NEWDOTNET Removal

Discussion in 'Computer Support' started by Preesi, Nov 21, 2004.

  1. Preesi

    Preesi Guest

    I found out I have NEWDOTNET installed.
    I have 6 different Spyware removal programs on my system.
    ALL of them keep telling me I have the NEWDOTNET Spyware proggy on my
    system
    and ALL of them say they successfully remove it, yet it keeps showing
    up.
    Its not in my add/remove area either!
    How do I truly rid myself of this?

    Also, I have pop up blockers installed and I still get pop ups, even
    after I run and delete all spyware instances installed on my system!

    HELP!!!!!!!!

    --
    preesi
    "Cool Beans AND Franks!"
    ~~~~~~~~~
    My Websites: http://tinyurl.com/yvw45
    Where I Hang Out: http://www.there.com
    My Pogo and AIM name: PreesiGirl
    (Come play with me)
    Preesi, Nov 21, 2004
    #1
    1. Advertising

  2. Preesi

    °Mike° Guest

    It may be that the actual spyware removal programs
    are part of the problem -- many are scumware masquerading
    as legitimate programs. Why do you have six installed,
    and what are their names?


    On Sun, 21 Nov 2004 13:33:12 -0500, in
    <>
    Preesi scrawled:

    > I found out I have NEWDOTNET installed.
    >I have 6 different Spyware removal programs on my system.
    >ALL of them keep telling me I have the NEWDOTNET Spyware proggy on my
    >system
    >and ALL of them say they successfully remove it, yet it keeps showing
    >up.
    >Its not in my add/remove area either!
    >How do I truly rid myself of this?
    >
    >Also, I have pop up blockers installed and I still get pop ups, even
    >after I run and delete all spyware instances installed on my system!
    >
    >HELP!!!!!!!!


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Nov 21, 2004
    #2
    1. Advertising

  3. Preesi

    Preesi Guest

    °Mike° wrote:
    > It may be that the actual spyware removal programs
    > are part of the problem -- many are scumware masquerading
    > as legitimate programs. Why do you have six installed,
    > and what are their names?


    Because people keep recommending them to me.
    I have my
    1// Norton AntiVirus Version 2004 (which deals with Spyware etc)
    2// Spybot
    3// Ad Aware SE
    4// Spyware Blaster
    5// AOLs Spyware Protection (that seems to be deeply thorough and
    detects Keyloggers the others dont)
    6// Spy Cleaner

    All of them seem to detect things the others dont, so I try to run them
    each daily to rid myself of what they individually find!

    --
    preesi
    "Cool Beans AND Franks!"
    ~~~~~~~~~
    My Websites: http://tinyurl.com/yvw45
    Where I Hang Out: http://www.there.com
    My Pogo and AIM name: PreesiGirl
    (Come play with me)
    Preesi, Nov 21, 2004
    #3
  4. Preesi

    Toolman Tim Guest

    "Preesi" <> wrote in message
    news:...
    | °Mike° wrote:
    | > It may be that the actual spyware removal programs
    | > are part of the problem -- many are scumware masquerading
    | > as legitimate programs. Why do you have six installed,
    | > and what are their names?
    |
    | Because people keep recommending them to me.
    | I have my
    | 1// Norton AntiVirus Version 2004 (which deals with Spyware etc)
    | 2// Spybot
    | 3// Ad Aware SE
    | 4// Spyware Blaster
    | 5// AOLs Spyware Protection (that seems to be deeply thorough and
    | detects Keyloggers the others dont)
    | 6// Spy Cleaner
    |
    | All of them seem to detect things the others dont, so I try to run them
    | each daily to rid myself of what they individually find!
    |

    You can *prevent* much of that stuff from ever getting on your system by
    using a good hosts file. Check this web site for a really good one:
    http://www.everythingisnt.com/hosts.html

    Read the whole page - there's some very good information there. And sign up
    for his email notification of updates.
    Toolman Tim, Nov 21, 2004
    #4
  5. Preesi

    °Mike° Guest

    On Sun, 21 Nov 2004 13:50:35 -0500, in
    <>
    Preesi scrawled:

    >°Mike° wrote:
    >> It may be that the actual spyware removal programs
    >> are part of the problem -- many are scumware masquerading
    >> as legitimate programs. Why do you have six installed,
    >> and what are their names?

    >
    >Because people keep recommending them to me.
    >I have my


    >2// Spybot


    If you mean 'Spybot Search & Destroy', then that's ok, but
    there are many others that exploit the name "Spybot", and
    those should be avoided. Always give proper names.


    >6// Spy Cleaner


    SpyCleaner, if it's from spycleaner.net, adaware.info or topdownloads.net
    is scumware, and should be removed.

    >All of them seem to detect things the others dont, so I try to run them
    >each daily to rid myself of what they individually find!


    The fact that you are being plagued with so many pop-ups,
    key loggers, and other malware suggests that your browsing
    habits need adjusting more than your software. Go here for
    instructions on removing newdot.net :
    http://www.newdotnet.com/removal.html

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Nov 21, 2004
    #5
  6. Preesi

    Preesi Guest

    °Mike° wrote:
    > On Sun, 21 Nov 2004 13:50:35 -0500, in
    > <>
    > Preesi scrawled:
    >
    >> °Mike° wrote:
    >>> It may be that the actual spyware removal programs
    >>> are part of the problem -- many are scumware masquerading
    >>> as legitimate programs. Why do you have six installed,
    >>> and what are their names?

    >>
    >> Because people keep recommending them to me.
    >> I have my

    >
    >> 2// Spybot

    >
    > If you mean 'Spybot Search & Destroy', then that's ok, but
    > there are many others that exploit the name "Spybot", and
    > those should be avoided. Always give proper names.
    >
    >
    >> 6// Spy Cleaner

    >
    > SpyCleaner, if it's from spycleaner.net, adaware.info or
    > topdownloads.net is scumware, and should be removed.
    >
    >> All of them seem to detect things the others dont, so I try to run
    >> them each daily to rid myself of what they individually find!

    >
    > The fact that you are being plagued with so many pop-ups,
    > key loggers, and other malware suggests that your browsing
    > habits need adjusting more than your software. Go here for
    > instructions on removing newdot.net :
    > http://www.newdotnet.com/removal.html


    Its Spybot Search & Destroy
    I completely UNINSTALLED Spy Cleaner (Strangely I got this one from
    CNET!)
    And MY browsing habits are fine. My 10 yr olds are GAMES, GAMES and MORE
    GAMES! I cant be there watching every second hes online, but I try to
    stop things!
    :)

    THANKS!

    --
    preesi
    "Cool Beans AND Franks!"
    ~~~~~~~~~
    My Websites: http://tinyurl.com/yvw45
    Where I Hang Out: http://www.there.com
    My Pogo and AIM name: PreesiGirl
    (Come play with me)
    Preesi, Nov 21, 2004
    #6
  7. Preesi

    Preesi Guest

    BTW- Someone just recommended ADWARE SPY!
    She said it removes stuff even SpyBot S&D doesnt detect!

    But now that you told me some are scumware Im scared!
    Preesi, Nov 21, 2004
    #7
  8. Preesi

    °Mike° Guest

    On Sun, 21 Nov 2004 14:50:07 -0500, in
    <>
    Preesi scrawled:

    >BTW- Someone just recommended ADWARE SPY!
    >She said it removes stuff even SpyBot S&D doesnt detect!
    >
    >But now that you told me some are scumware Im scared!


    AdwareSpy is scumware. It throws up false positives as
    an incentive to purchase the product. The same application
    is bundled under many other names, and under false pretences,
    IMO. I would advise your friend to remove it. These are
    the only general applications that you need for spyware
    removal, and all are free:

    Spybot Search & Destroy
    http://www.safer-networking.org/en/index.html
    http://spybot.safer-networking.de/en/index.html
    http://spybot.eon.net.au/
    SpyBot S&D guide
    http://www.chem.wisc.edu/~network/spybot/

    Ad-Aware SE
    http://www.lavasoftusa.com/
    http://www.lavasoft.nu/
    http://www.lavasoft.de/
    Ad-Aware VX2 cleaner plug-in
    http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
    http://www.lavasoft.nu/software/addons/vx2cleaner.shtml
    http://www.lavasoft.de/software/addons/vx2cleaner.shtml
    IMPORTANT NOTICE:
    http://www.mvps.org/winhelp2002/hosts.htm#Attention

    Spyware Blaster
    http://www.javacoolsoftware.com/spywareblaster.html
    http://www.net-integration.net/tools/spywareblaster.html

    CWShredder (CoolWebSearch remover)
    http://cwshredder.net/cwshredder/cwschronicles.html
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip
    http://doxdesk.com/parasite/CoolWebSearch.html
    Now maintained by InterMute
    http://www.intermute.com/spysubtract/cwshredder_download.html

    HijackThis
    http://mjc1.com/mirror/hjt/
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    http://209.133.47.12/~merijn/files/HijackThis.exe
    http://aumha.org/downloads/hijackthis.zip
    http://aumha.org/downloads/hijackthis.exe


    Also see:

    Dealing with Unwanted Spyware and Parasites
    http://mvps.org/winhelp2002/unwanted.htm

    Blocking Unwanted Parasites with a Hosts File
    http://www.mvps.org/winhelp2002/hosts.htm

    The Parasite Fight
    http://aumha.org/a/parasite.htm

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Nov 21, 2004
    #8
  9. Preesi

    Preesi Guest

    °Mike° wrote:
    > On Sun, 21 Nov 2004 14:50:07 -0500, in
    > <>
    > Preesi scrawled:
    >
    >> BTW- Someone just recommended ADWARE SPY!
    >> She said it removes stuff even SpyBot S&D doesnt detect!
    >>
    >> But now that you told me some are scumware Im scared!

    >
    > AdwareSpy is scumware. It throws up false positives as
    > an incentive to purchase the product. The same application
    > is bundled under many other names, and under false pretences,
    > IMO. I would advise your friend to remove it. These are
    > the only general applications that you need for spyware
    > removal, and all are free:
    >
    > Spybot Search & Destroy
    > http://www.safer-networking.org/en/index.html
    > http://spybot.safer-networking.de/en/index.html
    > http://spybot.eon.net.au/
    > SpyBot S&D guide
    > http://www.chem.wisc.edu/~network/spybot/
    >
    > Ad-Aware SE
    > http://www.lavasoftusa.com/
    > http://www.lavasoft.nu/
    > http://www.lavasoft.de/
    > Ad-Aware VX2 cleaner plug-in
    > http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
    > http://www.lavasoft.nu/software/addons/vx2cleaner.shtml
    > http://www.lavasoft.de/software/addons/vx2cleaner.shtml
    > IMPORTANT NOTICE:
    > http://www.mvps.org/winhelp2002/hosts.htm#Attention
    >
    > Spyware Blaster
    > http://www.javacoolsoftware.com/spywareblaster.html
    > http://www.net-integration.net/tools/spywareblaster.html
    >
    > CWShredder (CoolWebSearch remover)
    > http://cwshredder.net/cwshredder/cwschronicles.html
    > http://www.spywareinfo.com/~merijn/files/cwshredder.zip
    > http://doxdesk.com/parasite/CoolWebSearch.html
    > Now maintained by InterMute
    > http://www.intermute.com/spysubtract/cwshredder_download.html
    >
    > HijackThis
    > http://mjc1.com/mirror/hjt/
    > http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    > http://209.133.47.12/~merijn/files/HijackThis.exe
    > http://aumha.org/downloads/hijackthis.zip
    > http://aumha.org/downloads/hijackthis.exe
    >
    >
    > Also see:
    >
    > Dealing with Unwanted Spyware and Parasites
    > http://mvps.org/winhelp2002/unwanted.htm
    >
    > Blocking Unwanted Parasites with a Hosts File
    > http://www.mvps.org/winhelp2002/hosts.htm
    >
    > The Parasite Fight
    > http://aumha.org/a/parasite.htm


    Thanks
    BTW- Ive D/Led HijackThis before but was too scared to do anything with
    the list it gave me!

    And what is > Ad-Aware VX2 cleaner plug-in?


    --
    preesi
    "Cool Beans AND Franks!"
    ~~~~~~~~~
    My Websites: http://tinyurl.com/yvw45
    Where I Hang Out: http://www.there.com
    My Pogo and AIM name: PreesiGirl
    (Come play with me)
    Preesi, Nov 21, 2004
    #9
  10. Preesi

    doS Guest

    http://www.doxdesk.com/parasite/NewDotNet.html


    "Preesi" <> wrote in message
    news:...
    > I found out I have NEWDOTNET installed.
    > I have 6 different Spyware removal programs on my system.
    > ALL of them keep telling me I have the NEWDOTNET Spyware proggy on my
    > system
    > and ALL of them say they successfully remove it, yet it keeps showing
    > up.
    > Its not in my add/remove area either!
    > How do I truly rid myself of this?
    >
    > Also, I have pop up blockers installed and I still get pop ups, even
    > after I run and delete all spyware instances installed on my system!
    >
    > HELP!!!!!!!!
    >
    > --
    > preesi
    > "Cool Beans AND Franks!"
    > ~~~~~~~~~
    > My Websites: http://tinyurl.com/yvw45
    > Where I Hang Out: http://www.there.com
    > My Pogo and AIM name: PreesiGirl
    > (Come play with me)
    >
    >
    doS, Nov 21, 2004
    #10
  11. Preesi

    °Mike° Guest

    On Sun, 21 Nov 2004 15:20:50 -0500, in
    <>
    Preesi scrawled:

    <snip>

    >Thanks
    >BTW- Ive D/Led HijackThis before but was too scared to do anything with
    >the list it gave me!


    Post the log here and I, or somebody else, will try to
    help you out with it.

    >And what is > Ad-Aware VX2 cleaner plug-in?


    VX2 is malware that isn't removed with normal spyware removers.
    The links I gave will tell you about it.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Nov 21, 2004
    #11
  12. Preesi

    Preesi Guest

    °Mike° wrote:
    > On Sun, 21 Nov 2004 15:20:50 -0500, in
    > <>
    > Preesi scrawled:
    >
    > <snip>
    >
    >> Thanks
    >> BTW- Ive D/Led HijackThis before but was too scared to do anything
    >> with the list it gave me!

    >
    > Post the log here and I, or somebody else, will try to
    > help you out with it.


    OMG this is LONGGGGGG:

    Logfile of HijackThis v1.98.2
    Scan saved at 4:21:15 PM, on 11/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
    C:\Program Files\ISS\BlackICE\blackd.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\WINDOWS\System32\SK9910DM.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\America Online 9.0a\aoltray.exe
    C:\Program Files\ISS\BlackICE\blackice.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Paltalk\pnetaware.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\GIANT Company Software\Spam
    Inspector\siMailProxyServer.exe
    C:\Program Files\GIANT Company Software\Spam
    Inspector\siSpamFilterEngine.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Program Files\Paltalk\paltalk.exe
    C:\Program Files\AIM\aim.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.gatewaybiz.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.gatewaybiz.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage",
    "http://mywebpages.comcast.net/preesi/Begin.html"); (C:\Documents and
    Settings\Owner\Application
    Data\Mozilla\Profiles\default\z49p8jar.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",
    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5
    CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\z49p8jar.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -
    C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar3.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
    C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: WWGrapevine - {99AFC088-C0DD-40ED-92D8-0C53E8997510} -
    C:\Program Files\WWGrapevine\grapevine.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
    C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark
    X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
    IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY
    FineReader 5.0 Sprint\CAgent.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
    Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [ActiveTracker for Outlook Express] C:\Program
    Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
    Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection]
    "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic]
    "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company
    Software\Spam Inspector\siService.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program
    Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
    Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Mobile Phone Suite] C:\Program Files\Logitech\Mobile
    Phone Suite\MobilePhoneSuite.exe -nogui
    O4 - HKLM\..\Run: [New.net Startup] rundll32
    C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe
    1
    O4 - HKCU\..\Run: [seticlient] C:\Program
    Files\SETI@home\ -min
    O4 - HKCU\..\Run: [Spam Bully for Outlook Express] "C:\Program
    Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
    /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI
    RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
    Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program
    Files\ISS\BlackICE\blackice.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program
    Files\CompuServe 7.0\cstray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
    Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: &Trace with Visual Trace -
    C:\PROGRA~1\VISUAL~1\NTXcontext.htm
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program
    Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program
    Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program
    Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program
    Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar3.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
    file://C:\Program Files\Siber Systems\AI
    RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] -
    {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber
    Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
    file://C:\Program Files\Siber Systems\AI
    RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ -
    {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber
    Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: AOL Toolbar -
    {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL
    Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar -
    {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL
    Toolbar\toolbar.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
    file://C:\Program Files\Siber Systems\AI
    RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 -
    {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber
    Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    C:\Program Files\AIM\aim.exe
    O9 - Extra button: Voiceglo directory -
    {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All
    Users\Desktop\Glophone.lnk
    O9 - Extra button: @btrez.dll,-4015 -
    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
    Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
    Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    (no file)
    O9 - Extra button: Yahoo! Messenger -
    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: McAfee Visual Trace -
    {9885224C-1217-4c5f-83C2-00002E6CEF2B} -
    C:\PROGRA~1\VISUAL~1\NTXtoolbar.htm (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://linktrader.cyberspacehq.com
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: RaptisoftGameLoader -
    http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: Word Whomp Whackdown by pogo -
    http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: Yahoo! NFL GameChannel StatTracker -
    http://aud8.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab
    O16 - DPF: {01234567-1234-1234-1234-012345678921} -
    http://register.voiceglo.com/green.cab
    O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) -
    http://www.webcam.com/smilecam/domedemo/AXWebMonProj1.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
    http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX
    Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -
    http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload
    Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
    Class) -
    http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    scanner) -
    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications
    NetAgent Customer ActiveX Control version 2) -
    http://tech-a.mhi.aol.com/netagent/objects/custappx2.CAB
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    (PPSDKActiveXScanner.MainScreen) -
    http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX
    Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) -
    http://www.easports.com/downloads/games/common/ieell.cab
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active
    Launcher) -
    http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) -
    http://download.howudodat.com/chatterbox/download/appdl.cab
    O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) -
    http://media2.comcast.net/anon.comcastonline2/onleng/downloads/VideoMail/vmLauncher2.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
    Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://207.188.7.150/13e38fb1b957964f4116/netzip/RdxIE601.cab
    O16 - DPF: {5BC27861-314A-11D6-996D-00E018981B9E} (New.net Auto-search
    Control) - http://www.new.net/quicksearch/srchctl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
    Utility Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
    http://128.121.20.64/talk.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    http://www.atariondemand.com/classes/ExentCtl.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {761F3747-5612-4C4D-8F42-DB6C4E2AA3EF} (Talker4) -
    http://avvy.digitalspace.com/talker/code/talker4.cab
    O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) -
    http://digitalflip.org/fvlite22/fvlite.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {85AC0EFC-2CA1-4C1C-82AE-5C31184A13EF} (VAMCtrl Class) -
    http://traincam1.dnsalias.org:82/plugin/h263ctrl.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    http://64.186.207.89/activex/AxisCamControl.cab
    O16 - DPF: {97A8300E-11F1-4E44-B480-AECFF09C2A70} (XMLTimeElem
    Control) -
    http://www.driveonmars.com/atmo-worlds/opportunity_mesh/XMLTimeElem.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
    http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (WebEyeControl) -
    http://www.rockefellercenter.com/viewer/wg_webeye.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {AF14429C-D85A-40F3-AE1C-ADC75429A472} (Cgroupworld_control
    Object) - http://www.groupworld.net/groupworld/groupworld.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy
    Upload Tool Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer
    ActiveX Control) - http://download.toontown.com/sv1.0.14.33/ttinst.cab
    O16 - DPF: {C2F38867-251C-4216-9B1C-BBE89B8700E2} (iVocalize Internet
    Conference 3 Setup) - http://ivocalize.com/client/ivsetup3.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload
    Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
    Class) -
    https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
    Object) - http://aol.pogo.com/game/deluxe/zuma/popcaploader_v6.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
    Class) -
    https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
    http://download.abacast.com/download/files/abasetup152.cab
    O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) -
    http://www.kiddonet.com/kiddonet/GtekPrt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
    4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {FC686D83-E465-46AE-A315-7D1BD14F8163} (Cgroupconf_control
    Object) - http://www.groupboard.com/groupconf/groupconf.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) -
    http://www.tukati.com/software/4/1.7.20.20/tukati.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{C9673B72-A667-4616-AF42-9AEBB772F89F}
    : NameServer = 205.188.146.146





    --
    preesi
    "Cool Beans AND Franks!"
    ~~~~~~~~~
    My Websites: http://tinyurl.com/yvw45
    Where I Hang Out: http://www.there.com
    My Pogo and AIM name: PreesiGirl
    (Come play with me)
    Preesi, Nov 21, 2004
    #12
  13. Preesi

    doS Guest

    O4 - HKLM\..\Run: [New.net Startup] rundll32
    C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe
    1
    Still running weatherbug?

    "Preesi" <> wrote in message
    news:...
    > °Mike° wrote:
    > > On Sun, 21 Nov 2004 15:20:50 -0500, in
    > > <>
    > > Preesi scrawled:
    > >
    > > <snip>
    > >
    > >> Thanks
    > >> BTW- Ive D/Led HijackThis before but was too scared to do anything
    > >> with the list it gave me!

    > >
    > > Post the log here and I, or somebody else, will try to
    > > help you out with it.

    >
    > OMG this is LONGGGGGG:
    >
    > Logfile of HijackThis v1.98.2
    > Scan saved at 4:21:15 PM, on 11/21/2004
    > Platform: Windows XP SP1 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\System32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > C:\WINDOWS\system32\LEXBCES.EXE
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\system32\LEXPPS.EXE
    > C:\WINDOWS\Explorer.EXE
    > C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
    > C:\Program Files\ISS\BlackICE\blackd.exe
    > C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    > C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    > C:\Program Files\Norton AntiVirus\navapsvc.exe
    > C:\WINDOWS\System32\CTHELPER.EXE
    > C:\WINDOWS\GWMDMMSG.exe
    > C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    > C:\WINDOWS\System32\SK9910DM.EXE
    > C:\Program Files\Microsoft IntelliPoint\point32.exe
    > C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
    > C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    > C:\Program Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe
    > C:\WINDOWS\System32\RUNDLL32.EXE
    > C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    > C:\Program Files\QuickTime\qttask.exe
    > C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    > C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
    > C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
    > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    > C:\WINDOWS\System32\nvsvc32.exe
    > C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    > C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    > C:\Program Files\Norton AntiVirus\SAVScan.exe
    > C:\WINDOWS\System32\rundll32.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    > C:\WINDOWS\System32\ctfmon.exe
    > C:\Program Files\America Online 9.0a\aoltray.exe
    > C:\Program Files\ISS\BlackICE\blackice.exe
    > C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    > C:\Program Files\Paltalk\pnetaware.exe
    > C:\WINDOWS\wanmpsvc.exe
    > C:\Program Files\GIANT Company Software\Spam
    > Inspector\siMailProxyServer.exe
    > C:\Program Files\GIANT Company Software\Spam
    > Inspector\siSpamFilterEngine.exe
    > C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    > C:\WINDOWS\System32\wuauclt.exe
    > C:\WINDOWS\system32\ntvdm.exe
    > C:\Program Files\America Online 9.0a\waol.exe
    > C:\Program Files\America Online 9.0a\shellmon.exe
    > C:\Program Files\Common Files\Aol\aoltpspd.exe
    > C:\Program Files\Paltalk\paltalk.exe
    > C:\Program Files\AIM\aim.exe
    > C:\unzipped\hijackthis\HijackThis.exe
    >
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.gatewaybiz.com
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    > about:blank
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.gatewaybiz.com
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    > R3 - Default URLSearchHook is missing
    > N3 - Netscape 7: user_pref("browser.startup.homepage",
    > "http://mywebpages.comcast.net/preesi/Begin.html"); (C:\Documents and
    > Settings\Owner\Application
    > Data\Mozilla\Profiles\default\z49p8jar.slt\prefs.js)
    > N3 - Netscape 7: user_pref("browser.search.defaultengine",
    > "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5
    > CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\z49p8jar.slt\prefs.js)
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    > O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -
    > C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    > O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    > O2 - BHO: Google Toolbar Helper -
    > {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    > files\google\googletoolbar3.dll
    > O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    > C:\Program Files\Norton AntiVirus\NavShExt.dll
    > O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
    > C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    > O3 - Toolbar: WWGrapevine - {99AFC088-C0DD-40ED-92D8-0C53E8997510} -
    > C:\Program Files\WWGrapevine\grapevine.dll (file missing)
    > O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
    > C:\Program Files\AOL Toolbar\toolbar.dll
    > O3 - Toolbar: Norton AntiVirus -
    > {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    > AntiVirus\NavShExt.dll
    > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    > c:\program files\google\googletoolbar3.dll
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\System32\msdxm.ocx
    > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    > C:\WINDOWS\System32\NvCpl.dll,NvStartup
    > O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    > O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    > O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
    > O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark
    > X74-X75\lxbbbmgr.exe"
    > O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    > O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
    > IntelliPoint\point32.exe"
    > O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY
    > FineReader 5.0 Sprint\CAgent.exe
    > O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
    > Files\Logitech\Video\ISStart.exe
    > O4 - HKLM\..\Run: [ActiveTracker for Outlook Express] C:\Program
    > Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe
    > O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    > C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    > Files\Java\j2re1.4.2_05\bin\jusched.exe
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    > Files\QuickTime\qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
    > Files\AOL\ACS\AOLDial.exe
    > O4 - HKLM\..\Run: [AOL Spyware Protection]
    > "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
    > O4 - HKLM\..\Run: [Pure Networks Port Magic]
    > "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    > O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company
    > Software\Spam Inspector\siService.exe"
    > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    > Shared\ccApp.exe"
    > O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program
    > Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    > Files\Real\Update_OB\realsched.exe" -osboot
    > O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
    > Files\Symantec Shared\Security Center\UsrPrmpt.exe
    > O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    > O4 - HKLM\..\Run: [Mobile Phone Suite] C:\Program Files\Logitech\Mobile
    > Phone Suite\MobilePhoneSuite.exe -nogui
    > O4 - HKLM\..\Run: [New.net Startup] rundll32
    > C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    > O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe
    > 1
    > O4 - HKCU\..\Run: [seticlient] C:\Program
    > Files\SETI@home\ -min
    > O4 - HKCU\..\Run: [Spam Bully for Outlook Express] "C:\Program
    > Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install
    > O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
    > /background
    > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    > O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
    > C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    > O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI
    > RoboForm\RoboTaskBarIcon.exe"
    > O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
    > O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
    > Files\America Online 9.0a\aoltray.exe
    > O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program
    > Files\ISS\BlackICE\blackice.exe
    > O4 - Global Startup: BTTray.lnk = ?
    > O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program
    > Files\CompuServe 7.0\cstray.exe
    > O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
    > Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    > O8 - Extra context menu item: &Google Search - res://c:\program
    > files\google\GoogleToolbar3.dll/cmsearch.html
    > O8 - Extra context menu item: &Trace with Visual Trace -
    > C:\PROGRA~1\VISUAL~1\NTXcontext.htm
    > O8 - Extra context menu item: Backward Links - res://c:\program
    > files\google\GoogleToolbar3.dll/cmbacklinks.html
    > O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    > files\google\GoogleToolbar3.dll/cmcache.html
    > O8 - Extra context menu item: Customize Menu &4 - file://C:\Program
    > Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    > O8 - Extra context menu item: Fill Forms &] - file://C:\Program
    > Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    > O8 - Extra context menu item: Save Forms &[ - file://C:\Program
    > Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    > O8 - Extra context menu item: Send To &Bluetooth - C:\Program
    > Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    > O8 - Extra context menu item: Similar Pages - res://c:\program
    > files\google\GoogleToolbar3.dll/cmsimilar.html
    > O8 - Extra context menu item: Translate into English - res://c:\program
    > files\google\GoogleToolbar3.dll/cmtrans.html
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\WINDOWS\System32\msjava.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    > O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
    > file://C:\Program Files\Siber Systems\AI
    > RoboForm\RoboFormComFillForms.html
    > O9 - Extra 'Tools' menuitem: Fill Forms &] -
    > {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber
    > Systems\AI RoboForm\RoboFormComFillForms.html
    > O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
    > file://C:\Program Files\Siber Systems\AI
    > RoboForm\RoboFormComSavePass.html
    > O9 - Extra 'Tools' menuitem: Save Forms &[ -
    > {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber
    > Systems\AI RoboForm\RoboFormComSavePass.html
    > O9 - Extra button: AOL Toolbar -
    > {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL
    > Toolbar\toolbar.dll
    > O9 - Extra 'Tools' menuitem: AOL Toolbar -
    > {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL
    > Toolbar\toolbar.dll
    > O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
    > file://C:\Program Files\Siber Systems\AI
    > RoboForm\RoboFormComShowToolbar.html
    > O9 - Extra 'Tools' menuitem: RoboForm &2 -
    > {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber
    > Systems\AI RoboForm\RoboFormComShowToolbar.html
    > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    > C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    > O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    > C:\Program Files\AIM\aim.exe
    > O9 - Extra button: Voiceglo directory -
    > {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All
    > Users\Desktop\Glophone.lnk
    > O9 - Extra button: @btrez.dll,-4015 -
    > {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
    > Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    > O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
    > {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
    > Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    > O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    > (no file)
    > O9 - Extra button: Yahoo! Messenger -
    > {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    > C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    > O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    > {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    > C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    > O9 - Extra button: McAfee Visual Trace -
    > {9885224C-1217-4c5f-83C2-00002E6CEF2B} -
    > C:\PROGRA~1\VISUAL~1\NTXtoolbar.htm (HKCU)
    > O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
    > C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    > O10 - Hijacked Internet access by New.Net
    > O10 - Hijacked Internet access by New.Net
    > O10 - Hijacked Internet access by New.Net
    > O10 - Hijacked Internet access by New.Net
    > O12 - Plugin for .spop: C:\Program Files\Internet
    > Explorer\Plugins\NPDocBox.dll
    > O15 - Trusted Zone: http://linktrader.cyberspacehq.com
    > O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    > O16 - DPF: RaptisoftGameLoader -
    > http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    > O16 - DPF: Word Whomp Whackdown by pogo -
    > http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    > O16 - DPF: Yahoo! NFL GameChannel StatTracker -
    > http://aud8.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab
    > O16 - DPF: {01234567-1234-1234-1234-012345678921} -
    > http://register.voiceglo.com/green.cab
    > O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) -
    > http://www.webcam.com/smilecam/domedemo/AXWebMonProj1.cab
    > O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
    > http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    > O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX
    > Control) - http://www.ipix.com/viewers/ipixx.cab
    > O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -
    > http://www.pcpitstop.com/internet/pcpConnCheck.cab
    > O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload
    > Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    > O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
    > Class) -
    >

