New to the forum, would like to see how my computer looks

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

DerekM

Thread Starter
Joined
Sep 15, 2003
Messages
4
This is the first time I have posted. I am really learning a lot by browsing around. I downloaded HJT and scanned. I see a few things that need to be erased, but I would like for someone with more knowledge than I to help me out. I am using Yahoo DSL as my browser (didn't know if the MSIE is the same thing.)

Thanks in advance for the help.

Logfile of HijackThis v1.97.2
Scan saved at 10:43:05 PM, on 9/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\nCase\msbb.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Hotbar\bin\4.3.5.0\HbInst.exe
C:\Program Files\Internet Washer Pro\iw.exe
C:\WINDOWS\FSScrCtl.exe
C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
C:\Program Files\Common Files\GMT\GMT.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Stop-the-Pop-Up Demo\stopthepop.exe
C:\Program Files\Hotbar\bin\4.3.5.0\HbSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passthison.com/r4/?vu083...02228333933989000222833393398900022283339.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\stoolbar.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\Program Files\Httper\httper.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\stoolbar.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [msbb] C:\Program Files\nCase\msbb.exe
O4 - HKLM\..\Run: [MES] C:\WINDOWS\MES.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up Demo\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.5.0\HbInst.exe /Upgrade
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Amber Alert Net] C:\Program Files\Webroot\AmberNet\ambernet.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\Internet Washer Pro\iw.exe min
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8106/turbo.cab?id=9010847
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {18B01F09-2965-11D3-9461-00A0C9B1E042} (FunnyVoiceCtl Class) - http://www.kiddonet.com/kiddonet/luvclicks2/FunnyVoice.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50026/QDow.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?RND=
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/coloring/Coloring.ocx
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/ssoap/pptproactauthmirror/systemsoappro.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/ActiveXInstallers/306/nCaseInstaller.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://207.182.252.79/activex/AxisCamControl.ocx
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37853.7446643518
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
O16 - DPF: {A2A62F90-6106-11D3-96F3-00105A771372} (KaraokeComCtl Class) - http://www.kiddonet.com/lapware/actmenu/KaraokeAnim/karaokeCom.ocx
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://download.spywarelabs.com/install/1203030306/VBouncerOuter1203.EXE
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} (SBFullInst Control) - http://www.spyblast.com/download/SBFull.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://216.133.83.162/downloads/UGO20.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4288/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E797A2A2-80AC-4228-939E-08301A9D7D33}: NameServer = 151.164.67.201 151.164.1.8
 
Joined
Dec 9, 2000
Messages
45,855
You have an extremely heavy load of spy and adware there that needs removing. Rather than try to give you manual instructions right off the bat, I'd suggest you install, UPDATE, and run either Spybot or Ad-Aware or both (reboot afterwards) and then post another Scanlog so we can see what remains.

Spybot Instructions and Download

Ad-Aware Home Page and Ad-Aware 6: Reference Guide by Winchester73

And since you apparently have no installed antivirus program I would suggest you also run an online scan at one of these sites, after running Ad-Aware or Spybot.

HouseCall
Panda
RAV AntiVirus Online
 
Joined
Mar 9, 2003
Messages
4,699
First off, you have the MSblast worm. Or at the registry entry if it has already been removed.

O4 - HKLM\..\Run: [windows auto update] msblast.exe

Go to this link for information on the latest]/I] Microsoft patch as provided by Rollin’Rog
http://forums.techguy.org/t163821/s.html

Once you have your system patched, run a virus scan to rid yourself of this worm.
Again, links to three good online antivirus scanners have been provided by Rollin’Rog.

I STRONGLY advise you to get both a good AntiVirus program AND a good firewall. There are many of each out there, both for free and for pay.
 
Joined
Mar 9, 2003
Messages
4,699
Since I already had most of the work of analyzing your HJT log done before I got an interruption, I will go ahead and post the results anyway.


