xlime problem!!!! H........E........L......P!!!!

Discussion in 'adware, spyware & hijack cleaning' started by Fly Guy, May 17, 2004.

Thread Status:
Not open for further replies.
  1. Fly Guy

    Fly Guy Registered Member

    Joined:
    May 17, 2004
    Posts:
    6
    Hi!

    I too am having problems with xlime and could use a little help. I have used spybot and then hijackthis. Listed below is the resulting log. I first noticed I was having problems while using IE. I would get eight or so pop ups that would quit responding and then lock up IE. This has been a learning experience but mostly a drag...please, please have mercy on me and tell me what needs to be removed from this log!!!!!!!!!

    Thank you sooooooooooooooooooo much,

    Fly Guy

    Logfile of HijackThis v1.97.7
    Scan saved at 12:18:44 PM, on 5/17/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Default\My Documents\Temp Download\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [ZDConfig] "C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Fill Forms (HKLM)
    O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
    O9 - Extra button: Save (HKLM)
    O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
    O9 - Extra button: RoboForm (HKLM)
    O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16e562fd12d0637ae405/netzip/RdxIE2.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
     
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Hello,

    Fix the following entries in HijackThis,

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16e562fd12d063...tzip/RdxIE2.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsol...ArcadeRdxIE.cab

    Reboot and then download Ad-Aware and run complete scan. Reboot and post a fresh log

    Regards
     
  3. Fly Guy

    Fly Guy Registered Member

    Joined:
    May 17, 2004
    Posts:
    6
    Hi and thank you!

    OK, used spybot, hijack this and now here is the ad aware log. If I can impose on you once again, could you please look this over and tell me what to remove?

    Thank you!

    Fly Guy :D



    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Tuesday, May 18, 2004 12:14:32 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R304 16.05.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    5-18-2004 12:14:33 PM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 5-18-2004 4:06:20 PM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 5-18-2004 4:06:28 PM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 5-18-2004 4:06:29 PM
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 8/18/2001 12:00:00 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 5-18-2004 4:06:29 PM
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 8/18/2001 12:00:00 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 5-18-2004 4:06:29 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/18/2001 12:00:00 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-18-2004 4:06:29 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/18/2001 12:00:00 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:7 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 5-18-2004 4:06:31 PM
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 8/18/2001 12:00:00 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:8 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 5-18-2004 4:06:40 PM
    BasePriority : Normal
    FileSize : 977 KB
    FileVersion : 6.00.2600.0000 (xpclient.010817-114:cool:
    ProductVersion : 6.00.2600.0000
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 8/18/2001 12:00:00 PM
    Last accessed : 5/18/2004 4:06:58 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:9 [mdm.exe]
    FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
    ThreadCreationTime : 5-18-2004 4:06:41 PM
    BasePriority : Normal
    FileSize : 264 KB
    FileVersion : 7.00.9064.9150
    ProductVersion : 7.00.9064.9150
    Copyright : Copyright (C) Microsoft Corp. 1997-2000
    CompanyName : Microsoft Corporation
    FileDescription : Machine Debug Manager
    InternalName : mdm.exe
    OriginalFilename : mdm.exe
    ProductName : Microsoft Development Environment
    Created on : 2/23/2001 3:07:30 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 2/23/2001 3:07:30 PM

    #:10 [hpztsb04.exe]
    FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
    ThreadCreationTime : 5-18-2004 4:06:41 PM
    BasePriority : Normal
    FileSize : 192 KB
    FileVersion : 2,80,0,0
    ProductVersion : 2,80,0,0
    Copyright : Copyright (c) Hewlett-Packard Company 1999-2001
    CompanyName : HP
    ProductName : HP DeskJet
    Created on : 6/28/2002 12:42:50 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 10/25/2001 2:55:01 PM

    #:11 [navapsvc.exe]
    FilePath : C:\Program Files\Norton AntiVirus\
    ThreadCreationTime : 5-18-2004 4:06:41 PM
    BasePriority : Normal
    FileSize : 113 KB
    FileVersion : 8.07.17
    ProductVersion : 8.07.17
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    OriginalFilename : NAVAPSVC.EXE
    ProductName : Norton AntiVirus
    Created on : 8/5/2002 5:53:32 PM
    Last accessed : 5/18/2004 4:05:22 PM
    Last modified : 2/27/2002 3:29:26 PM

