pop ups that kick me off

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
:mad: i keep getting kicked off the net i have aol and it frezzes on me and knocks me off line and makes the computer run very slow when i sign on it has a message pop up and i have to cancle it out everytime i get on my computer if some one could please help me i am very frustated on this i have a new computer it is only 1 year old it has xp on it and i an ready to throw this out the window lol.i get kicked out of yahoo games all the time .someone please help me before i lose my mind lol i am very computer dumb and do't understand much about it lol :( thank you so much a friend of mine (davey's sister) suggested to ask for rollin rog that he helped her but any thing i will accept i just need helppppppppppppppppppppp!!!!!!!!
thank you so much julieann
 
Joined
Feb 28, 2001
Messages
11,584
Hello Julieann
Welcome to TSG!
There are many here that can help you with your problem but you will first have to download, run, and post back the results of the Hijack-This log.

Here is the link to and instructions for use.
http://s89223352.onlinehome.us/mirror/hjt/

Please be patient after posting log and someone will review it for you and suggest what need to be done.

Dave
 

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
ogfile of HijackThis v1.97.7
Scan saved at 9:43:40 AM, on 4/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\rdrante\Boob army.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 7.0\waol.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Z5I3NPJX\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O3 - Toolbar: Bend Body Meow - {CE606D9D-F664-E370-9A31-654FB01F4FB8} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00632
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://temp80fe.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo08.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecursors.com/cursors/default.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76434F88-FD6D-40EE-AB1D-382DA6282493}: NameServer = 205.188.146.146
 
Joined
Dec 9, 2000
Messages
45,855
I'm not sure why Spybot is leaving some of those items. Do you have the latest version, and did you update it before running and having it remove problems?

Let's do this for now. Check the following entries in the HijackThis Scanlog, close all browser windows and click "fix checked":

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll

O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe

^^^ I don't know what this is, if you cannot ABSOLUTELY vouch for it, check and "fix" it.

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

>> after fixing those entries, reboot and delete the MYWEBSEARCH folder in c:\Program Files

I would also suggest you install, UPDATE, and run Ad-Aware following Winchester's directions here:

Ad-Aware Home Page and Ad-Aware 6: Reference Guide by Winchester73

Then post another Scanlog and let us know if you still have the problem.

Also can you provide any information on what is represented by the folder in the path I have bolded here:

O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
 
Joined
Mar 22, 2004
Messages
12
Rog, this is Chris (davey's sister - hello). I am trying to help Juliann thru this, however I am just as "uncomputer" saavy as she is. She has no idea as to what that folder (EGGSOE~1\eqbuild.dll) is. Do you have time to get with us here or are you busy, like I probably know you are?
Chris
 

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
Logfile of HijackThis v1.97.7
Scan saved at 10:04:06 AM, on 4/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\rdrante\Boob army.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 7.0\waol.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPQFG5IJ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O3 - Toolbar: Bend Body Meow - {CE606D9D-F664-E370-9A31-654FB01F4FB8} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00632
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://temp80fe.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo08.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecursors.com/cursors/default.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76434F88-FD6D-40EE-AB1D-382DA6282493}: NameServer = 205.188.146.146
 
Joined
Dec 9, 2000
Messages
45,855
I'm surprised Ad-aware left the MyWebSearch stuff there if a full system scan was run following Winchester's directions and everything it targeted was removed.

This process will be a little more complex so you should have these instructions in a notepad file in a convenient location. Also HijackThis should be stored in a permanent folder so that its backups will be preserved if they should be needed.

You will need to restart in Safe Mode to carry them out. To do that, go to Start > Run, enter msconfig and check the /safeboot entry under the "boot.ini" tab. This check will have to be removed to return to normal mode.

1-- In Safe Mode run HijackThis, check the following entries and click "fix checked":

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll

O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll
O3 - Toolbar: Bend Body Meow - {CE606D9D-F664-E370-9A31-654FB01F4FB8} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll


>>> again I have to ask if you can vouch for this, if not, check and "fix" it:

>>> O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EX

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00632

2 -- Now use Windows Explorer to navigate to C:\Program Files and delete the MyWebSearch and Autoupdate folders there. You may also delete the EGGSPE.... folder since you don't know what installed it; I don't know what the full name is but it begins with those letters.