In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passthison.com/r4/?vu083...00022283339.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyd.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3....rchPageHome.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll

O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\stoolbar.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\Program Files\Httper\httper.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\stoolbar.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [msbb] C:\Program Files\nCase\msbb.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.5.0\HbInst.exe /Upgrade
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\Internet Washer Pro\iw.exe min

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com....cab?id=9010847
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/f...etup1.0.0.5.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50026/QDow.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...porter.cab?RND=



IF you are running ME or XP Disable SYSTEM RESTORE : Here's How

Next reboot into Safe Mode and remove the following files and folders that are bolded

C:\WINDOWS\host.dll

C:\WINDOWS\System32\btiein.dll
C:\WINDOWS\System32\stcloader.exe

Delete the whole bolded folder

C:\PROGRA FILES\AWS\WEATHE~1\Weather.exe 1
C:\Program Files\Hotbar\bin\4.3.5.0\HbInst.exe /Upgrade
C:\Program Files\Httper\httper.dll
C:\Program Files\Internet Washer Pro\iw.exe min

C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\nCase\msbb.exe

C:\Program Files \SEARCH~1\stoolbar.dll
C:\Program Files\Common Files\BTLINK\btlink.dll
C:\Program Files\Common Files\CMEII\CMESys.exe"
C:\Program Files\Common Files\GMT\GMT.exe

See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

Re-enable SYSTEM RESTORE and create a new restore point.

Reboot into normal mode


Now download Spybot - Search & Destroy (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks
 

DerekM

Thread Starter
Joined
Sep 15, 2003
Messages
4
I noticed that Yahoo was on the list of items to delete. Since we use SBC Yahoo as our ISP and browser, do I still need to delete each item with Yahoo, SBC or DSL in it?

ie:
Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyd.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com

I am now in the process of installing both Adaware and SpyBot. But I am confused about your instructions to install UPDATE. What is this and where do I find it?

Thank you for helping with all of this. All day at work I have looked forward to seeing responses to my post, and you haven't let me down. I will post more later.

Thanks,
DerekM
 
Joined
Mar 9, 2003
Messages
4,699
If you wish to keep Yahoo as your home page and search page, then ignore those lines.

Once you install SpyBot you will notice a number or "button bars" on the left hand side of the screen. Each of these expands to give more options.

Click on the "Online" button bar. When it expands, click on "Search for Updates" and once it connects (you have to be online) and finds the updates, click on "Download Updates".

I have heard of times when the button bars do not show up on the first run. If this is the case, go ahead and run SpyBot with the basic definitions. Click on "Check for Problems" when the scan is done, most of the items it finds in RED will be pre-checked. Look over the list and if you are unsure of an item you can right click on it to get more information. If still unsure, uncheck it. It will be found again in the next scan. Then check Fix Selected Problems.

You may get a message that SpyBot could not delete one or more files because they were in use. This is not a problem, it is just that the file is open/in use and can not be moved or deleted.

It will ask you to reboot. Reboot and as your PC starts to come up, SpyBot will delay windoes starting until it can finish it's scan. It will delete the files that it couldn't, and then continut the boot process into windows.

IF you didn't see the button bars before, you should now and be able to click the Online button and get the latest updates.

I would suggest running SpyBot again with the latest updates.
 
Joined
Dec 9, 2000
Messages
45,855
Both programs include tabs to update direct from the web. Before using Spybot's click the Settings tab, then Settings again. In the Web Update section, check "also display beta updates"

Then click the Online tab and Search for updates. Download them all before running.

Ad-aware has a similar update "check for updates" (lower right ) tab, just click it and it will prompt you for the rest. You need to be online when doing it.
 

DerekM

Thread Starter
Joined
Sep 15, 2003
Messages
4
OK, I think I might have messed up. I tried to fix what SpyBot found. I didn't uncheck anything thinking that the program had found only bad things. After I scanned again, I see a lot of Windows Registry missing things like

setup.exe......wrong app path; table30.exe.....wrong app path; yourapp.exe.....wrong path name (this is for my pop up stopper).

Also things like Adobe Photoshop shows a Registry change.

I am including an attachment of my last scan after i ran a recovery, but I don't know if anything got fixed. Please let me know something, I am afraid to reboot my computer or close the current SpyBot.

Thanks,
DerekM
 
Joined
Dec 9, 2000
Messages
45,855
You can't use the Preview function after attaching a file.

Best to just copy/paste the HijackThis Scanlog anyway, it is easier to read and deal with.

Are these error messages you are getting on startup? Spybot does not target legitimate entries, but it's possible the removal process mal functioned.
 

DerekM

Thread Starter
Joined
Sep 15, 2003
Messages
4
I might be over-reacting. I have yet to restart my computer after I recovered everything that SpyBot fixed. This is the fix log. I am going to go ahead and shut everything down after I post this. If you don't hear back from me for a few days, my fears were correct. If I can get my computer to work, I will check back here and then I will fix what SpyBot finds, then post the results of HJT.

DerekM


--- Report generated: 2003-09-16 22:17 ---

Alexa Related: What's related link (Replace file, fixed)
C:\WINDOWS\Web\related.htm

Avenue A, Inc.: Tracking cookie or cookie of tracking site (File, fixed)
C:\Documents and Settings\Owner.THEMARSDENS\Cookies\[email protected][1].txt

BonziBuddy: Program group entry (File, fixed)
C:\WINDOWS\system32\config\systemprofile\Start Menu\Free BonziBUDDY.url

CarpeDiem Vars: Program directory (Directory, fixed)
C:\Program Files\Carpe Diem

CommonName: Temporary directory (Directory, fixed)
C:\WINDOWS\Temp\Adware

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

eAcceleration: Application data file (File, fixed)
C:\Documents and Settings\Owner.THEMARSDENS\Application Data\Microsoft\Internet Explorer\Quick Launch\eAnthology Manager.lnk

eAcceleration: Application data file (File, fixed)
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\eAnthology Manager.lnk

eAcceleration: Desktop icon (File, fixed)
C:\WINDOWS\system32\config\systemprofile\Desktop\Scan Now for Viruses and Threats.lnk

eAcceleration: Program directory (Directory, fixed)
C:\Program Files\Acceleration Software

eAcceleration: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\eAnthology

Gator: Autostart item (File, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk

Gator: Program directory (Directory, fixed)
C:\Program Files\Common Files\GMT

Gator: Program directory (Directory, fixed)
C:\Program Files\Common Files\CMEII

Gator: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\PrecisionTime

Gator: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\Date Manager

Gator: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\GAIN

Hotbar: Installer (File, fixed)
C:\WINDOWS\Downloaded Program Files\hotbar.inf

Httper: Library (File, fixed)
C:\Program Files\Httper\httper.dll

Httper: Log (File, fixed)
C:\Program Files\Httper\INSTALL.LOG

Httper: Settings (File, fixed)
C:\Program Files\Httper\httper.ini

Httper: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A5483501-070C-41DD-AF44-9BD8864B3015}

Httper: Class (Registry key, fixed)
HKEY_CLASSES_ROOT\Httper.IEFriendly.1

Httper: Class (Registry key, fixed)
HKEY_CLASSES_ROOT\Httper.IEFriendly

Httper: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A5483501-070C-41DD-AF44-9BD8864B3015}

Httper: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{7D49A302-3C1C-4706-B6DC-8C8BBB500BA0}

Httper: Typelib (Registry key, fixed)
HKEY_CLASSES_ROOT\Typelib\{AB7B627D-B2AF-4B6D-BDA1-4930579FFCD8}

Httper: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Httper

HuntBar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{3C53010D-97BA-4650-84C5-1A6FAA31055E}

HuntBar: Code store database (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{26E8361F-BCE7-4F75-A347-98C88B418322}

HuntBar: Protocol handler (Registry key, fixed)
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\res\BTLINK.ResProtocol

HuntBar: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\BTLINK

Huntbar.Stoolbar: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Search Toolbar

InternetWasher: Text file (File, fixed)
C:\Program Files\Internet Washer Pro\syslog.txt

InternetWasher: Autorun settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet Washer Pro

InternetWasher: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{421A63BA-4632-43E0-A942-3B4AB645BE51}

InternetWasher: Program directory (Directory, fixed)
C:\Program Files\Internet Washer Pro

IPinsight: Executable (File, fixed)
C:\WINDOWS\ipinsigt.dll

n-Case: Executable (File, fixed)
C:\WINDOWS\DKQ.exe

NewtonKnows: Program directory (Directory, fixed)
C:\Program Files\Newton Knows

NewtonKnows: Temporary directory (Directory, fixed)
C:\WINDOWS\Temp\vupd

PurityScan: Program group (Directory, fixed)
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\PurityScan

SideStep: Desktop icon (File, nothing done)
C:\WINDOWS\system32\config\systemprofile\Desktop\SideStep.lnk

SideStep: Startmenu item (File, nothing done)
C:\Documents and Settings\Owner.THEMARSDENS\Start Menu\SideStep.lnk

SideStep: Startmenu item (File, nothing done)
C:\WINDOWS\system32\config\systemprofile\Start Menu\SideStep.lnk

SpeedDelivery: Class (Registry key, fixed)
HKEY_CLASSES_ROOT\Vxpspeeddelivery.download.1

SpeedDelivery: Class (Registry key, fixed)
HKEY_CLASSES_ROOT\Vxpspeeddelivery.download

