Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Look-today menu bar

Started by ozzy , Sep 02 2004 09:43 PM

  • Please log in to reply

#1
ozzy
Posted 02 September 2004 - 09:43 PM

ozzy

    New Member

  • Member
  • Pip
  • 4 posts
The look-today menu bar showed up on my PC about 2 weeks ago and I can't figure out how to get rid of it. When I launch explorer, it redirects my PC to my home page. But it takes longer to get there since it's going through another link to begin with. I think these two are related, but I'm not sure.
  • 0

Advertisements

#2
ditto
Posted 02 September 2004 - 10:53 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
ozzy
Posted 04 September 2004 - 09:09 PM

ozzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

I can't download Hijack this. I can navigate to the Quickstart page, and when I select the Hijack this download, I am directed to this page, http://www.merijn.or.../hijackthis.zip but it says the page is not available. Is this the correct page. or am I being sent somewhere else? <_<
  • 0

#4
ozzy
Posted 05 September 2004 - 10:00 AM

ozzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

I was able to download from the site directly. Here's the log.

Logfile of HijackThis v1.97.7
Scan saved at 10:59:31 AM, on 9/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\NavNT\vptray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = www.omaha.cox.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omaha.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.omaha.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.omaha.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = www.omaha.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://omaha.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ecshkgfiw...4m6Yok2Twa.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://localhost;<local>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.omaha.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.pfxqxnxof...k8dnIf77w.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\17od6c4f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\17od6c4f.slt\prefs.js)
O1 - Hosts: 209.66.115.34 easypic.com
O1 - Hosts: 209.66.115.34 pichunter.com
O1 - Hosts: 209.66.115.34 pussyslot.com
O1 - Hosts: 209.66.115.34 sexocean.com
O1 - Hosts: 209.66.115.34 worldsex.com
O1 - Hosts: 209.66.115.34 www.pichunter.com
O1 - Hosts: 209.66.115.34 www.pussyslot.com
O1 - Hosts: 209.66.115.34 www.worldsex.com
O1 - Hosts: 209.66.115.34 www.pinkworld.com
O1 - Hosts: 209.66.115.34 pinkworld.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {22DA902D-FAF0-10AF-DD98-06A9E8065CD8} - C:\PROGRA~1\MANAGE~1\Pop Program.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7919658B-672E-14F7-8BA1-1D4F2CD3C414} - C:\PROGRA~1\MANAGE~1\Pop Program.exe
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [workflo] E:\install\workflow.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [ROAMHOPE] C:\PROGRA~1\ERRORB~1\RECTSLOW.exe
O4 - HKLM\..\Run: [data deaf heck media] C:\Documents and Settings\All Users\Application Data\eq the data deaf\SIZE ONCE.exe
O4 - HKLM\..\Run: [bib bags sixth mapi] C:\Documents and Settings\All Users\Application Data\Error remote bib bags\About Wait.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1073713887468
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://lnm004/iNotes6.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://lnm004/download/dolcontrol.cab
O16 - DPF: {5E3E59C4-7847-11D0-9081-0080C76A0985} (IPTDImageControl.SImage) - https://i4.tsa.com/C...magecontrol.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...7995.8814930556
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab
O16 - DPF: {B8C0220D-763D-49A4-95F4-61DFDEC66EE6} - http://www.media-upd...vieViewer20.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://i4.tsa.com/c...ex/ikcntrls.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.over...com/WildApp.cab
  • 0

#5
Hemal
Posted 05 September 2004 - 10:57 AM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.

Let's start with a free program. Ad-aware.

Using Ad-aware: Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. <_<

CLICK HERE to download Ad-aware

after

Please run a free online virus scan here (tick the "Auto Clean checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/
  • 0

#6
ozzy
Posted 06 September 2004 - 03:09 PM

ozzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I ran the following programs and rebooted my PC -
Ad Aware - found one piece of spyware
Housecall - found no virus'
The Cleaner - found no trojans.

Most of the time, when I reboot after the PC was shut down abnormally (e.g. power surge/outage), Spy Sweeper tells me that someone was trying to hijack my browser home page. That happened to me this morning (we lost power last night). Whenever this happens, the program also puts This 10 new Favorite folders and desktop shortcuts put on my PC. I believe that these are associated with this look-today toolbar, because they all started happening at the same time.