    http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab
    ?
    > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    > scanner) -
    > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    > O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications
    > NetAgent Customer ActiveX Control version 2) -
    > http://tech-a.mhi.aol.com/netagent/objects/custappx2.CAB
    > O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    > (PPSDKActiveXScanner.MainScreen) -
    > http://www.pestscan.com/scanner/axscanner.cab
    > O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX
    > Player) - http://www.cult3d.com/download/cult.cab
    > O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) -
    > http://www.easports.com/downloads/games/common/ieell.cab
    > O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active
    > Launcher) -
    > http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    > O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) -
    > http://download.howudodat.com/chatterbox/download/appdl.cab
    > O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) -
    >

    http://media2.comcast.net/anon.comcastonline2/onleng/downloads/VideoMail/vmL
    auncher2.cab
    > O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
    > Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    > http://207.188.7.150/13e38fb1b957964f4116/netzip/RdxIE601.cab
    > O16 - DPF: {5BC27861-314A-11D6-996D-00E018981B9E} (New.net Auto-search
    > Control) - http://www.new.net/quicksearch/srchctl.cab
    > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
    > Utility Class) -
    > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
    > http://128.121.20.64/talk.cab
    > O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    > http://www.atariondemand.com/classes/ExentCtl.ocx
    > O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    >

    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/house
    call/xscan53.cab
    > O16 - DPF: {761F3747-5612-4C4D-8F42-DB6C4E2AA3EF} (Talker4) -
    > http://avvy.digitalspace.com/talker/code/talker4.cab
    > O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) -
    > http://digitalflip.org/fvlite22/fvlite.cab
    > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
    > http://www.nick.com/common/groove/gx/GrooveAX27.cab
    > O16 - DPF: {85AC0EFC-2CA1-4C1C-82AE-5C31184A13EF} (VAMCtrl Class) -
    > http://traincam1.dnsalias.org:82/plugin/h263ctrl.cab
    > O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    > http://64.186.207.89/activex/AxisCamControl.cab
    > O16 - DPF: {97A8300E-11F1-4E44-B480-AECFF09C2A70} (XMLTimeElem
    > Control) -
    > http://www.driveonmars.com/atmo-worlds/opportunity_mesh/XMLTimeElem.cab
    > O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
    > http://support.gateway.com/support/serialharvest/gwCID.CAB
    > O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (WebEyeControl) -
    > http://www.rockefellercenter.com/viewer/wg_webeye.cab
    > O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    >

    http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.ca
    b
    > O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    > (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
    > O16 - DPF: {AF14429C-D85A-40F3-AE1C-ADC75429A472} (Cgroupworld_control
    > Object) - http://www.groupworld.net/groupworld/groupworld.cab
    > O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy
    > Upload Tool Class) -
    >

