Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

 
Closed TopicStart new topic
> Trojans, TrojanDownloaders, IE won't work either
TexasAngel67
post Mar 8 2005, 05:52 PM
Post #1


Bleeping Helper
******

Group: Members
Posts: 1,551
Joined: 13-August 04
From: Fort Worth
Member No.: 2,035
Spy Sweeper found 27 items, 493 traces. I don't have the purchased version so they wouldn't remove anything. It found ShopAtHomeSelect, FavoriteMan, WildMedia, Virtual Bouncer, TV Media, CCBill Cookies, Com.Com Cookies, Version Tracker, Syncro Ad, BlazeFind, Ad Destroyer, Look2Me, SearchAssistant, 1st Bar, CWS_NS3, CometCursor, BroadCast, and 168 traces of TrojanHorse. 2nd Thought.
ASquared (can't find the little 2 on my Character Map) found 4 items still today. I updated all of my programs, ran them all in Safe Mode last night. I wanted to set a SR point this morning but the Trojans remain. Trojan and TrojanDownloader. They were found in c:\_RESTORE\TEMP\ under 4 different file names. I need to disable SR and run my programs once again in Safe Mode - is that right? I don't know the steps to remove the Trojans and other baddies. Here's the Log.

Logfile of HijackThis v1.99.0
Scan saved at 4:40:50 PM, on 3/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.31/ho...m-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2.29/jum...e-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/chec...s-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-5.9.5.37/keno/keno-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.3.28/worl...s-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.1.0.39/popf...u-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.1.3.21/gin/gin-ob-assets.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/vid...k-ob-assets.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-6.1.1.29/peak...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.1.1.29...d-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.2.21/euc...e-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.1.1.29...h-ob-assets.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Payday FreeCell by pogo - http://game5.pogo.com/applet-6.1.3.21/free...l-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.5.30/spa...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.4.37/...n-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6.1.0.39...l-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.1.1.21/hea...s-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribb...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.9.5.30/turb...1-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool...l-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.1.0.39/bac...n-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/che...2-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.5.37...s-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9.5.37/...k-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.3.28/chec...g-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.1.3.21/cana...a-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.3.21/mahj...g-ob-assets.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.3.28/soli...2-ob-assets.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.9.2.38/s...2-ob-assets.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6.1.0.39...o-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-6.0.2.29/vid...d-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.3.29/slot...a-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.1.1.21/mlsl...s-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.29/popp...t-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.1.3.28/word...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game5.pogo.com/applet-6.1.3.21/domi...o-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.1.1.29/pino...e-ob-assets.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigs...w-ob-assets.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.39/paig...w-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.1.0.39/aces...s-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game4.pogo.com/applet-6.0.3.28/quic...t-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game5.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.37/spid...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.37/word...p-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.1.0.39/slot...i-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-6.1.1.21/bin...e-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.3.28/lott...o-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.4.22/blac...k-ob-assets.cab

Thanks.


--------------------
HijackThis Download

Our Tutorials
Go to the top of the page
 
+Quote Post
Daisuke
post Mar 9 2005, 05:10 PM
Post #2


Cleaner on Duty
******

Group: HJT Team
Posts: 5,480
Joined: 1-September 04
From: Bucharest, Romania
Member No.: 2,383
QUOTE
I need to disable SR and run my programs once again in Safe Mode - is that right?

Yes and yes run an AV.


Download System Security Suite here:
System Security Suite Download. Unzip it to your desktop. Install the program. Don't use it yet.

Please print or copy these instructions because you are not able to access the Internet in SafeMode.

Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run HijackThis!, press Scan, and put a check mark next to all these:

O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL (file missing)


Close all other windows and browsers, and press the Fix Checked button.

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT normally.

Run HijackThis! again and post a new log please.


--------------------


Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?
Go to the top of the page
 
+Quote Post
TexasAngel67
post Mar 10 2005, 03:43 AM
Post #3


Bleeping Helper
******

Group: Members
Posts: 1,551
Joined: 13-August 04
From: Fort Worth
Member No.: 2,035
Thanks Daisuke. I followed your instructions. I haven't enabled SR yet but would like to so that I could set a new Restore Point. If my programs don't find any viruses, would I just enable SR, then create a Restore Point or do I reboot after enabling? If any of them find the virus, I'll post back.
Here's the log.

Logfile of HijackThis v1.99.0
Scan saved at 2:36:34 AM, on 3/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.31/ho...m-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2.29/jum...e-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/chec...s-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-5.9.5.37/keno/keno-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.3.28/worl...s-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.1.3.21/gin/gin-ob-assets.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/vid...k-ob-assets.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-6.1.1.29/peak...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.1.1.29...d-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.2.21/euc...e-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.1.1.29...h-ob-assets.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Payday FreeCell by pogo - http://game5.pogo.com/applet-6.1.3.21/free...l-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.5.30/spa...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.4.37/...n-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6.1.0.39...l-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.1.4.22/hear...s-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribb...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.9.5.30/turb...1-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool...l-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.1.0.39/bac...n-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/che...2-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.5.37...s-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9.5.37/...k-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.3.28/chec...g-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.1.3.21/cana...a-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.3.21/mahj...g-ob-assets.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.3.28/soli...2-ob-assets.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.9.2.38/s...2-ob-assets.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6.1.0.39...o-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-6.0.2.29/vid...d-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.3.29/slot...a-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.1.1.21/mlsl...s-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.29/popp...t-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.1.3.28/word...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game5.pogo.com/applet-6.1.3.21/domi...o-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.1.1.29/pino...e-ob-assets.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigs...w-ob-assets.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.39/paig...w-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.1.0.39/aces...s-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game4.pogo.com/applet-6.0.3.28/quic...t-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game5.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.37/spid...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.37/word...p-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.1.0.39/slot...i-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-6.1.1.21/bin...e-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.4.22/lott...o-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.4.22/blac...k-ob-assets.cab

Thanks very much.


--------------------
HijackThis Download

Our Tutorials
Go to the top of the page
 
+Quote Post
Daisuke
post Mar 10 2005, 03:47 AM
Post #4


Cleaner on Duty
******

Group: HJT Team
Posts: 5,480
Joined: 1-September 04
From: Bucharest, Romania
Member No.: 2,383
QUOTE
If my programs don't find any viruses, would I just enable SR, then create a Restore Point or do I reboot after enabling?

Disable SR
REBOOT
Enable SR

QUOTE
If any of them find the virus, I'll post back.

OK

Your log looks clean.


--------------------


Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?
Go to the top of the page
 
+Quote Post
TexasAngel67
post Mar 10 2005, 03:00 PM
Post #5


Bleeping Helper
******

Group: Members
Posts: 1,551
Joined: 13-August 04
From: Fort Worth
Member No.: 2,035
Thanks again. Everything is now clean and a new Restore Point has been set.
I guess my mouse is ready for the trash and replaced. The cursor moves by itself but it's not 'clicking' on anything. Just moves up or down. It's clean so I guess it's dying, lol.


--------------------
HijackThis Download

Our Tutorials
Go to the top of the page
 
+Quote Post
Daisuke
post Mar 10 2005, 03:59 PM
Post #6


Cleaner on Duty
******

Group: HJT Team
Posts: 5,480
Joined: 1-September 04
From: Bucharest, Romania
Member No.: 2,383
You're welcome '67 smile.gif.



Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

This post has been edited by Daisuke: Mar 26 2005, 05:22 AM


--------------------


Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 9th January 2009 - 06:29 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Malware Removal Guides

© 2003-2008 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.