    #:12 [point32.exe]
    FilePath : C:\Program Files\Microsoft Hardware\Mouse\
    ThreadCreationTime : 5-18-2004 4:06:41 PM
    BasePriority : Normal
    FileSize : 164 KB
    FileVersion : 4.00.0657.1
    ProductVersion : 4.0
    Copyright : Copyright (C) Microsoft Corp. 1983-2001
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft IntelliPoint
    InternalName : POINT32
    OriginalFilename : POINT32.EXE
    ProductName : Microsoft IntelliPoint
    Created on : 8/24/2001 1:37:39 AM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 8/24/2001 1:37:39 AM

    #:13 [navapw32.exe]
    FilePath : C:\PROGRA~1\NORTON~1\
    ThreadCreationTime : 5-18-2004 4:06:41 PM
    BasePriority : Normal
    FileSize : 73 KB
    FileVersion : 8.07.17
    ProductVersion : 8.07.17
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Agent
    InternalName : NAVAPW32
    OriginalFilename : NAVAPW32.EXE
    ProductName : Norton AntiVirus
    Created on : 8/5/2002 5:53:32 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 2/27/2002 3:27:58 PM

    #:14 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ThreadCreationTime : 5-18-2004 4:06:42 PM
    BasePriority : Normal
    FileSize : 148 KB
    FileVersion : 0.1.0.1622
    ProductVersion : 0.1.0.1622
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    OriginalFilename : realsched.exe
    ProductName : RealOne Player (32-bit)
    Created on : 9/16/2002 1:12:09 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 4/4/2003 2:56:16 PM

    #:15 [tgcmd.exe]
    FilePath : C:\Program Files\Support.com\bin\
    ThreadCreationTime : 5-18-2004 4:06:42 PM
    BasePriority : Normal
    FileSize : 1804 KB
    FileVersion : 5,5,700,0
    ProductVersion : 5,5,700,0
    Copyright : Copyright 1997-2069 Support.com
    CompanyName : Support.com, Inc.
    FileDescription : Support.com Scheduler and Command Dispatcher
    InternalName : TGCMD
    OriginalFilename : TGCMD.EXE
    ProductName : Support.com Scheduler and Command Dispatcher
    Created on : 1/31/2003 10:20:16 AM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 5/14/2003 10:21:28 AM

    #:16 [zdconfig.exe]
    FilePath : C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\
    ThreadCreationTime : 5-18-2004 4:06:42 PM
    BasePriority : Normal
    FileSize : 180 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright (C) 2002
    FileDescription : ZDConfig MFC Application
    InternalName : ZDConfig
    OriginalFilename : ZDConfig.EXE
    ProductName : ZDConfig Application
    Created on : 4/12/2004 3:40:03 PM
    Last accessed : 5/18/2004 4:06:42 PM
    Last modified : 4/23/2003 11:30:40 PM

    #:17 [ctfmon.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-18-2004 4:06:42 PM
    BasePriority : Normal
    FileSize : 13 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    OriginalFilename : CTFMON.EXE
    ProductName : Microsoft
    Created on : 8/18/2001 12:00:00 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:18 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-18-2004 4:06:42 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/18/2001 12:00:00 PM
    Last accessed : 5/18/2004 4:06:18 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:19 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ThreadCreationTime : 5-18-2004 4:06:56 PM
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2600.0000 (xpclient.010817-114:cool:
    ProductVersion : 6.00.2600.0000
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Microsoft
    Created on : 2/18/2001 4:20:37 PM
    Last accessed : 5/18/2004 4:06:58 PM
    Last modified : 8/18/2001 12:00:00 PM

    #:20 [ad-aware.exe]
    FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
    ThreadCreationTime : 5-18-2004 4:13:20 PM
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 5/18/2004 4:12:56 PM
    Last accessed : 5/18/2004 4:12:57 PM
    Last modified : 7/13/2003 1:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Alexa Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


    HotBar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbara


    HotBar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbarb


    HotBar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbarc


    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\twaintec


    HotBar Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    Value : {B195B3B3-8A05-11D3-97A4-0004ACA6948E}


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 6
    Objects found so far: 6


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "about:blank"
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "about:blank"


