1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

pop ups that kick me off

Discussion in 'Virus & Other Malware Removal' started by julieann, Apr 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    :mad: i keep getting kicked off the net i have aol and it frezzes on me and knocks me off line and makes the computer run very slow when i sign on it has a message pop up and i have to cancle it out everytime i get on my computer if some one could please help me i am very frustated on this i have a new computer it is only 1 year old it has xp on it and i an ready to throw this out the window lol.i get kicked out of yahoo games all the time .someone please help me before i lose my mind lol i am very computer dumb and do't understand much about it lol :( thank you so much a friend of mine (davey's sister) suggested to ask for rollin rog that he helped her but any thing i will accept i just need helppppppppppppppppppppp!!!!!!!!
    thank you so much julieann
     
  2. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Hello Julieann
    Welcome to TSG!
    There are many here that can help you with your problem but you will first have to download, run, and post back the results of the Hijack-This log.

    Here is the link to and instructions for use.
    http://s89223352.onlinehome.us/mirror/hjt/

    Please be patient after posting log and someone will review it for you and suggest what need to be done.

    Dave
     
  3. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    ogfile of HijackThis v1.97.7
    Scan saved at 9:43:40 AM, on 4/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\rdrante\Boob army.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\America Online 7.0\waol.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Z5I3NPJX\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
    O3 - Toolbar: Bend Body Meow - {CE606D9D-F664-E370-9A31-654FB01F4FB8} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00632
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://temp80fe.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo08.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecursors.com/cursors/default.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76434F88-FD6D-40EE-AB1D-382DA6282493}: NameServer = 205.188.146.146
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm not sure why Spybot is leaving some of those items. Do you have the latest version, and did you update it before running and having it remove problems?

    Let's do this for now. Check the following entries in the HijackThis Scanlog, close all browser windows and click "fix checked":

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll

    O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe

    ^^^ I don't know what this is, if you cannot ABSOLUTELY vouch for it, check and "fix" it.

    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

    >> after fixing those entries, reboot and delete the MYWEBSEARCH folder in c:\Program Files

    I would also suggest you install, UPDATE, and run Ad-Aware following Winchester's directions here:

    Ad-Aware Home Page and Ad-Aware 6: Reference Guide by Winchester73

    Then post another Scanlog and let us know if you still have the problem.

    Also can you provide any information on what is represented by the folder in the path I have bolded here:

    O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
     
  5. chris54

    chris54

    Joined:
    Mar 22, 2004
    Messages:
    12
    Rog, this is Chris (davey's sister - hello). I am trying to help Juliann thru this, however I am just as "uncomputer" saavy as she is. She has no idea as to what that folder (EGGSOE~1\eqbuild.dll) is. Do you have time to get with us here or are you busy, like I probably know you are?
    Chris
     
  6. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    Logfile of HijackThis v1.97.7
    Scan saved at 10:04:06 AM, on 4/24/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\rdrante\Boob army.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\America Online 7.0\waol.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPQFG5IJ\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
    O3 - Toolbar: Bend Body Meow - {CE606D9D-F664-E370-9A31-654FB01F4FB8} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00632
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://temp80fe.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo08.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecursors.com/cursors/default.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76434F88-FD6D-40EE-AB1D-382DA6282493}: NameServer = 205.188.146.146
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm surprised Ad-aware left the MyWebSearch stuff there if a full system scan was run following Winchester's directions and everything it targeted was removed.

    This process will be a little more complex so you should have these instructions in a notepad file in a convenient location. Also HijackThis should be stored in a permanent folder so that its backups will be preserved if they should be needed.

    You will need to restart in Safe Mode to carry them out. To do that, go to Start > Run, enter msconfig and check the /safeboot entry under the "boot.ini" tab. This check will have to be removed to return to normal mode.

    1-- In Safe Mode run HijackThis, check the following entries and click "fix checked":

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

    O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll

    O2 - BHO: (no name) - {BEB133E5-FD72-43b7-8AFF-681831CC72D9} - C:\WINDOWS\wiesasp2.dll
    O3 - Toolbar: Bend Body Meow - {CE606D9D-F664-E370-9A31-654FB01F4FB8} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll


    >>> again I have to ask if you can vouch for this, if not, check and "fix" it:

    >>> O4 - HKLM\..\Run: [platformmode] C:\PROGRA~1\rdrante\Boob army.exe

    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EX

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00632

    2 -- Now use Windows Explorer to navigate to C:\Program Files and delete the MyWebSearch and Autoupdate folders there. You may also delete the EGGSPE.... folder since you don't know what installed it; I don't know what the full name is but it begins with those letters.