    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us
    ..cab
    > O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer
    > ActiveX Control) - http://download.toontown.com/sv1.0.14.33/ttinst.cab
    > O16 - DPF: {C2F38867-251C-4216-9B1C-BBE89B8700E2} (iVocalize Internet
    > Conference 3 Setup) - http://ivocalize.com/client/ivsetup3.cab
    > O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload
    > Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
    > Class) -
    > https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    > O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
    > Object) - http://aol.pogo.com/game/deluxe/zuma/popcaploader_v6.cab
    > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
    > Class) -
    > https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    > O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
    > http://download.abacast.com/download/files/abasetup152.cab
    > O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) -
    > http://www.kiddonet.com/kiddonet/GtekPrt.ocx
    > O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
    > 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    > O16 - DPF: {FC686D83-E465-46AE-A315-7D1BD14F8163} (Cgroupconf_control
    > Object) - http://www.groupboard.com/groupconf/groupconf.cab
    > O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) -
    > http://www.tukati.com/software/4/1.7.20.20/tukati.cab
    > O17 -
    > HKLM\System\CCS\Services\Tcpip\..\{C9673B72-A667-4616-AF42-9AEBB772F89F}
    > : NameServer = 205.188.146.146
    >
    >
    >
    >
    >
    > --
    > preesi
    > "Cool Beans AND Franks!"
    > ~~~~~~~~~
    > My Websites: http://tinyurl.com/yvw45
    > Where I Hang Out: http://www.there.com
    > My Pogo and AIM name: PreesiGirl
    > (Come play with me)
    >
    >
    doS, Nov 21, 2004
    #13
  14. Preesi

    Preesi Guest

    doS wrote:
    > O4 - HKLM\..\Run: [New.net Startup] rundll32
    > C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    > O4 - HKCU\..\Run: [Weather] C:\Program
    > Files\AWS\WeatherBug\Weather.exe 1
    > Still running weatherbug?


    I have the PURCHASED version!
    and it doesnt trigger any spyware remover!



    --
    preesi
    "Cool Beans AND Franks!"
    ~~~~~~~~~
    My Websites: http://tinyurl.com/yvw45
    Where I Hang Out: http://www.there.com
    My Pogo and AIM name: PreesiGirl
    (Come play with me)
    Preesi, Nov 21, 2004
    #14
  15. Preesi

    °Mike° Guest

    On Sun, 21 Nov 2004 16:24:16 -0500, in
    <>
    Preesi scrawled:

    <snip>

    >OMG this is LONGGGGGG:
    >
    >Logfile of HijackThis v1.98.2
    >Scan saved at 4:21:15 PM, on 11/21/2004
    >Platform: Windows XP SP1 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >


    >C:\Program Files\Paltalk\pnetaware.exe


    End task this process (CTRL+ALT+DEL).
    Set PalTalk to manual startup mode and remove
    pnetaware.exe from the startup folder.
    This is part of PalTalk, but is spyware.

    <snip>

    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    >http://www.gatewaybiz.com


    >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://www.gatewaybiz.com


    If the above is not your chosen default page and start page, have
    HijackThis fix them.


    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    >about:blank


    Have HijackThis fix the above.


    >R3 - Default URLSearchHook is missing


    Have HijackThis fix the above.


    >O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)


    Have HijackThis fix the above.


    >O3 - Toolbar: WWGrapevine - {99AFC088-C0DD-40ED-92D8-0C53E8997510} -
    >C:\Program Files\WWGrapevine\grapevine.dll (file missing)


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program
    >Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain


    WildTangent comes with adware and (some believe) spyware,
    but you will probably need it for your (cough!) AOL games.


    >O4 - HKLM\..\Run: [New.net Startup] rundll32
    >C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s


    Have HijackThis fix the above, and go to the newdot.net web
    site I pointed you to earlier.


    >O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1


    Some say WeatherBug is/has spyware. Your call.


    >O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe


    This is the entry that was mentioned right at the start, about
    PalTalk startup mode. Have HijackThis fix it.


    >O4 - Global Startup: BTTray.lnk = ?


    Have HijackThis fix the above.


    >O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
    >Files\AOL Toolbar\toolbar.dll/SEARCH.HTML


    Unless you really want/need this, have HijackThis fix it.


    >O9 - Extra button: Voiceglo directory -
    >{C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All
    >Users\Desktop\Glophone.lnk


    Unless you know exactly what this (Glophone) is, have
    HijackThis fix it.


    >O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    >(no file)


    Have HijackThis fix the above.


    >O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
    >C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)


    See earlier comments about WeatherBug.


    >O10 - Hijacked Internet access by New.Net
    >O10 - Hijacked Internet access by New.Net
    >O10 - Hijacked Internet access by New.Net
    >O10 - Hijacked Internet access by New.Net


    Have HijackThis fix the above four items, and see the newdot.net
    web site I pointed you to earlier.


    >O15 - Trusted Zone: http://linktrader.cyberspacehq.com


    Unless you specifically added the above link to your
    trusted zones, have HijackThis fix the above.


    >O16 - DPF


    What a mess your ActiveX folder is in! I suggest that
    you COMPLETELY clear out your "016 - DPF" entries.
    That means have HijackThis fix EVERY SINGLE ONE.
    They are ActiveX controls and will be downloaded
    again, as and when necessary. See further comments.


    >O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
    >Class) -
    >http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?


    See earlier comments about WeatherBug.


    >O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active
    >Launcher) -
    >http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab


    See earlier comments about WildTangent.


    >O16 - DPF: {5BC27861-314A-11D6-996D-00E018981B9E} (New.net Auto-search
    >Control) - http://www.new.net/quicksearch/srchctl.cab


    *Definitely* have HijackThis fix the above.


    >O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    >http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab


    See earlier comments about WildTangent.


