Hi, I came here, because the other 3 forums I posted to are not helping lol!
In Yahoo chat the other evening, someone sent me a link to smiley central. Soon as I started dl, I got knocked off chat and messenger. Couldn't log back in, ran a bunch of spyware proggies, spybot, housecall, a reg cleaner, and did regular maintanence yet the bug was still on my pc, and I don't know what to do about it. I can sign into my messenger as of this am, but I'm concerned there's still something on my pc. Here's a snapshot from hijackthis:
Logfile of HijackThis v1.97.7
Scan saved at 9:19:54 PM, on 3/31/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
C:\WINNT\system32\msconfig.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\myie31de\MyIE.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\computer1\Local Settings\Temporary Internet Files\Content.IE5\ON7ZEODH\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/custo...h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/custo...oo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/custo...h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = red.clientapps.yahoo.com/custo...oo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/custo...oo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.horizonsurfer.com/start.php (C:\Documents and Settings\computer1\Application Data\Mozilla\Profiles\default\jsqzza84.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\computer1\Application Data\Mozilla\Profiles\default\jsqzza84.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\system32\msconfig.exe /auto
O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Point Alert (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - download.yahoo.com/dl/insta...t0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537...scan53.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - a14.g.akamai.net/f/14/7141...LENT_2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com/CA...593
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - us.dl1.yimg.com/download.y...api_416.dll
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - companion.logitech.com/compan...vid.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/sh...ash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2491E31B-FDA5-4281-B20D-E18ED112197B}: NameServer = 198.6.100.218 198.6.1.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{2491E31B-FDA5-4281-B20D-E18ED112197B}: NameServer = 198.6.100.218 198.6.1.218
This is the view with everything in startup menu running:
Logfile of HijackThis v1.97.7
Scan saved at 10:15:47 AM, on 4/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\khooker.exe
C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\QualGuard\Qagent\Qagent.exe
C:\Program Files\myie31de\MyIE.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\computer1\Local Settings\Temporary Internet Files\Content.IE5\U1F4TSFM\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/custo...h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/custo...oo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/custo...h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = red.clientapps.yahoo.com/custo...oo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/custo...oo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.horizonsurfer.com/start.php (C:\Documents and Settings\computer1\Application Data\Mozilla\Profiles\default\jsqzza84.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\computer1\Application Data\Mozilla\Profiles\default\jsqzza84.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Qagent.lnk = C:\Program Files\QualGuard\Qagent\Qagent.exe
O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Point Alert (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - download.yahoo.com/dl/insta...t0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537...scan53.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - a14.g.akamai.net/f/14/7141...LENT_2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com/CA...593
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - us.dl1.yimg.com/download.y...api_416.dll
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - companion.logitech.com/compan...vid.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/sh...ash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2491E31B-FDA5-4281-B20D-E18ED112197B}: NameServer = 165.87.13.129 165.87.201.243
O17 - HKLM\System\CS1\Services\Tcpip\..\{2491E31B-FDA5-4281-B20D-E18ED112197B}: NameServer = 165.87.13.129 165.87.201.243
I have Gomez Peer, and myIE is a browser, also there's spyware from mypoints on here, I dl'd for points, lol.
Is there anything here, which needs to be deleted? Thanks a bunch.
Also, I ran this proggy: Lspfix.exe and got these files, which don't look dangerous to me, but I know nothing:
mr20.dll
winrnr.dll
msafd.dll
rsvpsp.dll
I ran this without all the options in startup running.
Thanks!
In Yahoo chat the other evening, someone sent me a link to smiley central. Soon as I started dl, I got knocked off chat and messenger. Couldn't log back in, ran a bunch of spyware proggies, spybot, housecall, a reg cleaner, and did regular maintanence yet the bug was still on my pc, and I don't know what to do about it. I can sign into my messenger as of this am, but I'm concerned there's still something on my pc. Here's a snapshot from hijackthis:
Logfile of HijackThis v1.97.7
Scan saved at 9:19:54 PM, on 3/31/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
C:\WINNT\system32\msconfig.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\myie31de\MyIE.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\computer1\Local Settings\Temporary Internet Files\Content.IE5\ON7ZEODH\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/custo...h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/custo...oo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/custo...h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = red.clientapps.yahoo.com/custo...oo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/custo...oo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.horizonsurfer.com/start.php (C:\Documents and Settings\computer1\Application Data\Mozilla\Profiles\default\jsqzza84.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\computer1\Application Data\Mozilla\Profiles\default\jsqzza84.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\system32\msconfig.exe /auto
O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Point Alert (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - download.yahoo.com/dl/insta...t0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537...scan53.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - a14.g.akamai.net/f/14/7141...LENT_2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com/CA...593
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - us.dl1.yimg.com/download.y...api_416.dll
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - companion.logitech.com/compan...vid.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/sh...ash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2491E31B-FDA5-4281-B20D-E18ED112197B}: NameServer = 198.6.100.218 198.6.1.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{2491E31B-FDA5-4281-B20D-E18ED112197B}: NameServer = 198.6.100.218 198.6.1.218
This is the view with everything in startup menu running:
Logfile of HijackThis v1.97.7
Scan saved at 10:15:47 AM, on 4/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\khooker.exe
C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\QualGuard\Qagent\Qagent.exe
C:\Program Files\myie31de\MyIE.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\computer1\Local Settings\Temporary Internet Files\Content.IE5\U1F4TSFM\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/custo...h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/custo...oo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/custo...h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = red.clientapps.yahoo.com/custo...oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = red.clientapps.yahoo.com/custo...oo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/custo...oo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.horizonsurfer.com/start.php (C:\Documents and Settings\computer1\Application Data\Mozilla\Profiles\default\jsqzza84.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\computer1\Application Data\Mozilla\Profiles\default\jsqzza84.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Qagent.lnk = C:\Program Files\QualGuard\Qagent\Qagent.exe
O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Point Alert (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - download.yahoo.com/dl/insta...t0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537...scan53.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - a14.g.akamai.net/f/14/7141...LENT_2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com/CA...593
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - us.dl1.yimg.com/download.y...api_416.dll
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - companion.logitech.com/compan...vid.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/sh...ash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2491E31B-FDA5-4281-B20D-E18ED112197B}: NameServer = 165.87.13.129 165.87.201.243
O17 - HKLM\System\CS1\Services\Tcpip\..\{2491E31B-FDA5-4281-B20D-E18ED112197B}: NameServer = 165.87.13.129 165.87.201.243
I have Gomez Peer, and myIE is a browser, also there's spyware from mypoints on here, I dl'd for points, lol.