    Redhotnetworks Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/videox.dll


    Redhotnetworks Object recognized!
    Type : File
    Data : videox.dll
    Object : c:\windows\downloaded program files\
    FileSize : 196 KB
    FileVersion : 1, 0, 0, 6
    ProductVersion : 1, 0, 0, 6
    Copyright : Copyright 2000
    FileDescription : VideoX Module
    InternalName : VideoX
    OriginalFilename : VideoX.DLL
    ProductName : VideoX Module
    Created on : 9/20/2000 2:13:46 PM
    Last accessed : 5/18/2004 4:16:29 PM
    Last modified : 9/20/2000 2:13:46 PM



    Redhotnetworks Object recognized!
    Type : RegValue
    Data : c:\windows\downloaded program files\videox.dll
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    Value : C:\WINDOWS\Downloaded Program Files\videox.dll


    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 3
    Objects found so far: 10


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@2o7[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\
    FileSize : 1 KB
    Created on : 4/26/2004 9:08:11 PM
    Last accessed : 5/18/2004 4:17:00 PM
    Last modified : 4/26/2004 9:08:55 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@a.as-us.falkag[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/18/2004 2:20:20 AM
    Last accessed : 5/18/2004 4:17:00 PM
    Last modified : 4/18/2004 9:02:35 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@ad-logics[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/24/2004 7:54:09 PM
    Last accessed : 5/18/2004 4:17:00 PM
    Last modified : 4/24/2004 7:54:09 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@ads.addynamix[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/3/2004 12:00:47 PM
    Last accessed : 5/18/2004 4:17:00 PM
    Last modified : 5/3/2004 12:00:47 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@ads.adsag[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/20/2004 1:19:46 AM
    Last accessed : 5/18/2004 4:17:00 PM
    Last modified : 1/20/2004 1:19:46 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@ads.specificpop[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 2/1/2004 6:13:20 PM
    Last accessed : 5/18/2004 4:17:01 PM
    Last modified : 2/1/2004 6:13:20 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@adserver[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/28/2004 9:23:41 PM
    Last accessed : 5/18/2004 4:17:01 PM
    Last modified : 1/28/2004 9:23:41 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@adserv[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 2/1/2004 6:15:35 PM
    Last accessed : 5/18/2004 4:17:01 PM
    Last modified : 2/1/2004 6:15:38 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@as-us.falkag[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/18/2004 9:02:36 PM
    Last accessed : 5/18/2004 4:17:01 PM
    Last modified : 4/18/2004 9:02:36 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@bluestreak[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/18/2004 12:25:03 PM
    Last accessed : 5/18/2004 4:17:01 PM
    Last modified : 5/18/2004 12:25:03 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@bravenet[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 2/1/2004 6:15:33 PM
    Last accessed : 5/18/2004 4:17:01 PM
    Last modified : 2/1/2004 6:15:36 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@casalemedia[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/23/2004 12:07:22 PM
    Last accessed : 5/18/2004 4:17:02 PM
    Last modified : 4/23/2004 12:07:36 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@centrport[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/24/2004 6:30:22 PM
    Last accessed : 5/18/2004 4:17:02 PM
    Last modified : 4/24/2004 6:30:22 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@cgi-bin[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/24/2004 12:42:38 PM
    Last accessed : 5/18/2004 4:17:02 PM
    Last modified : 1/24/2004 12:42:38 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@cgi-bin[3].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/24/2004 12:43:48 PM
    Last accessed : 5/18/2004 4:17:02 PM
    Last modified : 1/24/2004 12:43:48 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@datecam[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/21/2004 9:56:41 PM
    Last accessed : 5/18/2004 4:17:02 PM
    Last modified : 1/21/2004 9:56:41 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@edge.ru4[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\
    FileSize : 1 KB
    Created on : 5/18/2004 4:10:38 PM
    Last accessed : 5/18/2004 4:10:38 PM
    Last modified : 5/18/2004 4:10:38 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@fastclick[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/26/2004 12:03:38 AM
    Last accessed : 5/18/2004 4:17:02 PM
    Last modified : 4/26/2004 12:03:38 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@gator[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/17/2004 5:14:44 PM
    Last accessed : 5/18/2004 4:17:03 PM
    Last modified : 5/11/2004 4:10:35 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@goclick[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/14/2004 6:34:10 PM
    Last accessed : 5/18/2004 4:17:03 PM
    Last modified : 5/14/2004 6:34:10 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@hc2.humanclick[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/13/2004 9:51:40 PM
    Last accessed : 5/18/2004 4:17:03 PM
    Last modified : 5/13/2004 9:51:40 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@hit1.vioclicks[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/24/2004 12:56:33 PM
    Last accessed : 5/18/2004 4:17:03 PM
    Last modified : 1/24/2004 12:56:33 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@maxserving[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 2/8/2004 7:15:43 PM
    Last accessed : 5/18/2004 4:17:03 PM
    Last modified : 2/8/2004 7:15:43 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@overture[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/14/2004 5:16:14 PM
    Last accessed : 5/18/2004 4:17:04 PM
    Last modified : 5/14/2004 5:16:14 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@peel[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/20/2004 8:58:04 PM
    Last accessed : 5/18/2004 4:17:04 PM
    Last modified : 4/24/2004 2:28:49 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@qksrv[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 2/1/2004 6:13:30 PM
    Last accessed : 5/18/2004 4:17:04 PM
    Last modified : 5/9/2004 10:01:06 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@questionmarket[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/18/2004 12:27:10 PM
    Last accessed : 5/18/2004 4:17:04 PM
    Last modified : 5/18/2004 12:27:10 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@realmedia[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/18/2004 12:15:54 AM
    Last accessed : 5/18/2004 4:17:04 PM
    Last modified : 5/18/2004 12:15:55 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@server.iad.liveperson[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/13/2004 9:57:11 PM
    Last accessed : 5/18/2004 4:17:05 PM
    Last modified : 5/13/2004 9:57:11 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@spylog[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/24/2004 12:55:27 PM
    Last accessed : 5/18/2004 4:17:05 PM
    Last modified : 1/24/2004 12:55:47 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@tmpad[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/17/2004 2:46:28 AM
    Last accessed : 5/18/2004 4:17:05 PM
    Last modified : 4/17/2004 2:46:28 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@trafficmp[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\
    FileSize : 1 KB
    Created on : 5/18/2004 12:13:32 AM
    Last accessed : 5/18/2004 4:17:05 PM
    Last modified : 5/18/2004 12:13:46 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@tribalfusion[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/15/2004 1:21:56 PM
    Last accessed : 5/18/2004 4:09:14 PM
    Last modified : 5/15/2004 1:21:56 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@valueclick[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/13/2004 9:55:30 PM
    Last accessed : 5/18/2004 4:17:06 PM
    Last modified : 5/13/2004 9:55:30 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@webpdp.gator[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 5/16/2004 1:06:00 PM
    Last accessed : 5/18/2004 4:17:06 PM
    Last modified : 5/16/2004 1:06:00 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@[url]www.clickedyclick[/url][2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/27/2004 1:14:44 AM
    Last accessed : 5/18/2004 4:17:06 PM
    Last modified : 1/27/2004 1:14:44 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@xxxcounter[1].txt

    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/24/2004 12:59:45 PM
    Last accessed : 5/18/2004 4:17:08 PM
    Last modified : 1/24/2004 12:59:45 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@z1.adserver[1].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 1/20/2004 4:45:52 PM
    Last accessed : 5/18/2004 4:17:09 PM
    Last modified : 5/18/2004 12:13:28 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : maryann@zedo[2].txt
    Object : C:\Documents and Settings\Maryann\Cookies\

    Created on : 4/25/2004 12:08:28 PM
    Last accessed : 5/18/2004 4:17:09 PM
    Last modified : 5/18/2004 12:13:59 AM


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    HotBar Object recognized!
    Type : Folder
    Object : c:\program files\hbinst


    HotBar Object recognized!
    Type : File
    Data : hbinst.exe
    Object : c:\program files\hbinst\
    FileSize : 364 KB
    FileVersion : 4, 4, 5, 1388
    ProductVersion : 4, 4, 5, 1388
    Copyright : Copyright
    CompanyName : Hotbar.com Inc.
    FileDescription : HbInst Module
    InternalName : HbInst
    OriginalFilename : HbInst.EXE
    ProductName : Hotbar
    Created on : 1/5/2004 8:18:10 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 4/15/2004 12:04:32 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : dummy.htm
    Object : c:\docume~1\maryann\locals~1\temp\

    Created on : 4/21/2004 10:45:58 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 4/21/2004 10:45:58 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twaintec.ini
    Object : c:\docume~1\maryann\locals~1\temp\
    FileSize : 224 KB
    Created on : 4/21/2004 10:46:04 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 12/12/2003 12:45:14 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twtini.cab
    Object : c:\docume~1\maryann\locals~1\temp\
    FileSize : 85 KB
    Created on : 4/21/2004 10:46:04 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 5/4/2004 9:32:12 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twtini.inf
    Object : c:\docume~1\maryann\locals~1\temp\

    Created on : 4/21/2004 10:46:04 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 12/12/2003 12:51:04 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twtini.inf
    Object : c:\windows\inf\

    Created on : 4/21/2004 10:46:04 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 12/12/2003 12:51:04 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : oem14.inf
    Object : c:\windows\lastgood\inf\

    Created on : 7/6/2002 2:34:43 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 7/6/2002 2:34:43 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : oem14.pnf
    Object : c:\windows\lastgood\inf\

    Created on : 7/6/2002 2:34:43 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 7/6/2002 2:34:43 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twtini.inf
    Object : c:\windows\lastgood\inf\

    Created on : 4/21/2004 10:46:05 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 4/21/2004 10:46:05 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twtini.pnf
    Object : c:\windows\lastgood\inf\

    Created on : 4/21/2004 10:46:06 PM
    Last accessed : 5/18/2004 4:18:15 PM
    Last modified : 4/21/2004 10:46:06 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twaintec.dll
    Object : c:\windows\
    FileSize : 136 KB
    FileVersion : 0, 1, 4, 19
    ProductVersion : 0, 1, 4, 19
    Copyright : Copyright
    CompanyName : Twain Tech
    FileDescription : www.twain-tech.com
    InternalName : Twaintec
    OriginalFilename : Twaintec.dll
    ProductName : Twaintec
    Created on : 4/21/2004 10:45:59 PM
    Last accessed : 5/18/2004 4:06:19 PM
    Last modified : 2/11/2004 9:30:52 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twaintec.ini
    Object : c:\windows\
    FileSize : 224 KB
    Created on : 4/21/2004 10:46:04 PM
    Last accessed : 5/18/2004 4:18:16 PM
    Last modified : 12/12/2003 12:45:14 PM



    VX2.BetterInternet Object recognized!
    Type : File
    Data : twaintec.ini
    Object : c:\windows\lastgood\
    FileSize : 232 KB
    Created on : 5/4/2004 5:10:54 PM
    Last accessed : 5/18/2004 4:18:16 PM
    Last modified : 5/4/2004 5:10:49 PM



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 14
    Objects found so far: 63


    12:19:59 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:05:26:78
    Objects scanned :54254
    Objects identified :63
    Objects ignored :0
    New objects :63
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi FlyGuy,

    I have locked the other thread that you started since it was a duplicate post of your Ad-Aware log. Please stay in 'this' thread for all replies until your computer is clean.

    You can fix what Ad-Aware has detected as bad. It will create backups in case you need to restore anything.


    Once you have cleaned with Ad-Aware, please do another scan with HijackThis and post a new HijackThis log here in this thread. You don't need to post another Ad-Aware log. ;)

    Regards,

    snap
     
  5. Fly Guy

    Fly Guy Registered Member

    Joined:
    May 17, 2004
    Posts:
    6
    Hello, Hello...

    Thanking all again for looking at my hijackthis log!!!!!!! I hope I am all clean after this.

    Fly Guy

    Logfile of HijackThis v1.97.7
    Scan saved at 4:19:15 PM, on 5/18/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Default\My Documents\Temp Download\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [ZDConfig] "C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Fill Forms (HKLM)
    O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
    O9 - Extra button: Save (HKLM)
    O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
    O9 - Extra button: RoboForm (HKLM)
    O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
     
  6. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi FlyGuy,

    Looks like Ad-Aware took care of it. Your log is clean. :)

    You really do need to go to Windows Update and get ALL Critical Updates listed for XP and IE6, which will protect you from the many exploits and viruses out there now.
    http://v4.windowsupdate.microsoft.com/

    Also, to stay clean, here is some reading with valuable information and also links to free programs that will help prevent spyware from ever getting on your computer.
    https://www.wilderssecurity.com/showthread.php?t=27971

    Regards,

    snap
     
  7. Fly Guy

    Fly Guy Registered Member

    Joined:
    May 17, 2004
    Posts:
    6
    Thanks again Snap! You guys do a great service.

    Fly Guy :D
     
Thread Status:
Not open for further replies.