Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT LOG - amyost


  • This topic is locked This topic is locked
4 replies to this topic

#1 AmyOst

AmyOst

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:12:08 PM

Posted 15 October 2004 - 10:59 AM

having problems... thanks

Logfile of HijackThis v1.98.2
Scan saved at 11:57:58 AM, on 10/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
C:\Program Files\StarBand\Mission Control\TaskBarClient.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\SEC\secsys.exe
C:\Program Files\McAfee\QuickClean\PlgUni.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
C:\Program Files\Gilat\NetAgent.exe
C:\PROGRA~1\StarBand\MISSIO~1\evrep.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~2\bin\IBMAIN.EXE
C:\WINDOWS\SYSTEM32\?hkdsk.exe
C:\HJT\HijackThisnew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amyost.homestead.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.starband.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amyost.homestead.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9877
F3 - REG:win.ini: run=hpfsched
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://amyost.homestead.com/"); (C:\Documents and Settings\New\Application Data\Mozilla\Profiles\default\bci26gp3.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\New\Application Data\Mozilla\Profiles\default\bci26gp3.slt\prefs.js)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IBBHO - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\Program Files\IncrediBar\bin\IBBHO.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
O2 - BHO: Go.com - {4E7BD74F-2B8D-469E-DDF9-BF2CF4D5FA7D} - C:\WINDOWS\DOWNLO~1\go.dll
O2 - BHO: (no name) - {6BAE1671-E733-14E4-8756-64557C807E4C} - C:\WINDOWS\system32\fgmqdruo.dll
O2 - BHO: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBToolBar.dll
O3 - Toolbar: Go.com - {4E7BD74F-2B8D-469E-DDF9-BF2CF4D5FA7D} - C:\WINDOWS\DOWNLO~1\go.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HsuGuiControl] C:\Program Files\StarBand\\Mission Control\HsuGui\HsuGuiControl.exe
O4 - HKLM\..\Run: [NettGain2000 Verifier] C:\Program Files\Flash Networks\NettGain2000\Bst\NettGain2000 Verifier.exe
O4 - HKLM\..\Run: [TaskBarClient] C:\Program Files\StarBand\\Mission Control\TaskBarClient.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunServices: [NettGain2000] C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\Program Files\IncrediBar\bin\IBToolBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: GO Messenger - {16E505F2-96ED-11D3-B986-00A0C99FB02A} - C:\PROGRAM FILES\DISNEY\MESSENGER\dismsgr.exe
O9 - Extra 'Tools' menuitem: GO Messenger - {16E505F2-96ED-11D3-B986-00A0C99FB02A} - C:\PROGRAM FILES\DISNEY\MESSENGER\dismsgr.exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)
O9 - Extra 'Tools' menuitem: Homepage Protector - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://register.starband.net
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/b...n-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: Dominoes by pogo - http://domino16.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbin...o-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet/mahjong/ma...g-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/f...l-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks06.pogo.com/applet/pirate...d-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit12.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchi...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet02.pogo.com/applet/sweettooth/...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo11.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GINSOLITAIRE Class) - http://66.98.132.156/g_bin_eng/solitaire_2_0_0_9.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...53f0b8000e16d52
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GINCARDS Class) - http://66.98.132.156/g_bin/cards_2_0_0_36.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WOODTV
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4E7BD74F-2B8D-469E-DDF9-BF2CF4D5FA7D} (Go.com) - http://www.go.com/static/toolbar/go.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6BC013D0-77D9-11D5-AB95-0050DA664D35} - https://myaccounts.nationalcity.com/apps/in...r/Yodelizer.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wo...be/wordcube.cab
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www1.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/customerxsigned32.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://62.39.141.135/tools/FlipsideWebLauncherControl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://www.imagicgames.com/java2/cabs/swing.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n6/dlhelper.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.48.49/g_bin/eng/wordssingle_2_0_0_28.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.casinofortune.com/CasinoFortune/FlashAX.cab
O16 - DPF: {DA04CC86-07A5-11D5-A700-0001031AD955} (TP_live Control) - http://www.homestead.com/~site/InstallFile...ive/TP_live.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play05.pogo.com/game/deluxe/zuma/popcaploader_v5.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://engine.vogclub.com/activex/vogweb29.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F5692A44-3746-4CAE-BAEB-10FB33E38DD4} (VMSwitcher Class) - http://www.seeyouagainsoftware.com/shared/cands.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - AppInit_DLLs: PAVWAIT.DLL

BC AdBot (Login to Remove)

 


#2 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:05:08 PM

Posted 16 October 2004 - 03:38 AM

Hi,

Having a look.

#3 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:05:08 PM

Posted 16 October 2004 - 04:18 AM

Go to Add/Remove Programs, remove any instance of;

AWS

Next:

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)

O2 - BHO: Go.com - {4E7BD74F-2B8D-469E-DDF9-BF2CF4D5FA7D} - C:\WINDOWS\DOWNLO~1\go.dll

O2 - BHO: (no name) - {6BAE1671-E733-14E4-8756-64557C807E4C} - C:\WINDOWS\system32\fgmqdruo.dll

O2 - BHO: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

O3 - Toolbar: Go.com - {4E7BD74F-2B8D-469E-DDF9-BF2CF4D5FA7D} - C:\WINDOWS\DOWNLO~1\go.dll

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
<<Did you set these? if so keep them, if not fix them.

O9 - Extra button: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)

O9 - Extra 'Tools' menuitem: Homepage Protector - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)

O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - a7e161c3ed3145177aa9473f21905ed9c41b7d2a74453da448:956c7825bb9fee07153f0b8000e16d52" target=_blankhttp://public.windupdates.com/get_file.php...53f0b8000e16d52

O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab

Restart your computer in
Safe Mode Also make sure you show hidden and system files Then delete the following files or folders as indicated below if they still show:

Not all or any of these may still show,

C:\PROGRA~1\AWS<<Folder
C:\WINDOWS\SYSTEM32\?hkdsk.exe
C:\WINDOWS\DOWNLO~1\go.dll
C:\WINDOWS\system32\fgmqdruo.dll
C:\WINDOWS\system32\msbe.dll

Reboot in Normal Mode, then post a fresh logfile so that I can check to see if it is clean.

#4 AmyOst

AmyOst
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:12:08 PM

Posted 16 October 2004 - 11:40 AM

Okay before I do this, I pay for weatherbug I pay for Incredimail. Both of these are ad-free. Do any of the files you mention belong to these 2 programs? Thanks.

#5 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:05:08 PM

Posted 16 October 2004 - 02:18 PM

Yes Weatherbug is one of the offenders. You have the choice whether you take it out then.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users