Thanx, ElectricEd52!
I used to have a Yahoo icon on desktop. How do I get it back?
Just clicking on "Remember my ID on this computer" doesn't work (Yahoo). How do I fix that? Thanx, ElectricEd52!
Edited by electriced52, 24 February 2004 - 10:21 PM.
SYSTEM ERROR: Code 1400
Started by
electriced52
, Feb 22 2004 12:57 AM
#1
Posted 22 February 2004 - 12:57 AM
electriced52
-
- Member
-
- 5 posts
New Member
Thanx, ElectricEd52!
I used to have a Yahoo icon on desktop. How do I get it back?
Just clicking on "Remember my ID on this computer" doesn't work (Yahoo). How do I fix that? Thanx, ElectricEd52!
#2
Posted 22 February 2004 - 09:10 AM
admin
-
- Community Leader
-
- 24,639 posts
Founder Geek
Welcome electriced52 
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.
Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.
Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.
Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.
Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
#3
Posted 24 February 2004 - 10:13 PM
electriced52
- Topic Starter
-
- Member
-
- 5 posts
New Member
Logfile of HijackThis v1.97.7
Scan saved at 10:51:03 PM, on 2/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\PBar\Services\Popup\Popup Destroyer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {687C7EE8-4D54-11D7-9B69-0050DABF55DD} - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {42132494-F48F-4187-ABC8-0F343AD2E465} - C:\WINDOWS\System32\pbshmd.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_64.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &wordIQ - {CA1D1B05-9C66-11D5-A009-000103C1E50B} - C:\WINDOWS\System32\pbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7938.6697569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA782779-C03B-40B0-A0BF-AEF209AAE2A3}: NameServer = 206.47.244.53 206.47.244.136
Scan saved at 10:51:03 PM, on 2/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\PBar\Services\Popup\Popup Destroyer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {687C7EE8-4D54-11D7-9B69-0050DABF55DD} - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {42132494-F48F-4187-ABC8-0F343AD2E465} - C:\WINDOWS\System32\pbshmd.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_64.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &wordIQ - {CA1D1B05-9C66-11D5-A009-000103C1E50B} - C:\WINDOWS\System32\pbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7938.6697569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA782779-C03B-40B0-A0BF-AEF209AAE2A3}: NameServer = 206.47.244.53 206.47.244.136
#4
Posted 24 February 2004 - 10:17 PM
admin
-
- Community Leader
-
- 24,639 posts
Founder Geek
Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.
Let's start with a couple of free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run Spybot Search & Destroy.
Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.
When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log we'll likely have some more cleaning up to do.
CLICK HERE to download CWShredder
CLICK HERE to download Spybot S&D
Let's start with a couple of free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run Spybot Search & Destroy.
Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.
When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log we'll likely have some more cleaning up to do.
CLICK HERE to download CWShredder
CLICK HERE to download Spybot S&D
#5
Posted 25 February 2004 - 12:07 AM
electriced52
- Topic Starter
-
- Member
-
- 5 posts
New Member
Logfile of HijackThis v1.97.7
Scan saved at 12:59:56 AM, on 2/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {687C7EE8-4D54-11D7-9B69-0050DABF55DD} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {42132494-F48F-4187-ABC8-0F343AD2E465} - C:\WINDOWS\System32\pbshmd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &wordIQ - {CA1D1B05-9C66-11D5-A009-000103C1E50B} - C:\WINDOWS\System32\pbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7938.6697569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA782779-C03B-40B0-A0BF-AEF209AAE2A3}: NameServer = 206.47.244.108 206.47.244.87
Scan saved at 12:59:56 AM, on 2/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {687C7EE8-4D54-11D7-9B69-0050DABF55DD} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {42132494-F48F-4187-ABC8-0F343AD2E465} - C:\WINDOWS\System32\pbshmd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &wordIQ - {CA1D1B05-9C66-11D5-A009-000103C1E50B} - C:\WINDOWS\System32\pbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7938.6697569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA782779-C03B-40B0-A0BF-AEF209AAE2A3}: NameServer = 206.47.244.108 206.47.244.87
#6
Posted 25 February 2004 - 02:22 PM
admin
-
- Community Leader
-
- 24,639 posts
Founder Geek
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {687C7EE8-4D54-11D7-9B69-0050DABF55DD} - (no file)
O2 - BHO: (no name) - {42132494-F48F-4187-ABC8-0F343AD2E465} - C:\WINDOWS\System32\pbshmd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &wordIQ - {CA1D1B05-9C66-11D5-A009-000103C1E50B} - C:\WINDOWS\System32\pbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
Reboot your PC.
If you would please, rescan with HijackThis and post a fresh log.
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pbar.net/PBar...FIHBzQNXDBHTHTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {687C7EE8-4D54-11D7-9B69-0050DABF55DD} - (no file)
O2 - BHO: (no name) - {42132494-F48F-4187-ABC8-0F343AD2E465} - C:\WINDOWS\System32\pbshmd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &wordIQ - {CA1D1B05-9C66-11D5-A009-000103C1E50B} - C:\WINDOWS\System32\pbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
Reboot your PC.
If you would please, rescan with HijackThis and post a fresh log.
