• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
woje_iowa

I have been hijacked

10 posts in this topic

I am getting a ton of popups and web page resettings.... Please let me know what I need to get rid of.... Thanks for your help.

 

Woje

 

Logfile of HijackThis v1.97.7

Scan saved at 9:55:48 AM, on 6/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\PROGRA~1\DARTTR~1\NURB JOY FILM.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\trun.exe

C:\DOCUME~1\JOHNWY~1\LOCALS~1\Temp\win32gk.exe

C:\Documents and Settings\JOHN WYCKOFF\Application Data\ctre.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\JOHN WYCKOFF\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.us/browser/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://magicsearch.us/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.us/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Share this post


Link to post
Share on other sites

Could you try posting the log again? That log is rather short.

 

Also, create a new folder/directory called C:\HJT and move HijackThis to it. Otherwise the backups created by HijackThis will clutter your desktop.

 

-- LB

Share this post


Link to post
Share on other sites

here is an updated log.... I made a new folder in C: also and saved the file there.

 

Thanks, Woje

 

Logfile of HijackThis v1.97.7

Scan saved at 10:53:46 AM, on 6/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\DARTTR~1\NURB JOY FILM.exe

C:\WINDOWS\msupdate.exe

C:\WINDOWS\trun.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Documents and Settings\JOHN WYCKOFF\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = allaboutsearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.us/browser/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.us/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GREY ROAM] C:\PROGRA~1\DARTTR~1\NURB JOY FILM.exe

O4 - HKLM\..\Run: [MSConfig Manager] C:\WINDOWS\msupdate.exe

Share this post


Link to post
Share on other sites

Are you sure that was the entire log? The list of O4 items should be larger than what was in that last log.

 

-- LB

Share this post


Link to post
Share on other sites

When you copied the log over to here, did you use edit->select all in Notepad before copying/pasting? If not, then you need to do so in order to post the entire log here.

 

-- LB

Share this post


Link to post
Share on other sites

Ok i did the copy and paste as you instructed.... Here is what I have as of today.. Thanks a bunch for your help and patience..

Woje

 

Logfile of HijackThis v1.97.7

Scan saved at 1:49:44 PM, on 6/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\DARTTR~1\NURB JOY FILM.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\WINDOWS\trun.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YServer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Documents and Settings\JOHN WYCKOFF\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = allaboutsearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.us/browser/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.us/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GREY ROAM] C:\PROGRA~1\DARTTR~1\NURB JOY FILM.exe

O4 - HKLM\..\Run: [MSConfig Manager] C:\WINDOWS\msupdate.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TimeService] C:\WINDOWS\trun.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [MSConfig Manager] C:\WINDOWS\msupdate.exe

O4 - HKCU\..\Run: [TimeService] C:\WINDOWS\trun.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

First thing to do is go to Add/Remove Programs in Control Panel and uninstall WinTools.

 

After doing that, go back into HijackThis and, with all browsers closed, remove the following:

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = allaboutsearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.us/browser/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.us/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O4 - HKLM\..\Run: [GREY ROAM] C:\PROGRA~1\DARTTR~1\NURB JOY FILM.exe

O4 - HKLM\..\Run: [MSConfig Manager] C:\WINDOWS\msupdate.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [TimeService] C:\WINDOWS\trun.exe

O4 - HKCU\..\Run: [MSConfig Manager] C:\WINDOWS\msupdate.exe

O4 - HKCU\..\Run: [TimeService] C:\WINDOWS\trun.exe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab

 

Note: Some of these items may not be there after WinTools is uninstalled.

 

Next, change setting to show hidden files (click here to see how to do this).

 

Next, restart in Safe Mode by repeatedly hitting F8 during bootup until a menu shows up. Choose Safe Mode from this menu.

 

While in Safe Mode, delete the following files:

 

C:\PROGRA~1\DARTTR~1\NURB JOY FILM.exe

C:\WINDOWS\msupdate.exe

C:\WINDOWS\trun.exe

 

and this directory/folder:

 

C:\Program Files\Common files\WinTools

 

Finally, reboot and post a new log.

 

-- LB

Edited by VashonDude

Share this post


Link to post
Share on other sites

OK LB,

I deleted everything you said except for a couple things that I couldn't find after startup... such as:

 

C:\WINDOWS\trun.exe

C:\Program Files\Common files\WinTools

.........................................................................

 

I also found the following in my Add/Remove programs and wondered if they were things i want to delete?

 

Deal Helper

PGate Basic

Window Search

.........................................................................

 

I am still getting popus.....lol. Am I looking in the wrong spot for some of these files ?

 

Here is my new log after deleteing what I could... Thanks again for all your help.

 

Logfile of HijackThis v1.97.7

Scan saved at 1:45:32 PM, on 6/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Documents and Settings\JOHN WYCKOFF\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Those pop-ups may be coming from Windows Messenger (not to be confused with MSN Messenger). See this article on how to stop it from happening.

 

As for those 3 programs in Add/Remove programs, the 1'st 2 are probably bad based on what I've found in Google search and probably can be removed. The 3'rd one I'm not sure of. I couldn't find any evidence of these programs running, so they're probably not there.

 

Report back on the pop-up problem once you've done the above fix.

 

-- LB

Share this post


Link to post
Share on other sites

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0