3 -- Reboot after unchecking /safeboot and post a new Scanlog. Let us know if the pop-ups problem has been resolved.
 

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Saturday, April 24, 2004 12:17:30 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R299 22.04.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R299 22.04.2004
Internal build : 231
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1070822 Bytes
Signature data size : 1052604 Bytes
Reference data size : 18154 Bytes
Signatures total : 23634
Target categories : 10
Target families : 455

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:26 %
Total physical memory:228844 kb
Available physical memory:57680 kb
Total page file size:560216 kb
Available on page file:401632 kb
Total virtual memory:2097024 kb
Available virtual memory:2055192 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


4-24-2004 12:17:30 PM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 4-24-2004 4:50:47 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 4-24-2004 4:50:49 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-24-2004 4:50:50 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 11/16/2002 7:31:18 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 8/29/2002 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-24-2004 4:50:50 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 11/16/2002 7:56:06 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 8/29/2002 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-24-2004 4:50:50 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 11/16/2002 7:31:30 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 8/29/2002 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-24-2004 4:50:50 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 11/16/2002 7:31:30 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 8/29/2002 12:00:00 PM

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 4-24-2004 4:50:53 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 11/16/2002 7:54:58 AM
Last accessed : 4/24/2004 4:50:53 PM
Last modified : 8/29/2002 12:00:00 PM

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 4-24-2004 4:50:53 PM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 4/24/2004 1:51:58 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 7/17/2003 4:16:38 PM

#:9 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-24-2004 4:50:53 PM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 7.4
ProductVersion : 7.4
Copyright : (C) 1993 - 2002 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 3/10/2004 3:55:05 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 10/14/2002 8:03:18 PM

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-24-2004 4:50:53 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 11/16/2002 7:31:28 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 8/29/2002 12:00:00 PM

#:11 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-24-2004 4:50:54 PM
BasePriority : Normal
FileSize : 170 KB
FileVersion : 7.4
ProductVersion : 7.4
Copyright : (C) 1993 - 2002 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
OriginalFilename : LEXPPS.EXE
ProductName : MarkVision for Windows (32 bit)
Created on : 3/10/2004 3:55:06 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 10/14/2002 8:00:42 PM

#:12 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 4-24-2004 4:50:54 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 4/24/2004 1:51:52 AM
Last accessed : 4/24/2004 4:49:18 PM
Last modified : 11/15/2002 12:41:26 AM

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-24-2004 4:50:54 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 11/16/2002 7:31:30 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 8/29/2002 12:00:00 PM

#:14 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 4-24-2004 4:50:54 PM
BasePriority : Normal
 

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
FileSize : 64 KB
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 3/1/2003 12:14:36 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 5/10/2002 6:50:04 PM

#:15 [hpsysdrv.exe]
FilePath : C:\windows\system\
ThreadCreationTime : 4-24-2004 4:50:58 PM
BasePriority : Normal
FileSize : 51 KB
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
Copyright : Copyright
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
OriginalFilename : hpsysdrv.exe
ProductName : hpsysdrv
Created on : 10/29/2002 9:16:14 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 5/8/1998 12:04:38 AM

#:16 [sgtray.exe]
FilePath : C:\Program Files\VERITAS Software\Update Manager\
ThreadCreationTime : 4-24-2004 4:50:58 PM
BasePriority : Normal
FileSize : 152 KB
FileVersion : 1.01.02a
Copyright : Copyright
CompanyName : VERITAS Software, Inc.
FileDescription : VERITAS Update Manager
Created on : 6/18/2002 4:01:00 PM
Last accessed : 4/24/2004 4:51:53 PM
Last modified : 6/18/2002 4:01:00 PM

#:17 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 4-24-2004 4:50:58 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1599
ProductVersion : 0.1.0.1599
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 10/29/2002 9:41:46 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 10/29/2002 9:41:46 PM