#7
Posted 26 February 2004 - 10:59 PM
electriced52
- Topic Starter
-
- Member
-
- 5 posts
New Member
Logfile of HijackThis v1.97.7
Scan saved at 11:47:01 PM, on 2/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7938.6697569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA782779-C03B-40B0-A0BF-AEF209AAE2A3}: NameServer = 206.47.244.54 206.47.244.91
First, thanx 4 everything, second I did this yesterday(last night, this morning, whatever)and I saw it posted but today it's not here, so I do it again. Third, a few of the items to check weren't there. I described them as best I could yesterday, but today I forget which ones weren't there. Anyway, the above is the new scan.
Oh, and today the error didn't show up! Is it cured? Please send some kind of reply so I can express my gratitude! ElectricEd52!
Scan saved at 11:47:01 PM, on 2/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7938.6697569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA782779-C03B-40B0-A0BF-AEF209AAE2A3}: NameServer = 206.47.244.54 206.47.244.91
First, thanx 4 everything, second I did this yesterday(last night, this morning, whatever)and I saw it posted but today it's not here, so I do it again. Third, a few of the items to check weren't there. I described them as best I could yesterday, but today I forget which ones weren't there. Anyway, the above is the new scan.
Oh, and today the error didn't show up! Is it cured? Please send some kind of reply so I can express my gratitude! ElectricEd52!
Edited by electriced52, 26 February 2004 - 11:01 PM.
#8
Posted 26 February 2004 - 11:40 PM
admin
-
- Community Leader
-
- 24,639 posts
Founder Geek
Your system looks clean...
To avoid these "nasties" in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.
SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.
More info and download is available at:
SpywareBlaster: http://www.javacools...areblaster.html
SpywareGuard: http://www.wildersse...ywareguard.html
IE/Spyad places over 4000 websites and domains in the IE Restricted list which will several impair attempts to infect your system. It is free.
More info and download is available at:
IE/Spyad:
http://www.staff.uiu...es/resource.htm
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
AdAware can be found at: http://www.lavasoft....ftware/adaware/
SpyBot &&D can be found at: http://security.koll...n&page=download
To avoid these "nasties" in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.
SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.
More info and download is available at:
SpywareBlaster: http://www.javacools...areblaster.html
SpywareGuard: http://www.wildersse...ywareguard.html
IE/Spyad places over 4000 websites and domains in the IE Restricted list which will several impair attempts to infect your system. It is free.
More info and download is available at:
IE/Spyad:
http://www.staff.uiu...es/resource.htm
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
AdAware can be found at: http://www.lavasoft....ftware/adaware/
SpyBot &&D can be found at: http://security.koll...n&page=download
#9
Posted 27 February 2004 - 12:25 AM
electriced52
- Topic Starter
-
- Member
-
- 5 posts
New Member
So it looks like you didn't get yesterday's (or however you look at it with your time perspective) message. I forgot to mention above(again);
what do I do with all these backup icons on my screen? And if you would be so kind, see the 2 stupid ?'s I edited into the original message.
At the top.
So it looks like it's cured? WoW! THANX!!!!!!!! I just did 4 surveys that I had accumulated because I always got stuck on the error, so that's twice today on the internet clicking things and nothing happened!
I've got great feedback for you if you have a place to put it.
And just so you stay in business long enough to help me next time, I'll drop a $50CAbuck donation!
Don't erase this site--you stillhave to tell me what to do with all the icons, then I'll download the recommended spyware, etc. Should I uninstall all previous spy-ad-ware-etc. before installing yours?
Hey, my next beer's dedicated 2 U!!!
P.S.: Figured they charged $US so I only sent $35. Please pardon any misunderstandings in case of error about $50CAbucks.
what do I do with all these backup icons on my screen? And if you would be so kind, see the 2 stupid ?'s I edited into the original message.
At the top.
So it looks like it's cured? WoW! THANX!!!!!!!! I just did 4 surveys that I had accumulated because I always got stuck on the error, so that's twice today on the internet clicking things and nothing happened!
I've got great feedback for you if you have a place to put it.
And just so you stay in business long enough to help me next time, I'll drop a $50CAbuck donation!
Don't erase this site--you stillhave to tell me what to do with all the icons, then I'll download the recommended spyware, etc. Should I uninstall all previous spy-ad-ware-etc. before installing yours?
Hey, my next beer's dedicated 2 U!!!
P.S.: Figured they charged $US so I only sent $35. Please pardon any misunderstandings in case of error about $50CAbucks.
Edited by electriced52, 27 February 2004 - 12:46 AM.
#10
Posted 27 February 2004 - 08:12 AM
admin
-
- Community Leader
-
- 24,639 posts
Founder Geek
I'm not sure what happened to your post yesterday? We don't delete any posts from this forum, and we didn't get any database errors indicating any problems?
If you haven't noticed any new problems with your system, it's safe to remove the Hijack This folder and backups.
Be careful installing spyware programs, many will actually install spyware! We highly recommend Spybot S&D and Ad-aware (they're also free). Aluria's Spyware Eliminator and Spycop are also a couple very good commercial programs.
P.S. On behalf of all Geeks To Go members, thank you for the generous donation!
Comments and Suggestions
If you haven't noticed any new problems with your system, it's safe to remove the Hijack This folder and backups.
Be careful installing spyware programs, many will actually install spyware! We highly recommend Spybot S&D and Ad-aware (they're also free). Aluria's Spyware Eliminator and Spycop are also a couple very good commercial programs.
P.S. On behalf of all Geeks To Go members, thank you for the generous donation!
Comments and Suggestions
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
