom third.exe

C:\Program Files\Microsoft Money\System\Money Express.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\System32\sclgntfy.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_4_0.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [PopUp Buster+] C:\Program Files\PopUpBuster\popupbuster.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [blah64] C:\PROGRA~1\GPLFLA~1\cdrom third.exe

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll

O4 - HKLM\..\Run: [safeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF19e7.dll

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [sclgntfy] C:\WINDOWS\System32\sclgntfy.exe

O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/ScanFile.CAB

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v44/bj...ck/bjattack.cab

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab

O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://mirror.worldwinner.com/games/v42/te...y/territory.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8145.8063657407

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v58/swapit/swapit.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/ti...ty/tilecity.cab

O16 - DPF: {C5142630-9BC9-4236-BAC9-2E3C24566EC8} (XWord Control) - http://mirror.worldwinner.com/games/v40/xword/xword.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldwinner.com/games/v41/golfsol/golfsol.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup142f1.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_4_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{78D5FBE4-BADD-4888-9CEE-BAE7A1FE7A90}: NameServer = 205.152.37.23 205.152.132.23

 

Thanks in advance for your expert advice!!

Share this post


Link to post
Share on other sites

Thank you for your reply!

 

I have adaware downloaded. At my last run it showed 0 new finds. However, Spybot still finds that DSO Exploits(5 files) every time I run it. I can fix them, run the program again and it still comes up.

 

Do I need to reinstall adaware from your link to get the updates?

 

Thank you again.

Share this post


Link to post
Share on other sites

No. However, you do have the Lop hijacker. Did you update the reference file before you scanned with Ad-Aware?

 

At any rate, please post a new HijackThis log in a reply to this thread.

Share this post


Link to post
Share on other sites

Thanks for helping Tuxedo Jack-I'm at my wits end. I updated and reran adaware and deleted 300 items. Here is the new Hijackthis log.

 

Logfile of HijackThis v1.97.7

Scan saved at 5:54:45 PM, on 6/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\BCMSMMSG.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\PROGRA~1\GPLFLA~1\cdrom third.exe

C:\Program Files\Microsoft Money\System\Money Express.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i.../bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF19e7.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_4_0.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [PopUp Buster+] C:\Program Files\PopUpBuster\popupbuster.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [blah64] C:\PROGRA~1\GPLFLA~1\cdrom third.exe

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll

O4 - HKLM\..\Run: [safeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF19e7.dll

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/ScanFile.CAB

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v44/bj...ck/bjattack.cab

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab

O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://mirror.worldwinner.com/games/v42/te...y/territory.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8145.8063657407

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v58/swapit/swapit.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/ti...ty/tilecity.cab

O16 - DPF: {C5142630-9BC9-4236-BAC9-2E3C24566EC8} (XWord Control) - http://mirror.worldwinner.com/games/v40/xword/xword.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldwinner.com/games/v41/golfsol/golfsol.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup142f1.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_4_0.cab

 

Thanks again.

Share this post


Link to post
Share on other sites

Tap Ctrl+Alt+Delete, click the Processes tab, and end the following process:

 

cdrom third.exe

 

Close all programs, tick the following for removal in HJT, and click "Fix Checked:"

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i.../bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

 

O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF19e7.dll

 

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [blah64] C:\PROGRA~1\GPLFLA~1\cdrom third.exe

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll

O4 - HKLM\..\Run: [safeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF19e7.dll

 

O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/ScanFile.CAB

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup142f1.cab

 

Reboot.

 

Find and delete the following files/folders:

 

C:\WINDOWS\System32\PDF19e7.dll

C:\WINDOWS\System32\pdfupd.dll

C:\PROGRAM FILES\GPLFLA~1\

 

Scan again with HJT and post the new log.

Share this post


Link to post
Share on other sites

Good Morning Tuxedo Jack!

 

OK-I did everything you told me to do except to delete the 3 files/folders because I cannot find them. I went into file search but to no avail. Any suggestions??? (I know-I'm a computer dummy!)I went ahead and ran another HT scan to post for you anyway.

 

By the way-what is the lop hijacker?

 

If I don't get back to you to right away its because we are going out of town(the beach is calling!)I'll check back Sunday evening!

 

Thank you and have a good weekend!

 

Logfile of HijackThis v1.97.7

Scan saved at 9:13:48 AM, on 6/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\BCMSMMSG.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\Program Files\Microsoft Money\System\Money Express.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\jimmy\Local Settings\Temp\Temporary Directory 1 for hijackthis[2].zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_4_0.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [PopUp Buster+] C:\Program Files\PopUpBuster\popupbuster.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v44/bj...ck/bjattack.cab

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab

O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://mirror.worldwinner.com/games/v42/te...y/territory.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8145.8063657407

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v58/swapit/swapit.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/ti...ty/tilecity.cab

O16 - DPF: {C5142630-9BC9-4236-BAC9-2E3C24566EC8} (XWord Control) - http://mirror.worldwinner.com/games/v40/xword/xword.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://mirror.worldwinner.com/games/v41/golfsol/golfsol.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_4_0.cab

Edited by c_and_jsmom

Share this post


Link to post
Share on other sites

Lop is an evil hijacker that resists attempts to remove it.

 

You're clean.

 

Clear your Temporary Internet Files immediately. To do this, go to the Internet Controls control panel, then click "Delete Files." Tick the checkbox there, then click "OK.'

 

You may wish to look at Mozilla Firefox instead of IE. It has no security holes, doesn't integrate into the Windows shell (which is a bad thing due to the shell's control over the system), doesn't download anything without your approval, and doesn't get hijacked.

 

It also takes up less resources and uses tabs or new windows (tabs save desktop and taskbar space and make closing windows easier). It also comes with a built-in popup blocker as well as the ability to block images from servers (i.e. advertisements) with a right-click.

 

Firefox is immune to CWS in all its forms. You will _never_ get hijacked by CWS or any of its affiliates ever again if you use Firefox.

 

There's a link to it in my signature.

 

IE-SPYAD places over 4,000 known evil sites into the Restricted Sites zone in Internet Explorer so they can't execute ActiveX, Java, or place cookies on your machine. It's a rather nice thing to have. There's a link to it in my signature.

 

SpywareBlaster can prevent spyware from installing itself on your computer. It does require updating every now and again, but it's rather easy to operate. Just install, run, update, click "Protect," and you're done. Update once every month or so. There's a link in my signature.

 

Happy computing, and don't forget to use Windows Update once a week!

Share this post


Link to post
Share on other sites

Hi Tuxedo Jack.

 

Thanks for your help. I took your suggestions and downloaded Firefox and updated Windows. But I can't load Spyware Blaster...it gives me a message that says

 

16-bit MS-DOS Subsystem

 

c:\Documen~1\Jimmy\Locals~1\temp1spywar~1.EXE

The NTVDM CPU has encountered an illegal instruction.

CS:053d 1Po325 op:63 65 2c 20 70

Choose close to terminate the application

 

What have I done wrong???

 

I'm still getting bombarded with popups, lookatme and spotresults mainly.

 

Have I deleted something I shouldn't have??

 

Also-when you hit contrl+alt+delete it shows 32 running processes but lists nothing under applications-that can't be right????

Edited by c_and_jsmom

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0