Is there anything here, which needs to be deleted? Thanks a bunch.
Also, I ran this proggy: Lspfix.exe and got these files, which don't look dangerous to me, but I know nothing:
mr20.dll
winrnr.dll
msafd.dll
rsvpsp.dll
I ran this without all the options in startup running.
Thanks!
posted by:
|
-
Re: downloaded software-spyware or something. Help!!
Sat, April 3, 2004 - 9:23 AMtoday, it's happening again.
:(
what do I do? -
-
Re: downloaded software-spyware or something. Help!!
Fri, April 9, 2004 - 2:05 PMAre you still having this problem? I a not seeing anything in that log file that should be causing a loss of Internet connection. Which is what it sounds like is happening to you.
You said you clicked on a link in Yahoo IM. What is the exact link that you clicked on? Was it a link to download a file? Or, was it a link to a web site? Also, some additional information would be nice. Such as the following:
1. Your internet connection type. (Dial-up, DSL, Cable, etc.)
2. Your Internet Service Provider.
3. System specifications. (CPU, RAM, etc.)
4. The last time you updated your AVG virus definitions.
5. A more detailed description of the symptoms you are suffering. Is it just that you lose Internet connectivity? Or, are there other symptoms such as system slow down and/or error messages?
The first thing I would recommend, especially if you have an older (more than 1 - 2 years) computer, is to get rid of some of the things that you have running in the background. The list of processes running that you gave is a bit much for some older systems to handle. And can cause overall loss in system performance, which can lead to intermittent and unpredictable system problems.
--Sean -
-
Re: downloaded software-spyware or something. Help!!
Fri, April 9, 2004 - 4:40 PMhmmmmmmm.....
yes, still having the problem. I don't get disconnected from the web, just chat-and when I try to log back in, I can't get in. I have dl'd Ytunnel, and that keeps the messenger going, but when I log off, clean out my system and log back in, I can't use whatever yahoo id for messenger that I had used when I got knocked. Very weird-no one in chat has admitted this has happened; I've seen them get knocked then get back in again. Once I'm booted I'm done with that id for at least 8 hrs on this machine.
My computer is about 2 yrs old. 40 gig hd, and I think 512 sdram, or maybe 768-don't remember, and I have win 2k and it's not telling me what I got. There are folks with older pc that don't have the trouble I do. Also I'm on dial up. After about an hour, I get booted with one id, then another hour, another id, then when I log in with my final id, I'm good for a long time. ??? weird.
Do I need more memory?
Thanks. -
-
Re: downloaded software-spyware or something. Help!!
Fri, April 9, 2004 - 4:58 PMbtw-I check for updates and download them regularly, for spyware blockers, win2k and of course avg-I manually update that every other day, if there are any. Past few days, because of new bugs out, I've been looking every day for updates.
-
Re: downloaded software-spyware or something. Help!!
Mon, April 12, 2004 - 1:17 PMSounds like a problem either with the chat program you are using, the chat service itself (Yahoo) or your Internet Service Provider. You never did mention who your ISP was. If you get disconnected, you should be able to reconnect almost immediately with the same username. Or, at least I am able to when I get dropped (which isn't very often). One possibility (but not likely) is that your username(s) have been hijacked. Usually you cannot log in with a username that is already logged in. At this point, my best recommendation is to work with Yahoo and see if they can help you figure out why you keep losing connection and not being able to log back in.
One more recommendation. Get rid of the Yahoo IM client and get something more versatile and reliable. My personal favorite is Trillian because it handles multiple chat providers as well as IRC all in the same program. And, it has a very small footprint in memory. Check it out at www.ceruleanstudios.com/.
FYI, in Win2k you can view how much memory you have in your System Properties. Right-click My Computer and click properties. On the General tab there is general system information. At the bottom should be how much memory you have. If you do not find it there, click Start -> Run and type msinfo32.exe. Either way, 512Mb should be enough memory.
--Sean -
-
Re: downloaded software-spyware or something. Help!!
Tue, April 13, 2004 - 6:33 AMI have Trillian-drawback is I can't get into the chat rooms with it. :( Love Trillian, though.
ty for your help. I have been contacting Yahoo and explaining my problem; this time I haven't heard from them. -
-
Re: downloaded software-spyware or something. Help!!
Wed, April 14, 2004 - 11:02 PMAre Trillian or any other chat software you used ad supported? If the chat software is ad supported, you actually disable your chat software every time you use a spy blocker program. Run your ad software, don't set it to immunize your system, THEN re-install your chat software. Run your spy blocker stuff to find out what spyware is used by the current program, then exclude it from future scans. That should solve your problem.
-
-
-
-
-