Here's the current hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 4:09:27 PM, on 9/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = www.omaha.cox.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omaha.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.omaha.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.omaha.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = www.omaha.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://omaha.cox.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hjdxooier...4m6Yok2Twa.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://localhost;<local>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.omaha.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dyyjfnoyi...pk8dnIf77w.htm");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\17od6c4f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\17od6c4f.slt\prefs.js)
O1 - Hosts: 209.66.115.34 easypic.com
O1 - Hosts: 209.66.115.34 pichunter.com
O1 - Hosts: 209.66.115.34 pussyslot.com
O1 - Hosts: 209.66.115.34 sexocean.com
O1 - Hosts: 209.66.115.34 worldsex.com
O1 - Hosts: 209.66.115.34 www.pichunter.com
O1 - Hosts: 209.66.115.34 www.pussyslot.com
O1 - Hosts: 209.66.115.34 www.worldsex.com
O1 - Hosts: 209.66.115.34 www.pinkworld.com
O1 - Hosts: 209.66.115.34 pinkworld.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {22DA902D-FAF0-10AF-DD98-06A9E8065CD8} - C:\PROGRA~1\MANAGE~1\Pop Program.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7919658B-672E-14F7-8BA1-1D4F2CD3C414} - C:\PROGRA~1\MANAGE~1\Pop Program.exe
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [workflo] E:\install\workflow.exe
O4 - HKLM\..\Run: [UpdateMedia] C:\Program Files\MediaUpdate\UpdateMedia.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [ROAMHOPE] C:\PROGRA~1\ERRORB~1\RECTSLOW.exe
O4 - HKLM\..\Run: [data deaf heck media] C:\Documents and Settings\All Users\Application Data\eq the data deaf\SIZE ONCE.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [bib bags sixth mapi] C:\Documents and Settings\All Users\Application Data\Error remote bib bags\Clock online.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1073713887468
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://lnm004/iNotes6.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://lnm004/download/dolcontrol.cab
O16 - DPF: {5E3E59C4-7847-11D0-9081-0080C76A0985} (IPTDImageControl.SImage) - https://i4.tsa.com/C...magecontrol.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...7995.8814930556
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab
O16 - DPF: {B8C0220D-763D-49A4-95F4-61DFDEC66EE6} - http://www.media-upd...vieViewer20.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://i4.tsa.com/c...ex/ikcntrls.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.over...com/WildApp.cab

Thanks for your help,
Ozzy
  • 0

#7
freek
Posted 07 September 2004 - 02:24 PM

freek

    Member

  • Member
  • PipPipPip
  • 167 posts
Ok, this right here provided by AOL INSTANT MESSENGER is a Spyware program, C:\Program Files\AWS\WeatherBug\Weather.exe. Delete this, if you must use a weather program, I'm 95% certain that WeatherChannel.com's program is spyware free. I also think this is provided by a Spyware company: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe, But I'm not completely sure.

This is also Spyware, it is found on my computer, mine also, almost every week so I'm familiar <_<. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hjdxooier...4m6Yok2Twa.html

Try Manually Deleting that Folder (The Folder Being Microsoft\Internet Explorer\Search, Search Assistant\). I hope this helps you on your journey to a faster and more efficient computer!!
  • 0

#8
ditto
Posted 07 September 2004 - 02:55 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hjdxooier...4m6Yok2Twa.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dyyjfnoyi...pk8dnIf77w.htm");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\17od6c4f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\17od6c4f.slt\prefs.js)
O1 - Hosts: 209.66.115.34 easypic.com
O1 - Hosts: 209.66.115.34 pichunter.com
O1 - Hosts: 209.66.115.34 pussyslot.com
O1 - Hosts: 209.66.115.34 sexocean.com
O1 - Hosts: 209.66.115.34 worldsex.com
O1 - Hosts: 209.66.115.34 www.pichunter.com
O1 - Hosts: 209.66.115.34 www.pussyslot.com
O1 - Hosts: 209.66.115.34 www.worldsex.com
O1 - Hosts: 209.66.115.34 www.pinkworld.com
O1 - Hosts: 209.66.115.34 pinkworld.com
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [data deaf heck media] C:\Documents and Settings\All Users\Application Data\eq the data deaf\SIZE ONCE.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [bib bags sixth mapi] C:\Documents and Settings\All Users\Application Data\Error remote bib bags\Clock online.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<
  • 0
Back to Web Browsers and Email · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Software
  3. Web Browsers and Email

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP