Another Xlime Victim

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BealzaBob

Thread Starter
Joined
Sep 17, 2004
Messages
4
Hello and thanks in advance for your assistance, I have been fighting xlime pop-ups for quite a while now and have come to the conclusion that if I don't get help soon, it will win, and I can't have that. I have read numerous posts about the xlime problem and so I have downloaded the latest version of Hijack This and run the scan... Here is my log, any help you could provide will be greatly appreciated.....


Logfile of HijackThis v1.98.2
Scan saved at 1:31:24 PM, on 09/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38AF385C-E719-7F92-D324-6D550ED7284E} - C:\WINDOWS\System32\yhbc.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slots/alibaba-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0.18/backgammon/backgammon-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.3.29/canasta/canasta-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/checkers2/checkers-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/chess2/chess2-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-5.9.0.25/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.2.21/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9.1.18/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9.2.31/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.9.4.22/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.3.20/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.20/pool2/pool-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.1.18/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.18/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.6.20/freecell/freecell-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0.25/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.0.25/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/poppit/poppit-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.1.18/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.21/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.2.21/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.9.2.38/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.8.6.20/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.3.29/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.9.1.28/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} (X4 Control) - http://69.2.74.11:81/XHD.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} - http://www.zuvio.com/UCSearch.CAB
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} (Rm Control) - http://69.2.74.11:81/RM.cab
O16 - DPF: {C298F7C6-958F-47AE-B811-C730070B5BD2} (EzWebView Control) - http://www.i-view.com.tw/cab/Webview.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D18B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.slotchbar.com/ist/softwares/remove/ist_remove.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab


Again, Thank you for your assistance, I wait with pop-up baited breath for your reply....

BealzaBob
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi - Welcome to TSG!!

Download Spybot http://www.majorgeeks.com/download3957.html

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot.

Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer and post another HJT log for review.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
also it looks like your host file has been hijacked
Download the Hoster from here . UnZip the file and run hoster press "Restore Original Hosts" and press "OK". Exit Program.
 

BealzaBob

Thread Starter
Joined
Sep 17, 2004
Messages
4
OK, I've done both of your suggestions and the following it my new HJT Log, as a side note, after doing the above, I can't sign on to my personal settings of my home page (Excite) Do you know of a way to correct this??? Thanks again for your help and continuing assistance....

Logfile of HijackThis v1.98.2
Scan saved at 5:02:51 PM, on 09/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slots/alibaba-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0.18/backgammon/backgammon-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.3.29/canasta/canasta-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/checkers2/checkers-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/chess2/chess2-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-5.9.0.25/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.2.21/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9.1.18/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9.2.31/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.9.4.22/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.3.20/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.20/pool2/pool-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.1.18/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.18/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.6.20/freecell/freecell-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0.25/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.0.25/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/poppit/poppit-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.1.18/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.21/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.2.21/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.9.2.38/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.8.6.20/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.3.29/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.9.1.28/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} (X4 Control) - http://69.2.74.11:81/XHD.cab
O16 - DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} (Rm Control) - http://69.2.74.11:81/RM.cab
O16 - DPF: {C298F7C6-958F-47AE-B811-C730070B5BD2} (EzWebView Control) - http://www.i-view.com.tw/cab/Webview.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D18B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.slotchbar.com/ist/softwares/remove/ist_remove.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Thanks again for your help...

BealzaBob
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O16 - DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} (X4 Control) - http://69.2.74.11:81/XHD.cab
O16 - DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} (Rm Control) - http://69.2.74.11:81/RM.cab
O16 - DPF: {C298F7C6-958F-47AE-B811-C730070B5BD2} (EzWebView Control) - http://www.i-view.com.tw/cab/Webview.cab

Close all applications and browser windows before you click "fix checked".

As far as Excite, did you use Spybot and the immunize feature? If so run that again and turn it off to see if you can access Excite again.
 

BealzaBob

Thread Starter
Joined
Sep 17, 2004
Messages
4
Great, the pop-ups are mostly gone. And when I turned off the immunize feature, it did let me get back on Excite. Is there a way to exclude that site from the immunize feature? I am posting my latest log, if there's anything else you think I should remove, please let me know, and I really appreciate your help.....


Logfile of HijackThis v1.98.2
Scan saved at 11:56:54 PM, on 09/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slots/alibaba-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0.18/backgammon/backgammon-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.3.29/canasta/canasta-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/checkers2/checkers-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/chess2/chess2-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-5.9.0.25/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.2.21/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9.1.18/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9.2.31/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.9.4.22/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.3.20/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.20/pool2/pool-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.1.18/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.18/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.6.20/freecell/freecell-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0.25/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.0.25/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/poppit/poppit-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.1.18/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.21/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.2.21/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.9.2.38/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.8.6.20/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.3.29/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.9.1.28/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D18B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.slotchbar.com/ist/softwares/remove/ist_remove.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab



Thanks
BealzaBob
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Log looks fine. To answer your Spybot question, not that I am aware of.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top