SpeedDelivery: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A7798D6C-C6B5-4F26-9363-F7CDBBFFA607}

SpeedDelivery: Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{A7798D6C-C6B5-4F26-9363-F7CDBBFFA607}

SpeedDelivery: DLL use (1 apps) (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\vxpspeeddelivery.dll

SpeedDelivery: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{D7729994-C4D8-480F-B905-291E7694A217}

SpeedDelivery: Library (File, fixed)
C:\WINDOWS\Downloaded Program Files\vxpspeeddelivery.dll

SpeedDelivery: Module usage setting (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/vxpspeeddelivery.dll

SpeedDelivery: Typelib (Registry key, fixed)
HKEY_CLASSES_ROOT\Typelib\{6194EEA8-AF20-4844-A422-DE1E64BAF6E3}

SpyBlast: Class (Registry key, fixed)
HKEY_CLASSES_ROOT\SBFull.SBFullInst

SpyBlast: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62}

SpyBlast: Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62}

SpyBlast: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{CA26CDDA-510A-4484-9454-2C1B419E9426}

SpyBlast: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9963236E-3D9C-41C5-A498-FA33E36005BA}

SpyBlast: Typelib (Registry key, fixed)
HKEY_CLASSES_ROOT\Typelib\{3254C568-EE33-4BD0-AF6C-09AB5E07BB82}

webHancer: Installer (File, fixed)
C:\WINDOWS\whInstaller.exe

webHancer: Installer settings (File, fixed)
C:\WINDOWS\whInstaller.ini

webHancer: Program files (Directory, fixed)
C:\Program Files\webHancer

webHancer: System file (File, fixed)
C:\WINDOWS\whAgent.inf

WildTangent: Autorun settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wcmdmgr

WildTangent: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\WildTangent

WildTangent: Personal user ID (File, fixed)
C:\WINDOWS\wt\info.txt

WildTangent: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wcmdmgr.exe

WildTangent: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wtwebdriver

WildTangent: Updater directory (Directory, fixed)
C:\WINDOWS\wt\updater

WildTangent: Updates directory (Directory, fixed)
C:\WINDOWS\wt\wtupdates

WildTangent: Web driver (File, fixed)
C:\WINDOWS\wt\webdriver.dll

WildTangent: Web driver directory (Directory, fixed)
C:\WINDOWS\wt\webdriver

ZipClix: IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{319A68DB-06D0-46DA-9F93-A810D5A70836}

Windows Registry: C:\WINDOWS\Downloaded Program Files\QDow.dll (Missing shared DLL, nothing done)
QDow.dll

Windows Registry: C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FTPInstUtils.dll (Missing shared DLL, nothing done)
FTPInstUtils.dll

Windows Registry: C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\whatsnew.txt (Missing shared DLL, nothing done)
whatsnew.txt

Windows Registry: C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll (Missing shared DLL, nothing done)
Msvcrt10.dll

Windows Registry: C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\dummy.txt (Missing shared DLL, nothing done)
dummy.txt

Windows Registry: C:\WINDOWS\System32\EGDHTML_1017.dll (Missing shared DLL, nothing done)
EGDHTML_1017.dll

Windows Registry: C:\WINDOWS\System32\ir50_32.dll (Missing shared DLL, nothing done)
ir50_32.dll

Windows Registry: System Soap Pro (Startup file does not exist, nothing done)

Windows Registry: Amber Alert Net (Startup file does not exist, nothing done)

Windows Registry: UserFaultCheck (Startup file does not exist, nothing done)

Windows Registry: BlockTracker (Startup file does not exist, nothing done)

Windows Registry: yourapp.Exe (Wrong app path, nothing done)
C:\Program Files\Stop-the-Pop-Up Demo\yourapp.Exe

Windows Registry: msCMTctrl.exe (Wrong app path, nothing done)
C:\Program Files\Compaq Computer Corp.\msCMT\msCMTctrl.exe

Windows Registry: ORUN32.EXE (Wrong app path, nothing done)
C:\WINDOWS\ORUN32.EXE

Windows Registry: PCDoctor.exe (Wrong app path, nothing done)
C:\Program Files\PC-Doctor\PCDoctor.exe

Windows Registry: setup.exe (Wrong app path, nothing done)


Windows Registry: table30.exe (Wrong app path, nothing done)


Windows Registry: winnt32.exe (Wrong app path, nothing done)