#:18 [ps2.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-24-2004 4:50:59 PM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 1.0.2.1
ProductVersion : 1.0.2.1
Copyright : Copyright
CompanyName : Hewlett-Packard Company
FileDescription : PS2 EXE
InternalName : PS2 EXE
OriginalFilename : Ps2.exe
ProductName : Hewlett-Packard Company PS2 EXE
Created on : 10/29/2002 9:34:09 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 8/1/2002 4:28:38 AM

#:19 [rnathchk.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 4-24-2004 4:50:59 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 7.0.0.1167
ProductVersion : 7.0.0.1167
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
OriginalFilename : rnathchk.EXE
ProductName : RealOne Player (32-bit)
Created on : 10/29/2002 9:41:45 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 10/29/2002 9:41:45 PM

#:20 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 4-24-2004 4:51:00 PM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.03.15
ProductVersion : 1.03.15
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 4/24/2004 1:51:58 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 7/17/2003 4:16:38 PM

#:21 [lxbbbmgr.exe]
FilePath : C:\Program Files\Lexmark X74-X75\
ThreadCreationTime : 4-24-2004 4:51:00 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 1.0.6.0
ProductVersion : 1.0.6.0
Copyright : (C) 2002 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X74-X75 Button Manager
InternalName : lxbbbmgr.exe
OriginalFilename : lxbbbmgr.exe
ProductName : Button Manager Executable
Created on : 10/14/2002 8:09:12 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 10/14/2002 8:09:12 PM

#:22 [s3tray2.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-24-2004 4:51:01 PM
BasePriority : Normal
FileSize : 68 KB
FileVersion : 1.00.19-0113
ProductVersion : 1.00.19-0113
Copyright : Copyright (C) 2001-2003 S3 S3 Graphics, Inc.
CompanyName : S3 Graphics, Inc.
FileDescription : s3contrl
InternalName : s3contrl
OriginalFilename : s3contrl.exe
ProductName : S3 Graphics Utilities
Created on : 2/25/2003 10:33:14 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 2/25/2003 10:33:14 AM

#:23 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 4-24-2004 4:51:01 PM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 7.00.0716.0
ProductVersion : 7.00.0716.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkUFind
OriginalFilename : WkUFind.exe
ProductName : Update Detection Module
Created on : 7/16/2002 9:21:48 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 7/16/2002 9:21:48 PM

#:24 [lxbbbmon.exe]
FilePath : C:\Program Files\Lexmark X74-X75\
ThreadCreationTime : 4-24-2004 4:51:02 PM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1.0.6.0
ProductVersion : 1.0.6.0
Copyright : (C) 2002 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X74-X75 Button Monitor
InternalName : lxbbbmon.exe
OriginalFilename : lxbbbmon.exe
ProductName : Button Monitor Executable
Created on : 10/14/2002 8:22:04 PM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 10/14/2002 8:22:04 PM

#:25 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 4-24-2004 4:51:02 PM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 1:30:14 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 4/15/2003 1:30:14 AM

#:26 [weather.exe]
FilePath : C:\Program Files\AWS\WeatherBug\
ThreadCreationTime : 4-24-2004 4:51:04 PM
BasePriority : Normal
FileSize : 772 KB
FileVersion : 4, 1, 0, 2
ProductVersion : 4, 1, 0, 2
Copyright : Copyright
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
OriginalFilename : WeatherBug.exe
ProductName : AWS, Inc.WeatherBug
Created on : 10/30/2002 1:28:24 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 10/26/2002 11:59:38 AM

#:27 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ThreadCreationTime : 4-24-2004 4:51:05 PM
BasePriority : Normal
FileSize : 1012 KB
Created on : 4/14/2004 6:03:00 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 4/14/2004 6:03:00 AM

#:28 [waol.exe]
FilePath : C:\Program Files\America Online 7.0\
ThreadCreationTime : 4-24-2004 4:51:59 PM
BasePriority : Normal
FileSize : 176 KB
FileVersion : 7.00.000
ProductVersion : 7.00.000
Copyright : Copyright (C) America Online, Inc. 1999 - 2001
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : WAOL
ProductName : America Online
Created on : 3/1/2003 12:08:11 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 5/10/2002 6:16:56 PM

#:29 [ypager.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ThreadCreationTime : 4-24-2004 4:53:42 PM
BasePriority : Normal
FileSize : 1496 KB
FileVersion : 5, 6, 0, 1358
ProductVersion : 5, 6, 0, 1358
Copyright : Copyright 1998-2003
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
OriginalFilename : YPager.exe
ProductName : Yahoo! Messenger
Created on : 4/8/2004 10:50:36 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 12/26/2003 8:57:44 PM

#:30 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 4-24-2004 5:09:32 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/24/2004 4:29:01 PM
Last accessed : 4/24/2004 4:56:16 PM
Last modified : 7/13/2003 2:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Alexa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{954814C0-40F3-4249-8528-B4922CD2964E}


MPGCom Toolbar Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{39c0d1ad-078d-47bf-aecd-3cd8151d902f}


MPGCom Toolbar Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iempg.iempgobj


MPGCom Toolbar Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iempg.iempgobj.1


MPGCom Toolbar Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E8}


MPGCom Toolbar Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mpgcom.zoom


MPGCom Toolbar Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mpgcom.zoom.1


MPGCom Toolbar Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{7280873c-bdf4-429d-a320-f69eeedd8e6d}


MPGCom Toolbar Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E7}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Apropos.Client


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Apropos.Client.1.1


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A4A58A2C-B039-432B-8BC1-DCA7AC0757DC}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Apropos


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Envolo


PeopleOnPage Object recognized!
Type : RegKey
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate
 

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

Created on : 4/2/2003 2:36:58 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/2/2003 2:36:58 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

Created on : 7/8/2003 2:27:31 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 7/8/2003 2:27:31 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

Created on : 4/15/2003 6:32:19 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/15/2003 6:32:19 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

Created on : 4/2/2003 8:17:38 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/2/2003 8:17:38 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

Created on : 4/2/2003 2:46:28 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/2/2003 2:52:20 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

Created on : 7/8/2003 2:02:12 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 7/8/2003 2:02:12 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

Created on : 7/8/2003 2:02:10 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 7/8/2003 2:02:12 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

Created on : 7/8/2003 2:48:06 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 7/8/2003 2:48:06 PM



Cydoor Object recognized!
Type : File
Data : cd_clint.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 151 KB
FileVersion : 3, 2, 1, 0
ProductVersion : 3, 2, 1, 0
Copyright : Copyright (C) Cydoor Technologies, Inc. 1999-2001
CompanyName : Cydoor Technologies, Inc.
FileDescription : Cydoor Technologies ad-system
InternalName : CD_Clint.dll
OriginalFilename : CD_Clint.dll
ProductName : Cydoor Technologies ad-system
Created on : 4/15/2003 2:34:17 PM
Last accessed : 4/24/2004 5:20:17 PM
Last modified : 1/14/2002 7:57:00 PM



Lop.com Object recognized!
Type : File
Data : tim11.tmp.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 7 KB
Created on : 4/13/2004 12:25:28 AM
Last accessed : 4/24/2004 5:20:21 PM
Last modified : 4/13/2004 12:25:29 AM



Lop.com Object recognized!
Type : File
Data : tim14.tmp.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 7 KB
Created on : 4/12/2004 7:15:58 PM
Last accessed : 4/24/2004 5:20:21 PM
Last modified : 4/12/2004 7:15:58 PM



Lop.com Object recognized!
Type : File
Data : tim7c.tmp.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileSize : 7 KB
Created on : 4/3/2004 6:11:32 AM
Last accessed : 4/24/2004 5:20:21 PM
Last modified : 4/3/2004 6:11:32 AM



PeopleOnPage Object recognized!
Type : File
Data : autoupdate.exe
Category : Data Miner
Comment :
Object : C:\Program Files\AutoUpdate\
FileSize : 220 KB
Created on : 4/16/2004 12:13:14 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 4/16/2004 12:13:11 AM



