Help with HijackThis! Log

Discussion in 'Computer Support' started by ~*Eternity*~, May 14, 2004.

  1. ~*Eternity*~

    ~*Eternity*~ Guest

    Can someone please tell me what I should fix on this HijackThis! Log?
    Thanks for all your help.
    Robin
    ------------------
    Logfile of HijackThis v1.97.7
    Scan saved at 8:58:27 AM, on 5/14/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\lxamsp32.exe
    C:\WINDOWS\shelltray\dllhost.exe
    C:\PROGRA~1\MyWay\bar\4.bin\mwsoemon.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software
    Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows XP Fun Pack\Winter
    2003\WinterPowerToy\WinterWalltoy.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\SH41EVK9\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://my.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://srch-us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    http://www.websearch.com/ie.aspx?tb_id=50039
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no
    file)
    R3 - URLSearchHook: PerfectNavBHO Class -
    {00D6A7E7-4A97-456f-848A-3B75BF7554D7} -
    C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 12.129.205.209 search.netscape.com
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
    sitefinder.verisign.com
    O2 - BHO: MyWebSearch Search Assistant BHO -
    {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
    Files\MyWay\SearchAt\4.bin\MWSSRCAS.DLL
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} -
    C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program
    Files\MyWay\bar\4.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program
    Files\QuickSearch\QuickSearchBar1_27.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
    C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
    C:\Program Files\MyWay\bar\4.bin\MWSBAR.DLL
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O3 - Toolbar: QuickSearch Search Bar -
    {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program
    Files\QuickSearch\QuickSearchBar1_27.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
    Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKLM\..\Run: [PrinTray]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program
    Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
    Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program
    Files\Fellowes\MediaFACE 4.0\SetHook.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe
    /BOOT
    O4 - HKLM\..\Run: [Windows Shell] C:\WINDOWS\shelltray\dllhost.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
    C:\PROGRA~1\MyWay\bar\4.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [New.net Startup] rundll32
    C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O4 - HKCU\..\Run: [Acme.PCHButton]
    C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition]
    "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
    C:\PROGRA~1\MyWay\bar\4.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware
    6\Ad-aware.exe" "+b1"
    O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump
    Start Screen Saver 1.1\jumpstart.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
    Files\MyWay\bar\4.bin\MWSOEMON.EXE
    O4 - Startup: Winter Fun Wallpaper Changer.lnk = ?
    O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program
    Files\LexmarkX63\AcBtnMgr_X63.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program
    Files\MyWay\bar\4.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
    C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search -
    http://bar.mywebsearch.com/menusearch.html?p=ZS
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: HPVC component -
    http://vrm02.win2000.hpe-learning.com/hpvcpw/lib/hp/dc/lib/component35090.cab
    O16 - DPF: HPVC resources -
    http://vrm02.win2000.hpe-learning.com/hpvcpw/lib/hp/dc/lib/resources35030.cab
    O16 - DPF: HPVC signed -
    http://vrm02.win2000.hpe-learning.com/hpvcpw/lib/hp/dc/lib/signed35033.cab
    O16 - DPF: HPVC support -
    http://vrm02.win2000.hpe-learning.com/hpvcpw/lib/hp/dc/lib/support3500.cab
    O16 - DPF: McdonaldsPlayR3 -
    http://www.livingcharacters.com/tests/mcd/McdonaldsPlayR3.cab
    O16 - DPF: Yahoo! Bingo -
    http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Dominoes -
    http://download.games.yahoo.com/games/clients/y/dot2_x.cab
    O16 - DPF: Yahoo! Go -
    http://download.games.yahoo.com/games/clients/y/gt1_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe -
    http://download.games.yahoo.com/games/clients/y/ft3_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) -
    http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) -
    http://a19.g.akamai.net/7/19/7125/1250/ftp.coupons.com/v6/brix6ie.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products
    Installer Start) -
    http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
    Class) -
    http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?rand=200341923
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl
    Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup
    Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} -
    http://sc.communities.msn.com/controls/chat/msnchat42.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload
    Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37577.0024884259
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -
    http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
    http://www.microsoft.com/security/controls/SassCln.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
    http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer
    ActiveX Control) - http://download.toontown.com/sv1.0.9.12/ttinst.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -
    http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) -
    http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on
    the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
    https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
    http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
    http://sc.communities.msn.com/controls/chat/msnchat45.cab
     
    ~*Eternity*~, May 14, 2004
    #1
    1. Advertisements

  2. ~*Eternity*~

    why? Guest

    Where in the log file does it say anything needs fixed?