Windows Registry: InterActual Player (Wrong app path, nothing done)


Windows Registry: EXEtender (Wrong app path, nothing done)
C:\Program Files\EXEtender\EXEtender

Windows Registry: insMsCMT.exe (Wrong app path, nothing done)


Windows Registry: install.exe (Wrong app path, nothing done)


Windows Registry: D: (Wrong app path, nothing done)


Windows Registry: CS.EXE (Wrong app path, nothing done)
C:\Program Files\CompuServe 7.0\CS.EXE

Windows Registry: cmmgr32.exe (Wrong app path, nothing done)
C:\WINDOWS\System32\cmmgr32.exe

Adobe ImageReady 7.0: Last save folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Adobe\ImageReady 7.0\Preferences\SaveDir\tlfd=

Adobe ImageReady 7.0: Recent file list ( (3 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Adobe\ImageReady 7.0\Preferences\RecentFiles

Adobe ImageReady 7.0: URLs history ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Adobe\ImageReady 7.0\Preferences\URLHistory

Adobe ImageReady 7.0: User actions history ( (11 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Adobe\ImageReady 7.0\Preferences\UserActions

Adobe Photoshop 7.0: Last used folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Adobe\Photoshop\7.0\VisitedDirs\STARTUPIMAGEDIRECTORY=

Common Dialogs: History ( (25 files)) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Internet Explorer: AutoComplete data ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Internet Explorer\IntelliForms\SPW

Internet Explorer: Cookies ( (164 cookies)) (Directory, nothing done)
C:\Documents and Settings\Owner.THEMARSDENS\Cookies

Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Internet Explorer\Download Directory=

Internet Explorer: Temporary internet files ( (12447 entries)) (Empty cache, nothing done)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Install: Active Setup Log.txt (Backup file, nothing done)
C:\WINDOWS\Active Setup Log.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name=

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name=

MS DirectInput: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name=

MS DirectInput: Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id=

MS Media Player: Application data file ( ()) (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

MS Paint: Recent file list ( (4 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey=

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Search Assistant\ACMru

MS Wordpad: Recent file list ( (4 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

RealOne Player 2 (aka RealPlayer 6.0): Last login time (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\LastLoginTime\=

RealOne Player 2 (aka RealPlayer 6.0): Last open file directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent clips #1 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips1\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent clips #2 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips2\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent clips #3 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips3\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent clips #4 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips4\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent clips #5 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips5\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent clips #6 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips6\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent clips #7 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips7\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent clips #8 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips8\=

RealOne Player 2 (aka RealPlayer 6.0): Most recent skins #1 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins1\=

Windows Explorer: Last visited history ( (7 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Program run history ( (1 entries)) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recently opened files ( (65 links)) (Directory, nothing done)
C:\Documents and Settings\Owner.THEMARSDENS\Recent

Windows Explorer: Run history ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Stream history ( (16 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history files ( (138 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history IE ( (23 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows.OpenWith: Open with list - .AU extension ( (3 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\OpenWithList

Windows.OpenWith: Open with list - .BMP extension ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .CAB extension ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList

Windows.OpenWith: Open with list - .CHM extension ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CHM\OpenWithList

WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\directories\gzAddDir=

WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\directories\AddDir=

WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\directories\zDefDir=

WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\directories\DefDir=

WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\directories\gzExtractTo=

WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\directories\ExtractTo=

WinZip: Number of times run (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\rrs\Opened=

WinZip: Recent created file list ( (5 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\filemenu

WinZip: Recent extracted file list ( (1 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\extract

WinZip: Wizard Extraction folder history ( (1 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4078709052-2253304069-2430138451-1003\Software\Nico Mak Computing\WinZip\select


--- Spybot-S&D version: 1.2 ---
2003-09-05 Includes\Cookies.sbi
2003-09-09 Includes\Dialer.sbi
2003-09-08 Includes\Hijackers.sbi
2003-09-05 Includes\Keyloggers.sbi
2003-09-08 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2003-09-05 Includes\Security.sbi
2003-09-09 Includes\Spybots.sbi
2003-08-28 Includes\Temporary.sbi
2003-09-05 Includes\Tracks.uti
2003-09-05 Includes\Trojans.sbi
 
Joined
Dec 9, 2000
Messages
45,855
It seems to me that everything there that it has documented as "fixed" is fair game and shouldn't result in any problems.

However, what we need to see now is the HijackThis Scanlog.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top