Lop.com Object recognized!
Type : File
Data : eqbuild.dll
Category : Malware
Comment :
Object : C:\Program Files\Eggs Peak Extra\
FileSize : 192 KB
Created on : 4/15/2004 11:57:43 PM
Last accessed : 4/24/2004 5:18:27 PM
Last modified : 4/15/2004 11:57:43 PM



WildTangent Object recognized!
Type : File
Data : wildtangent.jar
Category : Data Miner
Comment :
Object : C:\Program Files\Java\j2re1.4.0\lib\ext\
FileSize : 126 KB
Created on : 4/20/2004 2:50:02 PM
Last accessed : 4/24/2004 5:23:02 PM
Last modified : 1/15/2003 10:38:10 PM



PeopleOnPage Object recognized!
Type : File
Data : more.exe
Category : Data Miner
Comment :
Object : C:\Program Files\rdrante\
FileSize : 68 KB
Created on : 4/15/2004 11:58:00 PM
Last accessed : 4/24/2004 5:24:00 PM
Last modified : 4/15/2004 11:58:00 PM



WurldMedia Object recognized!
Type : File
Data : mo030414s.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 332 KB
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
Copyright : Copyright 2000, 2001, 2002, 2003 Wurld Media Inc.
CompanyName : Wurld Media Inc.
FileDescription : mobho module
InternalName : mobho
OriginalFilename : mobho.dll
ProductName : mobho
Created on : 6/27/2003 5:47:09 AM
Last accessed : 4/24/2004 5:30:46 PM
Last modified : 6/27/2003 5:47:10 AM



WurldMedia Object recognized!
Type : File
Data : mobho.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 332 KB
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
Copyright : Copyright 2000, 2001, 2002, 2003 Wurld Media Inc.
CompanyName : Wurld Media Inc.
FileDescription : mobho module
InternalName : mobho
OriginalFilename : mobho.dll
ProductName : mobho
Created on : 6/27/2003 5:47:10 AM
Last accessed : 4/24/2004 5:30:47 PM
Last modified : 6/27/2003 5:47:12 AM



WurldMedia Object recognized!
Type : File
Data : mostat.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 220 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003
FileDescription : sostatatl Module
InternalName : sostatatl
OriginalFilename : sostatatl.EXE
ProductName : sostatatl Module
Created on : 6/27/2003 5:47:07 AM
Last accessed : 4/24/2004 5:30:47 PM
Last modified : 4/7/2003 8:38:02 PM



BrilliantDigital Object recognized!
Type : File
Data : bdedownloader.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\Altnet\
FileSize : 93 KB
FileVersion : 3, 0, 39, 0
ProductVersion : 3, 0, 39, 0
Copyright : Copyright
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEDownloader
InternalName : BDEDownloader
OriginalFilename : BDEDownloader.dll
ProductName : Brilliant Digital Entertainment Inc. BDEDownloader
Created on : 6/27/2003 6:11:40 PM
Last accessed : 4/24/2004 5:31:30 PM
Last modified : 7/21/2003 7:39:40 PM



BrilliantDigital Object recognized!
Type : File
Data : bdefdi.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\Altnet\
FileSize : 49 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEFdiTest
InternalName : BDEFdiTest
OriginalFilename : BDEFdiTest.exe
ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest
Created on : 6/27/2003 6:11:40 PM
Last accessed : 4/24/2004 5:31:30 PM
Last modified : 7/21/2003 7:39:40 PM



WildTangent Object recognized!
Type : File
Data : wcmdmgr.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\wt\backup\1.6.0.037\
FileSize : 140 KB
FileVersion : 1.6.0.37
ProductVersion : 1.6.0.37
Copyright : Copyright
CompanyName : WildTangent, Inc.
FileDescription : wcmdmgr
InternalName : WildTangent Updater Service
OriginalFilename : wcmdmgr.exe
ProductName : WildTangent Updater Service
Created on : 9/27/2002 8:47:32 PM
Last accessed : 4/24/2004 5:31:33 PM
Last modified : 9/27/2002 8:47:32 PM



WildTangent Object recognized!
Type : File
Data : wcmdmgrl.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\wt\backup\1.6.0.037\
FileSize : 20 KB
FileVersion : 1.6.0.37
ProductVersion : 1.6.0.37
Copyright : Copyright
CompanyName : WildTangent, Inc.
FileDescription : wcmdmgrl
InternalName : wcmdmgrl
OriginalFilename : wcmdmgrl.exe
ProductName : Wild Tangent wcmdmgrl
Created on : 9/27/2002 8:47:34 PM
Last accessed : 4/24/2004 5:31:33 PM
Last modified : 9/27/2002 8:47:34 PM



WildTangent Object recognized!
Type : File
Data : wtcpl.cpl
Category : Data Miner
Comment :
Object : C:\WINDOWS\wt\backup\1.6.0.037\
FileSize : 44 KB
FileVersion : 1.6.0.37
ProductVersion : 1.6.0.37
Copyright : Copyright
CompanyName : WildTangent, Inc.
FileDescription : wtcpl
InternalName : wtcpl
OriginalFilename : wtcpl.cpl
ProductName : Wild Tangent wtcpl
Created on : 9/27/2002 8:47:26 PM
Last accessed : 4/24/2004 5:31:33 PM
Last modified : 9/27/2002 8:47:26 PM



WildTangent Object recognized!
Type : File
Data : wtisa.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\wt\backup\1.6.0.037\
FileSize : 32 KB
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
Copyright : Copyright 2002
CompanyName : WildTangent, Inc.
FileDescription : Information Services Client
InternalName : ISA
OriginalFilename : wtisa.dll
ProductName : Information Services Application
Created on : 9/27/2002 8:47:40 PM
Last accessed : 4/24/2004 5:31:33 PM
Last modified : 9/27/2002 8:47:40 PM



WildTangent Object recognized!
Type : File
Data : wtvh.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\wt\
FileSize : 52 KB
Created on : 3/1/2003 12:27:27 AM
Last accessed : 4/24/2004 5:31:34 PM
Last modified : 1/15/2003 10:26:12 PM



MPGCom Toolbar Object recognized!
Type : File
Data : iempg.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileSize : 13 KB
Created on : 10/12/2003 9:07:45 PM
Last accessed : 4/24/2004 5:31:35 PM
Last modified : 10/12/2003 9:07:45 PM



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 120


Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 120


Deep scanning and examining files (E:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for E:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 120


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 120




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A54814C0-40F3-4249-8528-B4922CD2964E}


MPGCom Toolbar Object recognized!
Type : File
Data : iempg.dat
Category : Malware
Comment :
Object : c:\windows\fonts\

Created on : 10/12/2003 9:30:08 PM
Last accessed : 4/24/2004 5:32:47 PM
Last modified : 2/15/2004 5:25:31 AM



MPGCom Toolbar Object recognized!
Type : File
Data : mpgcom.ins
Category : Malware
Comment :
Object : c:\windows\fonts\

Created on : 10/12/2003 9:30:13 PM
Last accessed : 4/24/2004 5:32:47 PM
Last modified : 2/15/2004 5:25:39 AM



MPGCom Toolbar Object recognized!
Type : File
Data : mpgcom.dll
Category : Malware
Comment :
Object : c:\windows\
FileSize : 18 KB
Created on : 10/12/2003 9:30:13 PM
Last accessed : 4/24/2004 5:32:47 PM
Last modified : 2/15/2004 5:25:37 AM



PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A2872B10-39F2-42DF-9335-7DD38CF75255}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A1558B18-F76C-40FE-B358-9E47449F3CFE}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A2872B10-39F2-42DF-9335-7DD38CF75255}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A7D0472E-C1FC-4D8F-ABA1-98A7692561BF}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\AutoLoader


PeopleOnPage Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\program files\AutoUpdate


PeopleOnPage Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\AutoUpdate0


PeopleOnPage Object recognized!
Type : File
Data : libexpat.dll
Category : Data Miner
Comment :
Object : c:\program files\autoupdate\
FileSize : 140 KB
Created on : 4/16/2004 12:13:14 AM
Last accessed : 4/24/2004 4:50:47 PM
Last modified : 4/16/2004 12:13:11 AM