    Can you tell anyone what you think is wrong?

    What problems are you having, that needed you to run 'HijackThis!'?

    Although HT is a browser add in / start up component / hijack lister.
    How does that log compare with any other spyware detection?

    Does another app find anything that agrees / disagree with HT?
    <snip>

    Me
     
    why?, May 14, 2004
    #2
    1. Advertisements

  3. ~*Eternity*~

    ~*Eternity*~ Guest

    She was told that she has the keenval.b trojan. I told her run adaware and
    spybot S&D and HJT. But I am not sure what needs to be removed or fixed at
    this point.

    Thanks.
     
    ~*Eternity*~, May 14, 2004
    #3
  4. ~*Eternity*~

    °Mike° Guest

    Dllhost.exe should be in the 'system32' folder, not shelltray.
    I don't even have a 'shelltray' folder on my XP machine.
    It should also not be in the running processes, typically.
    [*****]

    Terminate this program and run CWShredder
    http://www.spywareinfo.com/~merijn/cwschronicles.html
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip

    Terminate this spyware, and uninstall WeatherBug.

    Screensavers are a waste of time and computer
    resources.

    I've never understood why people install wallpaper changers.
    Another waste of resources.
    This shouldn't be running on it's own.

    Just curious; why is HijackThis running from your Temporary Internet
    Files folder?
    Unless you specifically installed the Yahoo Searchbar, fix the above.
    Have HijackThis fix the above.
    Have HijackThis fix the above.
    Have HijackThis fix the above.
    Have HijackThis fix the above.
    Sign of an IRC bot -- fix it.
    http://www.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.g.html

    Have HijackThis fix the above.
    Have HijackThis fix the above.
    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    If you don't use "virtual desktops", disable the above.

    Have HijackThis fix the above.


    See my comments above about this.
    [*****]

    Have HijackThis fix the above.

    No wonder you're riddled with spyware! Get rid of Kazaa, and
    install Kazaa Lite (if you MUST use such an app.)

    Have HijackThis fix the above.

    See my comments above about uninstalling WeatherBug.

    Have HijackThis fix the above.

    Screensaver. Sheesh!

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Clean out ALL of your 016 - DPF entries; get rid of the lot.
    Any that are needed will be reinstalled as needed.
     
    °Mike°, May 14, 2004
    #4
  5. ~*Eternity*~

    ~*Eternity*~ Guest

    Sorry, should have been more specific. This is not my log. It is a friend
    who asked for help. I will pass this on to her and have her change/fix the
    problems you specified. Also, please see inline for a few questions I
    have...thanks!
    She probably did not install it to it's own folder. I will tell her to re
    do it .
    I already told her to remove this. And am going to give her a link to
    K-Lite. Thanks
     
    ~*Eternity*~, May 14, 2004
    #5
  6. ~*Eternity*~

    °Mike° Guest

    Scan the system for viruses/trojans with *at least* two,
    preferably more, antivirus scanners. Do NOT trust AVG.

    Online Antivirus scanners:
    ================
    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www3.ca.com/virusinfo/virusscan.aspx
    http://security.symantec.com/sscv6/default.asp
    http://www.pandasoftware.com/activescan/activescan.asp

    Anti-virus programs:
    --------------------
    KAV (Kaspersky)
    http://www.kaspersky.com/

    eZ Antivirus (Computer Associates)
    http://www.my-etrust.com/products/Antivirus.cfm

    Sophos
    http://www.sophos.com/products/sav/


    Just tell her to place the Hijackthis.exe file into the Windows
    folder. That way she can just go to Start / Run / hijackthis .

     
    °Mike°, May 14, 2004
    #6
  7. ~*Eternity*~

    ~*Eternity*~ Guest

    Thank you very much for your help!
    Robin
     
    ~*Eternity*~, May 14, 2004
    #7
  8. ~*Eternity*~

    °Mike° Guest

    You're welcome.


    <snip>
     
    °Mike°, May 14, 2004
    #8
  9. ~*Eternity*~

    Toolman Tim Guest

    Damn, he's good! Too bad he's on the other side of the pond...he could come
    help with my new network backup software <g>

    (Mike - keep up the good stuff!)

    <snipperoo>
     
    Toolman Tim, May 15, 2004
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.