• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
stacyrings

Can't get rid of TV Media and pop-ups

5 posts in this topic

I run Adaware and Spybot about every other day and I have Yahoo toolbar with pop-up blocker enabled, yet I still get pop-ups. I downloaded HijackThis today and was able to get rid of nearly everything bad except TV Media. I'm wondering if that could be my problem. Or even if it isn't, maybe someone can see what the problem is by checking my log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:07:22 PM, on 6/22/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\ePOAgent\naimas32.exe

C:\WINNT\System32\NALNTSRV.EXE

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\wm.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\SxgTkBar.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINNT\System32\dpmw32.exe

C:\WINNT\system32\NWTRAY.EXE

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\ePOAgent\naimag32.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Novell\GroupWise\Notify.exe

C:\Novell\GroupWise\GrpWise.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/my.jsp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.myway.com/my.jsp

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

N3 - Netscape 7: # Mozilla User Preferences

 

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

 

user_pref("aim.internal.buddy.MaxBuddies", 220);

user_pref("aim.internal.intproxyprotocol", 1);

user_pref("aim.session.finishedwizard", true);

user_pref("aim.session.firsttime", false);

user_pref("aim.session.screenname", "stacyrings");

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.activation.screenname", "stacyrings");

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.check_doc_frequency", 1);

user_pref("browser.cache.disk.parent_directory", "C:\\Documents and Settings\\screecy\\Application Data\\Mozilla\\Profiles\\default\\db59swn4.slt");

user_pref("browser.display.screen_resolution", 96);

use

N3 - Netscape 7: # Mozilla User Preferences

 

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

 

user_pref("aim.internal.buddy.MaxBuddies", 220);

user_pref("aim.internal.intproxyprotocol", 1);

user_pref("aim.session.finishedwizard", true);

user_pref("aim.session.firsttime", false);

user_pref("aim.session.screenname", "stacyrings");

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.activation.screenname", "stacyrings");

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.check_doc_frequency", 1);

user_pref("browser.cache.disk.parent_directory", "C:\\Documents and Settings\\screecy\\Application Data\\Mozilla\\Profiles\\default\\db59swn4.slt");

user_pref("browser.display.screen_resolution", 96);

use

O1 - Hosts: 198.215.148.80 ocmc_gis

O1 - Hosts: 192.10.2.3 timon (Primary DNS)

O1 - Hosts: 198.215.144.1 bigd (Secondary DNS)

O1 - Hosts: 198.215.144.2 bigtex (Email Server)

O1 - Hosts: 198.215.144.3 webster

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3DF73DF8-41E2-4fc2-8CBF-4B9407433755} - C:\WINNT\System32\AlxTB.dll (disabled by BHODemon)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe

O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [NaimAgent_UI] C:\ePOAgent\naimag32.exe

O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MICROS~2\Office\bots\fp_wmp\regprop.exe C:\PROGRA~1\MICROS~2\Office\bots\fp_wmp\WMPaddin.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [clspat] C:\WINNT\clspat.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Startup: GroupWise 5.lnk = C:\Novell\GroupWise\GrpWise.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://www.paypal.com

O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet/domino/domino-ob-assets.cab

O16 - DPF: First Class Solitaire by pogo - http://solitaire43.pogo.com/applet/solitai...2-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbin...o-ob-assets.cab

O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback...k-ob-assets.cab

O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab

O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab

O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/f...l-ob-assets.cab

O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab

O16 - DPF: Poppit TM by pogo - http://poppit25.pogo.com/applet/poppit/poppit-ob-assets.cab

O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchi...s-ob-assets.cab

O16 - DPF: Sweet Tooth TM by pogo - http://sweet05.pogo.com/applet/sweettooth/...h-ob-assets.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: Turbo 21 TM by pogo - http://turbo21.pogo.com/applet/turbo21/turbo21-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (12.0)) - http://up.webphotos.com/lead/ltocx12n.cab

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/265bbf99f1aa33600917/netzip/RdxIE.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7655.3561574074

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/test/ACNePlayer.cab

O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://up.webphotos.com/upload/XUpload.ocx

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....iof5_3_16_0.cab

O16 - DPF: {F167B843-DB78-4966-8D48-B4A1EA465CFC} (MediaManager Class) - http://www.mydiscgear.com/download/discware.cab

O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{388F5AB2-6538-41C9-B519-368C5B98343E}: NameServer = 172.16.2.54,172.16.2.55

O17 - HKLM\System\CS1\Services\Tcpip\..\{388F5AB2-6538-41C9-B519-368C5B98343E}: NameServer = 172.16.2.54,172.16.2.55

O17 - HKLM\System\CS2\Services\Tcpip\..\{388F5AB2-6538-41C9-B519-368C5B98343E}: NameServer = 172.16.2.54,172.16.2.55

 

Thanks for your help!

Stacy

Share this post


Link to post
Share on other sites

Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

 

Check the following items in HijackThis.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/my.jsp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.myway.com/my.jsp

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

 

(if you do not recognize the following program, then I suggest you delete it)

O4 - HKLM\..\Run: [clspat] C:\WINNT\clspat.exe

 

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

 

Close all windows except HijackThis and click Fix checked.

 

Reboot in Safe Mode*, delete the following: (you may need to show hidden files**)

C:\Program Files\TV Media\ <-- delete folder

 

 

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406

**Show Hidden and System files and folders

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

 

Reboot in normal mode.

 

Run HiJackThis again and post a new log in this thread.

Share this post


Link to post
Share on other sites

I made the changes you suggested and here is my new Hijack This log.

When I started IE, I got the about:blank for my start page. Other than that, I haven't surfed around enough to see if everything is fixed. How does my log look now?

 

Thanks

Stacy

 

Logfile of HijackThis v1.97.7

Scan saved at 11:44:53 AM, on 7/6/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\ePOAgent\naimas32.exe

C:\WINNT\System32\NALNTSRV.EXE

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\wm.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\SxgTkBar.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINNT\system32\NWTRAY.EXE

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\ePOAgent\naimag32.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Novell\GroupWise\Notify.exe

C:\Novell\GroupWise\GrpWise.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll (file missing)

N3 - Netscape 7: # Mozilla User Preferences

 

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

 

user_pref("aim.internal.buddy.MaxBuddies", 220);

user_pref("aim.internal.intproxyprotocol", 1);

user_pref("aim.session.finishedwizard", true);

user_pref("aim.session.firsttime", false);

user_pref("aim.session.screenname", "stacyrings");

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.activation.screenname", "stacyrings");

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.check_doc_frequency", 1);

user_pref("browser.cache.disk.parent_directory", "C:\\Documents and Settings\\screecy\\Application Data\\Mozilla\\Profiles\\default\\db59swn4.slt");

user_pref("browser.display.screen_resolution", 96);

use

N3 - Netscape 7: # Mozilla User Preferences

 

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

 

user_pref("aim.internal.buddy.MaxBuddies", 220);

user_pref("aim.internal.intproxyprotocol", 1);

user_pref("aim.session.finishedwizard", true);

user_pref("aim.session.firsttime", false);

user_pref("aim.session.screenname", "stacyrings");

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.activation.screenname", "stacyrings");

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.check_doc_frequency", 1);

user_pref("browser.cache.disk.parent_directory", "C:\\Documents and Settings\\screecy\\Application Data\\Mozilla\\Profiles\\default\\db59swn4.slt");

user_pref("browser.display.screen_resolution", 96);

use

O1 - Hosts: 198.215.148.80 ocmc_gis

O1 - Hosts: 192.10.2.3 timon (Primary DNS)

O1 - Hosts: 198.215.144.1 bigd (Secondary DNS)

O1 - Hosts: 198.215.144.2 bigtex (Email Server)

O1 - Hosts: 198.215.144.3 webster

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3DF73DF8-41E2-4fc2-8CBF-4B9407433755} - C:\WINNT\System32\AlxTB.dll (disabled by BHODemon)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe

O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MICROS~2\Office\bots\fp_wmp\regprop.exe C:\PROGRA~1\MICROS~2\Office\bots\fp_wmp\WMPaddin.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [NaimAgent_UI] C:\ePOAgent\naimag32.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - Startup: GroupWise 5.lnk = C:\Novell\GroupWise\GrpWise.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://www.paypal.com

O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet/domino/domino-ob-assets.cab

O16 - DPF: First Class Solitaire by pogo - http://solitaire43.pogo.com/applet/solitai...2-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbin...o-ob-assets.cab

O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback...k-ob-assets.cab

O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab

O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab

O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/f...l-ob-assets.cab

O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab

O16 - DPF: Poppit TM by pogo - http://poppit25.pogo.com/applet/poppit/poppit-ob-assets.cab

O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchi...s-ob-assets.cab

O16 - DPF: Sweet Tooth TM by pogo - http://sweet05.pogo.com/applet/sweettooth/...h-ob-assets.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: Turbo 21 TM by pogo - http://turbo21.pogo.com/applet/turbo21/turbo21-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (12.0)) - http://up.webphotos.com/lead/ltocx12n.cab

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/265bbf99f1aa33600917/netzip/RdxIE.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7655.3561574074

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/test/ACNePlayer.cab

O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://up.webphotos.com/upload/XUpload.ocx

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....iof5_3_16_0.cab

O16 - DPF: {F167B843-DB78-4966-8D48-B4A1EA465CFC} (MediaManager Class) - http://www.mydiscgear.com/download/discware.cab

O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{388F5AB2-6538-41C9-B519-368C5B98343E}: NameServer = 172.16.2.54,172.16.2.55

O17 - HKLM\System\CS1\Services\Tcpip\..\{388F5AB2-6538-41C9-B519-368C5B98343E}: NameServer = 172.16.2.54,172.16.2.55

O17 - HKLM\System\CS2\Services\Tcpip\..\{388F5AB2-6538-41C9-B519-368C5B98343E}: NameServer = 172.16.2.54,172.16.2.55

Share this post


Link to post
Share on other sites

Check the following items in HiJackThis:

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll (file missing)

 

O2 - BHO: (no name) - {3DF73DF8-41E2-4fc2-8CBF-4B9407433755} - C:\WINNT\System32\AlxTB.dll (disabled by BHODemon)

 

Close all open windows except HiJackThis and press 'Fix Checked'.

 

 

At last, your system is clean and free of spyware! Want to keep it that way?

 

Here are some simple steps you can take to reduce the chance of infection in the future.

 

1. Visit Windows Update: <-- YOU NEED TO DO THIS!!

Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.

a. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

 

1. Adjust your security settings for ActiveX:]

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the

second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.

 

2. Download and install the following free programs

a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html

c. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm

 

1. Install Spyware Detection and Removal Programs:

You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

a. AdAware: http://www.lavasoft.de/

b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download

 

 

For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

 

 

Good luck, and thanks for coming to our forums for help with your security and malware issues.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0