PeopleOnPage Object recognized!
Type : File
Data : aproposplugin.dll
Category : Data Miner
Comment :
Object : c:\program files\sysai\
FileSize : 60 KB
Created on : 4/23/2004 2:18:58 AM
Last accessed : 4/24/2004 5:24:05 PM
Last modified : 4/23/2004 2:18:47 AM



PeopleOnPage Object recognized!
Type : File
Data : auto_update_uninstall.exe
Category : Data Miner
Comment :
Object : c:\windows\system32\
FileSize : 228 KB
Created on : 4/16/2004 12:13:14 AM
Last accessed : 4/24/2004 5:30:14 PM
Last modified : 4/16/2004 12:13:11 AM



PeopleOnPage Object recognized!
Type : File
Data : auto_update_uninstall.log
Category : Data Miner
Comment :
Object : c:\windows\system32\

Created on : 4/16/2004 12:13:14 AM
Last accessed : 4/24/2004 5:32:47 PM
Last modified : 4/16/2004 12:13:14 AM



PeopleOnPage Object recognized!
Type : File
Data : popcaploader.dll
Category : Data Miner
Comment :
Object : c:\windows\downloaded program files\
FileSize : 124 KB
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
Copyright : Copyright 2003
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
OriginalFilename : PopCapLoader.DLL
ProductName : PopCapLoader Module
Created on : 12/19/2003 10:02:06 PM
Last accessed : 4/24/2004 5:18:40 PM
Last modified : 12/19/2003 10:02:06 PM



WildTangent Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Control Panel\MMCPL


WildTangent Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\windows\wt


WildTangent Object recognized!
Type : File
Data : backup
Category : Data Miner
Comment :
Object : c:\windows\wt\

Created on : 3/1/2003 12:27:25 AM
Last accessed : 4/24/2004 5:31:34 PM
Last modified : 4/5/2004 3:00:02 AM



WildTangent Object recognized!
Type : File
Data : data.wts
Category : Data Miner
Comment :
Object : c:\windows\wt\

Created on : 3/1/2003 12:27:27 AM
Last accessed : 4/24/2004 5:32:47 PM
Last modified : 1/15/2003 10:43:08 PM



WildTangent Object recognized!
Type : File
Data : ddcmpatch.exe
Category : Data Miner
Comment :
Object : c:\windows\wt\
FileSize : 24 KB
FileVersion : 0, 0, 0, 0
ProductVersion : 0, 0, 0, 0
Copyright : Copyright
CompanyName : WildTangent
FileDescription : DDCMPatch
InternalName : DDCMPatch
OriginalFilename : DDCMPatch.exe
ProductName : WildTangent DDCMPatch
Created on : 10/12/2003 7:54:05 AM
Last accessed : 4/24/2004 5:31:34 PM
Last modified : 3/14/2002 8:56:16 PM



WildTangent Object recognized!
Type : File
Data : dupguids.dat
Category : Data Miner
Comment :
Object : c:\windows\wt\

Created on : 10/12/2003 7:54:05 AM
Last accessed : 4/24/2004 5:32:47 PM
Last modified : 3/14/2002 6:48:02 PM



WildTangent Object recognized!
Type : File
Data : wt3d.dll
Category : Data Miner
Comment :
Object : c:\windows\wt\

Created on : 3/1/2003 12:27:27 AM
Last accessed : 4/24/2004 5:32:47 PM
Last modified : 1/15/2003 10:43:08 PM



WildTangent Object recognized!
Type : File
Data : wt3d.ini
Category : Data Miner
Comment :
Object : c:\windows\wt\

Created on : 3/1/2003 12:27:27 AM
Last accessed : 4/24/2004 5:32:47 PM
Last modified : 3/1/2003 12:27:27 AM



WildTangent Object recognized!
Type : File
Data : wtbgm
Category : Data Miner
Comment :
Object : c:\windows\wt\

Created on : 3/1/2003 12:41:30 AM
Last accessed : 4/24/2004 5:31:34 PM
Last modified : 5/8/2003 11:38:54 PM



WildTangent Object recognized!
Type : File
Data : wtgutils
Category : Data Miner
Comment :
Object : c:\windows\wt\

Created on : 3/1/2003 12:27:28 AM
Last accessed : 4/24/2004 5:31:34 PM
Last modified : 3/1/2003 12:27:28 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 4/2/2003 2:37:03 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/2/2003 2:37:03 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 4/2/2003 2:36:58 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/2/2003 2:36:58 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 7/8/2003 2:27:31 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 7/8/2003 2:27:31 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 4/15/2003 6:32:19 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/15/2003 6:32:19 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 4/2/2003 8:17:38 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/2/2003 8:17:38 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 4/2/2003 2:46:28 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 4/2/2003 2:52:20 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 7/8/2003 2:02:12 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 7/8/2003 2:02:12 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 7/8/2003 2:02:10 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 7/8/2003 2:02:12 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\Cookies\

Created on : 7/8/2003 2:48:06 PM
Last accessed : 4/24/2004 5:20:11 PM
Last modified : 7/8/2003 2:48:06 PM



WurldMedia Object recognized!
Type : File
Data : mo001.dat
Category : Data Miner
Comment :
Object : c:\windows\system32\

Created on : 7/5/2003 3:47:31 PM
Last accessed : 4/24/2004 5:33:32 PM
Last modified : 7/5/2003 3:47:31 PM



WurldMedia Object recognized!
Type : File
Data : moad02020217.de
Category : Data Miner
Comment :
Object : c:\windows\system32\
FileSize : 10 KB
Created on : 6/27/2003 5:48:05 AM
Last accessed : 4/24/2004 5:33:32 PM
Last modified : 9/4/2003 3:13:34 PM



BrilliantDigital Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\BDECache


BrilliantDigital Object recognized!
Type : File
Data : bde54.tmp
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\bdecache\

Created on : 8/19/2003 12:21:47 AM
Last accessed : 4/24/2004 5:33:32 PM
Last modified : 8/19/2003 12:21:48 AM
 

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
BrilliantDigital Object recognized!
Type : File
Data : bde56.tmp
Category : Data Miner
Comment :
Object : c:\docume~1\owner\locals~1\temp\bdecache\

Created on : 8/19/2003 12:23:29 AM
Last accessed : 4/24/2004 5:33:32 PM
Last modified : 8/19/2003 12:23:29 AM



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 41
Objects found so far: 161


12:33:32 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:16:02:719
Objects scanned :171370
Objects identified :161
Objects ignored :0
New objects :161
 
Joined
Mar 22, 2004
Messages
12
Rog, Julie posted by accident before we followed your first directions. Please disregard that and see what she posted thereafter. We have not done anything from your second set of instructions, because I think we have deleted most of those files. Juliann could not find where to delete that one program file MYWEBSEARCH folder, so that is not as of yet deleted. Also, we have not deleted the following file that you had hoped she could shed some light on (which she cannot); EGGSPE~1\eqbuild.dll Waiting for further instructions, and thank you very much, Roger. Chris
 

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
also rog when i turn my computer i get a popup thing that says the feture you are trying to use is on a network resourse that is unavaiable click ok to try again when i9 click that it saysfolder containing the installtion package is 'sguard.msi'in the box below which is c;/doumement`/owner/locals`1/temp/vies i think it is a vwritas up date manager have no clue what that is julieann
 
Joined
Dec 9, 2000
Messages
45,855
Ok, I really don't want to see the Ad-Aware log so much as a new HijackThis Scan after running Ad-aware and having it delete the malware it finds and then rebooting.

I'll need to know if you are still having problems after doing that.
 

julieann

Thread Starter
Joined
Apr 22, 2004
Messages
13
Logfile of HijackThis v1.97.7
Scan saved at 6:23:38 PM, on 4/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 7.0\waol.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPQFG5IJ\HijackThis[2].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O3 - Toolbar: Bend Body Meow - {CE606D9D-F664-E370-9A31-654FB01F4FB8} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00632
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://temp80fe.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo08.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecursors.com/cursors/default.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76434F88-FD6D-40EE-AB1D-382DA6282493}: NameServer = 205.188.146.146
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top