Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Amazing AUTO Search?Give me a break!

Started by CluelessGirl , Apr 20 2004 10:07 PM

  • Please log in to reply

#1
CluelessGirl
Posted 20 April 2004 - 10:07 PM

CluelessGirl

    Member

  • Member
  • PipPip
  • 11 posts
<_< Ok,so I RAN Ad-Aware 6.0,and RAN SpyBot.They cleaned most of this virus out.(I got this virus from an MP3)The thing is,when I right click anywhere on my IE toolbar it says at the bottom "two intra body".Thats the toolbar that keeps popping up.Its spying on me because when I searched for "Good Charlotte" on yahoo it said "Band photos,Good Charlotte" and other buttons came up on the toolbar.I searched for two intra body on Files and Folders.Nothing pops up!Any suggestions for NON Virus Ad/Virus Removing Scanners?

I have:

-Norton Anti Virus
-Ad Aware 6.0 Lavasoft
-Spybot

Is there anyway I could manually delete this virus!?
  • 0

Advertisements

#2
ditto
Posted 20 April 2004 - 11:30 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Welcome <_< ,

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.


~ditto
  • 0

#3
CluelessGirl
Posted 21 April 2004 - 12:17 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok,thanks. <_<
  • 0

#4
CluelessGirl
Posted 21 April 2004 - 12:52 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.97.7
Scan saved at 1:17:00 PM, on 4/21/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\POWERS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\CREATIVEBASE\JOYEACH.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\WSCRIPT.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PROFILES\ICEXFIREXGIRL\DESKTOP\AIM TOOLS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...p://about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\PROGRAM FILES\WHISTLESOFTWARE\WSELSERVICES\WHISTLEHELPER.DLL (file missing)
O2 - BHO: (no name) - {53F85D89-7F70-604D-5FA8-2A011AE28227} - C:\PROGRAM FILES\MEOWCHINMAPI\SIXTH BAGS.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: two intra body - {5D18465C-6510-504D-C3E6-368E5A70F28E} - C:\PROGRAM FILES\MEOWCHINMAPI\SIXTH BAGS.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [msc] C:\WINDOWS\TEMP\
O4 - HKLM\..\Run: [KEYWORD] C:\WINDOWS\DESKTOP\KEYWORD.EXE
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\SYSTEM\PTRUN32\PTRUN32.exe -startup
O4 - HKLM\..\Run: [WebInstall2] C:\PROGRAM FILES\CLIPGENIE\WEBINSTALL.EXE /R
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [messmfcd] C:\PROGRA~1\CREATIVEBASE\Joyeach.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security\NISSERV.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\SYSTEM\PTRUN32\PTR32W.exe
O4 - Global Startup: Search.vbs
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Whistle (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O15 - Trusted Zone: www.godlikeproductions.com
O15 - Trusted Zone: www.rense.com
O15 - Trusted Zone: www.bored.com
O15 - Trusted Zone: www.neopets.com
O15 - Trusted Zone: www.buddy4u.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7973.7051736111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.aimthings...ks/v1/setup.exe
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.c...ass/one2one.cab
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2B} (LAInstaller Class) - http://www.cantoche....2/LAinstall.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downlo.../netia32_EN.cab
  • 0

#5
CluelessGirl
Posted 21 April 2004 - 01:05 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Please help me!!^ :D <_<
  • 0

#6
CluelessGirl
Posted 21 April 2004 - 01:05 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
<_< :D
  • 0

#7
CluelessGirl
Posted 21 April 2004 - 01:07 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello?My pcs driving ME nutty!This things shared by too many ppl! <_<
  • 0

#8
CluelessGirl
Posted 21 April 2004 - 01:08 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ditto are you there? <_<
  • 0

#9
ditto
Posted 21 April 2004 - 01:13 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Hey there!

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu). Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...p://about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\PROGRAM FILES\WHISTLESOFTWARE\WSELSERVICES\WHISTLEHELPER.DLL (file missing)
O2 - BHO: (no name) - {53F85D89-7F70-604D-5FA8-2A011AE28227} - C:\PROGRAM FILES\MEOWCHINMAPI\SIXTH BAGS.DLL
O3 - Toolbar: two intra body - {5D18465C-6510-504D-C3E6-368E5A70F28E} - C:\PROGRAM FILES\MEOWCHINMAPI\SIXTH BAGS.DLL
O4 - HKLM\..\Run: [KEYWORD] C:\WINDOWS\DESKTOP\KEYWORD.EXE
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - Global Startup: Search.vbs


I'll have to check this file, but you can check the files above.
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe


Reboot your PC.
If you would please, rescan with HijackThis and post a fresh log.

~ditto
  • 0

#10
CluelessGirl
Posted 21 April 2004 - 01:16 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay,Thankyou SO much,I`ll print this and restart/rescan,brb
  • 0

#11
ditto
Posted 21 April 2004 - 01:22 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
I just notice something else. Please download these The Cleaner. It is a trojan removal program

Click here to download The Cleaner
  • 0

#12
CluelessGirl
Posted 21 April 2004 - 01:43 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Oh my goodness!The toolbars gone!!No trace of it!Thankyou so much!This is the new list,I know I didnt get them all,but I got nine.Please tell me again what to delete.

New list:

Logfile of HijackThis v1.97.7
Scan saved at 2:33:06 PM, on 4/21/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PROFILES\ICEXFIREXGIRL\DESKTOP\AIM TOOLS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kljjqa.t.muxa.cc/s.php?aid=446 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kljjqa.t.muxa.cc/s.php?aid=446 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kljjqa.t.muxa.cc/s.php?aid=446 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [msc] C:\WINDOWS\TEMP\
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\SYSTEM\PTRUN32\PTRUN32.exe -startup
O4 - HKLM\..\Run: [WebInstall2] C:\PROGRAM FILES\CLIPGENIE\WEBINSTALL.EXE /R
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [messmfcd] C:\PROGRA~1\CREATIVEBASE\Joyeach.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security\NISSERV.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\SYSTEM\PTRUN32\PTR32W.exe
O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Whistle (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O15 - Trusted Zone: www.godlikeproductions.com
O15 - Trusted Zone: www.rense.com
O15 - Trusted Zone: www.bored.com
O15 - Trusted Zone: www.neopets.com
O15 - Trusted Zone: www.buddy4u.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7973.7051736111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.aimthings...ks/v1/setup.exe
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://www.one2one.c.../one2oneSvc.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.c...ass/one2one.cab
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2B} (LAInstaller Class) - http://www.cantoche....2/LAinstall.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downlo.../netia32_EN.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

<_<
  • 0

#13
CluelessGirl
Posted 21 April 2004 - 01:48 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I still think I have other stuff though,Spyware Blaster pulled up ONE MILLION items..geez
  • 0

#14
ditto
Posted 21 April 2004 - 01:48 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kljjqa.t.muxa.cc/s.php?aid=446 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kljjqa.t.muxa.cc/s.php?aid=446 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kljjqa.t.muxa.cc/s.php?aid=446 (obfuscated)

This was a real quick look. I will look at it more tonight or another moderator will step in. I have to go to an engineering meeting and dinner.

Reboot your PC.
If you would please, rescan with HijackThis and post a fresh log.

good luck
ditto
  • 0

#15
CluelessGirl
Posted 21 April 2004 - 01:52 PM

CluelessGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
<_< Ok,thanks.
  • 0
Back to Windows 98™, 95, ME · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows 98™, 95, ME

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP