xlime problem!!!! H........E........L......P!!!!

Hi!

I too am having problems with xlime and could use a little help. I have used spybot and then hijackthis. Listed below is the resulting log. I first noticed I was having problems while using IE. I would get eight or so pop ups that would quit responding and then lock up IE. This has been a learning experience but mostly a drag...please, please have mercy on me and tell me what needs to be removed from this log!!!!!!!!!

Thank you sooooooooooooooooooo much,

Fly Guy

Logfile of HijackThis v1.97.7
Scan saved at 12:18:44 PM, on 5/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Default\My Documents\Temp Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [ZDConfig] "C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16e562fd12d0637ae405/netzip/RdxIE2.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

 

Hello,

Fix the following entries in HijackThis,

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16e562fd12d063...tzip/RdxIE2.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsol...ArcadeRdxIE.cab

Reboot and then download Ad-Aware and run complete scan. Reboot and post a fresh log

Regards

 

Hi and thank you!

OK, used spybot, hijack this and now here is the ad aware log. If I can impose on you once again, could you please look this over and tell me what to remove?

Thank you!

Fly Guy



Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, May 18, 2004 12:14:32 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R304 16.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


5-18-2004 12:14:33 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-18-2004 4:06:20 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5-18-2004 4:06:28 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-18-2004 4:06:29 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 8/18/2001 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-18-2004 4:06:29 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 8/18/2001 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-18-2004 4:06:29 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 8/18/2001 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-18-2004 4:06:29 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 8/18/2001 12:00:00 PM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-18-2004 4:06:31 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 8/18/2001 12:00:00 PM

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-18-2004 4:06:40 PM
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-114
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 5/18/2004 4:06:58 PM
Last modified : 8/18/2001 12:00:00 PM

#:9 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ThreadCreationTime : 5-18-2004 4:06:41 PM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
Copyright : Copyright (C) Microsoft Corp. 1997-2000
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft Development Environment
Created on : 2/23/2001 3:07:30 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 2/23/2001 3:07:30 PM

#:10 [hpztsb04.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ThreadCreationTime : 5-18-2004 4:06:41 PM
BasePriority : Normal
FileSize : 192 KB
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
Copyright : Copyright (c) Hewlett-Packard Company 1999-2001
CompanyName : HP
ProductName : HP DeskJet
Created on : 6/28/2002 12:42:50 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 10/25/2001 2:55:01 PM

#:11 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 5-18-2004 4:06:41 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 8/5/2002 5:53:32 PM
Last accessed : 5/18/2004 4:05:22 PM
Last modified : 2/27/2002 3:29:26 PM

#:12 [point32.exe]
FilePath : C:\Program Files\Microsoft Hardware\Mouse\
ThreadCreationTime : 5-18-2004 4:06:41 PM
BasePriority : Normal
FileSize : 164 KB
FileVersion : 4.00.0657.1
ProductVersion : 4.0
Copyright : Copyright (C) Microsoft Corp. 1983-2001
CompanyName : Microsoft Corporation
FileDescription : Microsoft IntelliPoint
InternalName : POINT32
OriginalFilename : POINT32.EXE
ProductName : Microsoft IntelliPoint
Created on : 8/24/2001 1:37:39 AM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 8/24/2001 1:37:39 AM

#:13 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ThreadCreationTime : 5-18-2004 4:06:41 PM
BasePriority : Normal
FileSize : 73 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 8/5/2002 5:53:32 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 2/27/2002 3:27:58 PM

#:14 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 5-18-2004 4:06:42 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 9/16/2002 1:12:09 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 4/4/2003 2:56:16 PM

#:15 [tgcmd.exe]
FilePath : C:\Program Files\Support.com\bin\
ThreadCreationTime : 5-18-2004 4:06:42 PM
BasePriority : Normal
FileSize : 1804 KB
FileVersion : 5,5,700,0
ProductVersion : 5,5,700,0
Copyright : Copyright 1997-2069 Support.com
CompanyName : Support.com, Inc.
FileDescription : Support.com Scheduler and Command Dispatcher
InternalName : TGCMD
OriginalFilename : TGCMD.EXE
ProductName : Support.com Scheduler and Command Dispatcher
Created on : 1/31/2003 10:20:16 AM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 5/14/2003 10:21:28 AM

#:16 [zdconfig.exe]
FilePath : C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\
ThreadCreationTime : 5-18-2004 4:06:42 PM
BasePriority : Normal
FileSize : 180 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2002
FileDescription : ZDConfig MFC Application
InternalName : ZDConfig
OriginalFilename : ZDConfig.EXE
ProductName : ZDConfig Application
Created on : 4/12/2004 3:40:03 PM
Last accessed : 5/18/2004 4:06:42 PM
Last modified : 4/23/2003 11:30:40 PM

#:17 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-18-2004 4:06:42 PM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 8/18/2001 12:00:00 PM

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-18-2004 4:06:42 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 5/18/2004 4:06:18 PM
Last modified : 8/18/2001 12:00:00 PM

#:19 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 5-18-2004 4:06:56 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-114
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 2/18/2001 4:20:37 PM
Last accessed : 5/18/2004 4:06:58 PM
Last modified : 8/18/2001 12:00:00 PM

#:20 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 5-18-2004 4:13:20 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/18/2004 4:12:56 PM
Last accessed : 5/18/2004 4:12:57 PM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbara


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbarb


HotBar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbarc


VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\twaintec


HotBar Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : {B195B3B3-8A05-11D3-97A4-0004ACA6948E}


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 6
Objects found so far: 6


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"


Redhotnetworks Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/videox.dll


Redhotnetworks Object recognized!
Type : File
Data : videox.dll
Object : c:\windows\downloaded program files\
FileSize : 196 KB
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
Copyright : Copyright 2000
FileDescription : VideoX Module
InternalName : VideoX
OriginalFilename : VideoX.DLL
ProductName : VideoX Module
Created on : 9/20/2000 2:13:46 PM
Last accessed : 5/18/2004 4:16:29 PM
Last modified : 9/20/2000 2:13:46 PM



Redhotnetworks Object recognized!
Type : RegValue
Data : c:\windows\downloaded program files\videox.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\videox.dll


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 3
Objects found so far: 10


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : maryann@2o7[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\
FileSize : 1 KB
Created on : 4/26/2004 9:08:11 PM
Last accessed : 5/18/2004 4:17:00 PM
Last modified : 4/26/2004 9:08:55 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@a.as-us.falkag[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/18/2004 2:20:20 AM
Last accessed : 5/18/2004 4:17:00 PM
Last modified : 4/18/2004 9:02:35 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@ad-logics[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/24/2004 7:54:09 PM
Last accessed : 5/18/2004 4:17:00 PM
Last modified : 4/24/2004 7:54:09 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@ads.addynamix[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/3/2004 12:00:47 PM
Last accessed : 5/18/2004 4:17:00 PM
Last modified : 5/3/2004 12:00:47 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@ads.adsag[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/20/2004 1:19:46 AM
Last accessed : 5/18/2004 4:17:00 PM
Last modified : 1/20/2004 1:19:46 AM



Tracking Cookie Object recognized!
Type : File
Data : maryann@ads.specificpop[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 2/1/2004 6:13:20 PM
Last accessed : 5/18/2004 4:17:01 PM
Last modified : 2/1/2004 6:13:20 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@adserver[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/28/2004 9:23:41 PM
Last accessed : 5/18/2004 4:17:01 PM
Last modified : 1/28/2004 9:23:41 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@adserv[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 2/1/2004 6:15:35 PM
Last accessed : 5/18/2004 4:17:01 PM
Last modified : 2/1/2004 6:15:38 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@as-us.falkag[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/18/2004 9:02:36 PM
Last accessed : 5/18/2004 4:17:01 PM
Last modified : 4/18/2004 9:02:36 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@bluestreak[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/18/2004 12:25:03 PM
Last accessed : 5/18/2004 4:17:01 PM
Last modified : 5/18/2004 12:25:03 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@bravenet[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 2/1/2004 6:15:33 PM
Last accessed : 5/18/2004 4:17:01 PM
Last modified : 2/1/2004 6:15:36 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@casalemedia[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/23/2004 12:07:22 PM
Last accessed : 5/18/2004 4:17:02 PM
Last modified : 4/23/2004 12:07:36 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@centrport[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/24/2004 6:30:22 PM
Last accessed : 5/18/2004 4:17:02 PM
Last modified : 4/24/2004 6:30:22 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@cgi-bin[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/24/2004 12:42:38 PM
Last accessed : 5/18/2004 4:17:02 PM
Last modified : 1/24/2004 12:42:38 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@cgi-bin[3].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/24/2004 12:43:48 PM
Last accessed : 5/18/2004 4:17:02 PM
Last modified : 1/24/2004 12:43:48 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@datecam[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/21/2004 9:56:41 PM
Last accessed : 5/18/2004 4:17:02 PM
Last modified : 1/21/2004 9:56:41 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@edge.ru4[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\
FileSize : 1 KB
Created on : 5/18/2004 4:10:38 PM
Last accessed : 5/18/2004 4:10:38 PM
Last modified : 5/18/2004 4:10:38 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@fastclick[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/26/2004 12:03:38 AM
Last accessed : 5/18/2004 4:17:02 PM
Last modified : 4/26/2004 12:03:38 AM



Tracking Cookie Object recognized!
Type : File
Data : maryann@gator[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/17/2004 5:14:44 PM
Last accessed : 5/18/2004 4:17:03 PM
Last modified : 5/11/2004 4:10:35 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@goclick[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/14/2004 6:34:10 PM
Last accessed : 5/18/2004 4:17:03 PM
Last modified : 5/14/2004 6:34:10 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@hc2.humanclick[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/13/2004 9:51:40 PM
Last accessed : 5/18/2004 4:17:03 PM
Last modified : 5/13/2004 9:51:40 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@hit1.vioclicks[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/24/2004 12:56:33 PM
Last accessed : 5/18/2004 4:17:03 PM
Last modified : 1/24/2004 12:56:33 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@maxserving[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 2/8/2004 7:15:43 PM
Last accessed : 5/18/2004 4:17:03 PM
Last modified : 2/8/2004 7:15:43 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@overture[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/14/2004 5:16:14 PM
Last accessed : 5/18/2004 4:17:04 PM
Last modified : 5/14/2004 5:16:14 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@peel[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/20/2004 8:58:04 PM
Last accessed : 5/18/2004 4:17:04 PM
Last modified : 4/24/2004 2:28:49 AM



Tracking Cookie Object recognized!
Type : File
Data : maryann@qksrv[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 2/1/2004 6:13:30 PM
Last accessed : 5/18/2004 4:17:04 PM
Last modified : 5/9/2004 10:01:06 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@questionmarket[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/18/2004 12:27:10 PM
Last accessed : 5/18/2004 4:17:04 PM
Last modified : 5/18/2004 12:27:10 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@realmedia[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/18/2004 12:15:54 AM
Last accessed : 5/18/2004 4:17:04 PM
Last modified : 5/18/2004 12:15:55 AM



Tracking Cookie Object recognized!
Type : File
Data : maryann@server.iad.liveperson[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/13/2004 9:57:11 PM
Last accessed : 5/18/2004 4:17:05 PM
Last modified : 5/13/2004 9:57:11 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@spylog[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/24/2004 12:55:27 PM
Last accessed : 5/18/2004 4:17:05 PM
Last modified : 1/24/2004 12:55:47 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@tmpad[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/17/2004 2:46:28 AM
Last accessed : 5/18/2004 4:17:05 PM
Last modified : 4/17/2004 2:46:28 AM



Tracking Cookie Object recognized!
Type : File
Data : maryann@trafficmp[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\
FileSize : 1 KB
Created on : 5/18/2004 12:13:32 AM
Last accessed : 5/18/2004 4:17:05 PM
Last modified : 5/18/2004 12:13:46 AM



Tracking Cookie Object recognized!
Type : File
Data : maryann@tribalfusion[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/15/2004 1:21:56 PM
Last accessed : 5/18/2004 4:09:14 PM
Last modified : 5/15/2004 1:21:56 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@valueclick[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/13/2004 9:55:30 PM
Last accessed : 5/18/2004 4:17:06 PM
Last modified : 5/13/2004 9:55:30 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@webpdp.gator[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 5/16/2004 1:06:00 PM
Last accessed : 5/18/2004 4:17:06 PM
Last modified : 5/16/2004 1:06:00 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@[url]www.clickedyclick[/url][2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/27/2004 1:14:44 AM
Last accessed : 5/18/2004 4:17:06 PM
Last modified : 1/27/2004 1:14:44 AM



Tracking Cookie Object recognized!
Type : File
Data : maryann@xxxcounter[1].txt

Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/24/2004 12:59:45 PM
Last accessed : 5/18/2004 4:17:08 PM
Last modified : 1/24/2004 12:59:45 PM



Tracking Cookie Object recognized!
Type : File
Data : maryann@z1.adserver[1].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 1/20/2004 4:45:52 PM
Last accessed : 5/18/2004 4:17:09 PM
Last modified : 5/18/2004 12:13:28 AM



Tracking Cookie Object recognized!
Type : File
Data : maryann@zedo[2].txt
Object : C:\Documents and Settings\Maryann\Cookies\

Created on : 4/25/2004 12:08:28 PM
Last accessed : 5/18/2004 4:17:09 PM
Last modified : 5/18/2004 12:13:59 AM