    >O17 - HKLM\System\CCS\Services\Tcpip\..\{C9673B72-A667-4616-AF42-9AEBB772F89F}
    >: NameServer = 205.188.146.146


    Unless the above IP (AOL) is your ISP have HijackThis fix the above.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Nov 21, 2004
    #15
  16. Preesi

    Joe Guest

    hey one other thing that helps out is to disable the browser helper objects
    (BHO) in the internet options -- advanced tab I do not know how it will
    affect the weatherbug thing but, I do know it will disable the extra tool
    bars. Then you can sweep the system for spyware and they will be able to be
    cleaned as you are not calling them up into memory. just a tip


    "°Mike°" <> wrote in message
    news:...
    > On Sun, 21 Nov 2004 16:24:16 -0500, in
    > <>
    > Preesi scrawled:
    >
    > <snip>
    >
    > >OMG this is LONGGGGGG:
    > >
    > >Logfile of HijackThis v1.98.2
    > >Scan saved at 4:21:15 PM, on 11/21/2004
    > >Platform: Windows XP SP1 (WinNT 5.01.2600)
    > >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    > >

    >
    > >C:\Program Files\Paltalk\pnetaware.exe

    >
    > End task this process (CTRL+ALT+DEL).
    > Set PalTalk to manual startup mode and remove
    > pnetaware.exe from the startup folder.
    > This is part of PalTalk, but is spyware.
    >
    > <snip>
    >
    > >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > >http://www.gatewaybiz.com

    >
    > >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > >http://www.gatewaybiz.com

    >
    > If the above is not your chosen default page and start page, have
    > HijackThis fix them.
    >
    >
    > >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    > >about:blank

    >
    > Have HijackThis fix the above.
    >
    >
    > >R3 - Default URLSearchHook is missing

    >
    > Have HijackThis fix the above.
    >
    >
    > >O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)

    >
    > Have HijackThis fix the above.
    >
    >
    > >O3 - Toolbar: WWGrapevine - {99AFC088-C0DD-40ED-92D8-0C53E8997510} -
    > >C:\Program Files\WWGrapevine\grapevine.dll (file missing)

    >
    > Have HijackThis fix the above.
    >
    >
    > >O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program
    > >Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    >
    > WildTangent comes with adware and (some believe) spyware,
    > but you will probably need it for your (cough!) AOL games.
    >
    >
    > >O4 - HKLM\..\Run: [New.net Startup] rundll32
    > >C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

    >
    > Have HijackThis fix the above, and go to the newdot.net web
    > site I pointed you to earlier.
    >
    >
    > >O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    >
    > Some say WeatherBug is/has spyware. Your call.
    >
    >
    > >O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

    >
    > This is the entry that was mentioned right at the start, about
    > PalTalk startup mode. Have HijackThis fix it.
    >
    >
    > >O4 - Global Startup: BTTray.lnk = ?

    >
    > Have HijackThis fix the above.
    >
    >
    > >O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
    > >Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    >
    > Unless you really want/need this, have HijackThis fix it.
    >
    >
    > >O9 - Extra button: Voiceglo directory -
    > >{C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All
    > >Users\Desktop\Glophone.lnk

    >
    > Unless you know exactly what this (Glophone) is, have
    > HijackThis fix it.
    >
    >
    > >O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    > >(no file)

    >
    > Have HijackThis fix the above.
    >
    >
    > >O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
    > >C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

    >
    > See earlier comments about WeatherBug.
    >
    >
    > >O10 - Hijacked Internet access by New.Net
    > >O10 - Hijacked Internet access by New.Net
    > >O10 - Hijacked Internet access by New.Net
    > >O10 - Hijacked Internet access by New.Net

    >
    > Have HijackThis fix the above four items, and see the newdot.net
    > web site I pointed you to earlier.
    >
    >
    > >O15 - Trusted Zone: http://linktrader.cyberspacehq.com

    >
    > Unless you specifically added the above link to your
    > trusted zones, have HijackThis fix the above.
    >
    >
    > >O16 - DPF

    >
    > What a mess your ActiveX folder is in! I suggest that
    > you COMPLETELY clear out your "016 - DPF" entries.
    > That means have HijackThis fix EVERY SINGLE ONE.
    > They are ActiveX controls and will be downloaded
    > again, as and when necessary. See further comments.
    >
    >
    > >O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
    > >Class) -

    >
    >http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.ca

    b?
    >
    > See earlier comments about WeatherBug.
    >
    >
    > >O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active
    > >Launcher) -
    > >http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab

    >
    > See earlier comments about WildTangent.
    >
    >
    > >O16 - DPF: {5BC27861-314A-11D6-996D-00E018981B9E} (New.net Auto-search
    > >Control) - http://www.new.net/quicksearch/srchctl.cab

    >
    > *Definitely* have HijackThis fix the above.
    >
    >
    > >O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -

    >
    >http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.c

    ab
    >
    > See earlier comments about WildTangent.
    >
    >
    > >O17 -

    HKLM\System\CCS\Services\Tcpip\..\{C9673B72-A667-4616-AF42-9AEBB772F89F}
    > >: NameServer = 205.188.146.146

    >
    > Unless the above IP (AOL) is your ISP have HijackThis fix the above.
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
    Joe, Nov 24, 2004
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?c3N0YW5qYg==?=

    Removal from host of a Wireless network place (other computer)

    =?Utf-8?B?c3N0YW5qYg==?=, Apr 8, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    434
    Nobody
    Apr 8, 2005
  2. Adam Smith
    Replies:
    2
    Views:
    476
    Adam Smith
    Dec 11, 2004
  3. Trev67

    Search engine removal

    Trev67, Feb 14, 2005, in forum: Firefox
    Replies:
    4
    Views:
    2,027
    Trev67
    Feb 15, 2005
  4. tmt
    Replies:
    2
    Views:
    896
  5. Replies:
    0
    Views:
    516
Loading...

Share This Page