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

HotBar Object recognized!
Type : Folder
Object : c:\program files\hbinst


HotBar Object recognized!
Type : File
Data : hbinst.exe
Object : c:\program files\hbinst\
FileSize : 364 KB
FileVersion : 4, 4, 5, 1388
ProductVersion : 4, 4, 5, 1388
Copyright : Copyright
CompanyName : Hotbar.com Inc.
FileDescription : HbInst Module
InternalName : HbInst
OriginalFilename : HbInst.EXE
ProductName : Hotbar
Created on : 1/5/2004 8:18:10 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 4/15/2004 12:04:32 PM



VX2.BetterInternet Object recognized!
Type : File
Data : dummy.htm
Object : c:\docume~1\maryann\locals~1\temp\

Created on : 4/21/2004 10:45:58 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 4/21/2004 10:45:58 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twaintec.ini
Object : c:\docume~1\maryann\locals~1\temp\
FileSize : 224 KB
Created on : 4/21/2004 10:46:04 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 12/12/2003 12:45:14 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twtini.cab
Object : c:\docume~1\maryann\locals~1\temp\
FileSize : 85 KB
Created on : 4/21/2004 10:46:04 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 5/4/2004 9:32:12 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twtini.inf
Object : c:\docume~1\maryann\locals~1\temp\

Created on : 4/21/2004 10:46:04 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 12/12/2003 12:51:04 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twtini.inf
Object : c:\windows\inf\

Created on : 4/21/2004 10:46:04 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 12/12/2003 12:51:04 PM



VX2.BetterInternet Object recognized!
Type : File
Data : oem14.inf
Object : c:\windows\lastgood\inf\

Created on : 7/6/2002 2:34:43 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 7/6/2002 2:34:43 PM



VX2.BetterInternet Object recognized!
Type : File
Data : oem14.pnf
Object : c:\windows\lastgood\inf\

Created on : 7/6/2002 2:34:43 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 7/6/2002 2:34:43 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twtini.inf
Object : c:\windows\lastgood\inf\

Created on : 4/21/2004 10:46:05 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 4/21/2004 10:46:05 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twtini.pnf
Object : c:\windows\lastgood\inf\

Created on : 4/21/2004 10:46:06 PM
Last accessed : 5/18/2004 4:18:15 PM
Last modified : 4/21/2004 10:46:06 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twaintec.dll
Object : c:\windows\
FileSize : 136 KB
FileVersion : 0, 1, 4, 19
ProductVersion : 0, 1, 4, 19
Copyright : Copyright
CompanyName : Twain Tech
FileDescription : www.twain-tech.com
InternalName : Twaintec
OriginalFilename : Twaintec.dll
ProductName : Twaintec
Created on : 4/21/2004 10:45:59 PM
Last accessed : 5/18/2004 4:06:19 PM
Last modified : 2/11/2004 9:30:52 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twaintec.ini
Object : c:\windows\
FileSize : 224 KB
Created on : 4/21/2004 10:46:04 PM
Last accessed : 5/18/2004 4:18:16 PM
Last modified : 12/12/2003 12:45:14 PM



VX2.BetterInternet Object recognized!
Type : File
Data : twaintec.ini
Object : c:\windows\lastgood\
FileSize : 232 KB
Created on : 5/4/2004 5:10:54 PM
Last accessed : 5/18/2004 4:18:16 PM
Last modified : 5/4/2004 5:10:49 PM



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 14
Objects found so far: 63


12:19:59 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:05:26:78
Objects scanned :54254
Objects identified :63
Objects ignored :0
New objects :63

 

Hi FlyGuy,

I have locked the other thread that you started since it was a duplicate post of your Ad-Aware log. Please stay in 'this' thread for all replies until your computer is clean.

You can fix what Ad-Aware has detected as bad. It will create backups in case you need to restore anything.


Once you have cleaned with Ad-Aware, please do another scan with HijackThis and post a new HijackThis log here in this thread. You don't need to post another Ad-Aware log.

Regards,

snap

 

Hello, Hello...

Thanking all again for looking at my hijackthis log!!!!!!! I hope I am all clean after this.

Fly Guy

Logfile of HijackThis v1.97.7
Scan saved at 4:19:15 PM, on 5/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Default\My Documents\Temp Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [ZDConfig] "C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

 

Hi FlyGuy,

Looks like Ad-Aware took care of it. Your log is clean.

You really do need to go to Windows Update and get ALL Critical Updates listed for XP and IE6, which will protect you from the many exploits and viruses out there now.
http://v4.windowsupdate.microsoft.com/

Also, to stay clean, here is some reading with valuable information and also links to free programs that will help prevent spyware from ever getting on your computer.
https://www.wilderssecurity.com/showthread.php?t=27971

Regards,

snap

 

Thanks again Snap! You guys do a great service.

Fly Guy