    3 -- Reboot after unchecking /safeboot and post a new Scanlog. Let us know if the pop-ups problem has been resolved.
     
  8. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Saturday, April 24, 2004 12:17:30 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R299 22.04.2004
    ______________________________________________________

    Reffile status:
    =========================
    Reference file loaded:
    Reference Number : 01R299 22.04.2004
    Internal build : 231
    File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
    Total size : 1070822 Bytes
    Signature data size : 1052604 Bytes
    Reference data size : 18154 Bytes
    Signatures total : 23634
    Target categories : 10
    Target families : 455

    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Non Intel
    Memory available:26 %
    Total physical memory:228844 kb
    Available physical memory:57680 kb
    Total page file size:560216 kb
    Available on page file:401632 kb
    Total virtual memory:2097024 kb
    Available virtual memory:2055192 kb
    OS:

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-aware Settings
    =========================
    Set : Unload recognized processes during scanning
    Set : Include basic Ad-aware settings in logfile
    Set : Include additional Ad-aware settings in logfile
    Set : Automatically try to unregister objects prior to deletion
    Set : Let windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Always back up reference file, before updating
    Set : Play sound if scan produced a result


    4-24-2004 12:17:30 PM - Scan started. (Custom mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 4-24-2004 4:50:47 PM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 4-24-2004 4:50:49 PM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 4-24-2004 4:50:50 PM
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 11/16/2002 7:31:18 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 8/29/2002 12:00:00 PM

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 4-24-2004 4:50:50 PM
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 11/16/2002 7:56:06 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 8/29/2002 12:00:00 PM

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 4-24-2004 4:50:50 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 11/16/2002 7:31:30 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 8/29/2002 12:00:00 PM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 4-24-2004 4:50:50 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 11/16/2002 7:31:30 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 8/29/2002 12:00:00 PM

    #:7 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 4-24-2004 4:50:53 PM
    BasePriority : Normal
    FileSize : 980 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 11/16/2002 7:54:58 AM
    Last accessed : 4/24/2004 4:50:53 PM
    Last modified : 8/29/2002 12:00:00 PM

    #:8 [ccevtmgr.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ThreadCreationTime : 4-24-2004 4:50:53 PM
    BasePriority : Normal
    FileSize : 309 KB
    FileVersion : 1.03.4
    ProductVersion : 1.03.4
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Event Manager Service
    InternalName : ccEvtMgr
    OriginalFilename : ccEvtMgr.exe
    ProductName : Event Manager
    Created on : 4/24/2004 1:51:58 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 7/17/2003 4:16:38 PM

    #:9 [lexbces.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 4-24-2004 4:50:53 PM
    BasePriority : Normal
    FileSize : 296 KB
    FileVersion : 7.4
    ProductVersion : 7.4
    Copyright : (C) 1993 - 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : LexBce Service
    InternalName : LexBce Service
    OriginalFilename : LexBceS.exe
    ProductName : MarkVision for Windows (32 bit)
    Created on : 3/10/2004 3:55:05 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 10/14/2002 8:03:18 PM

    #:10 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 4-24-2004 4:50:53 PM
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 11/16/2002 7:31:28 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 8/29/2002 12:00:00 PM

    #:11 [lexpps.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 4-24-2004 4:50:54 PM
    BasePriority : Normal
    FileSize : 170 KB
    FileVersion : 7.4
    ProductVersion : 7.4
    Copyright : (C) 1993 - 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : LEXPPS.EXE
    InternalName : LEXPPS
    OriginalFilename : LEXPPS.EXE
    ProductName : MarkVision for Windows (32 bit)
    Created on : 3/10/2004 3:55:06 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 10/14/2002 8:00:42 PM

    #:12 [navapsvc.exe]
    FilePath : C:\Program Files\Norton AntiVirus\
    ThreadCreationTime : 4-24-2004 4:50:54 PM
    BasePriority : Normal
    FileSize : 113 KB
    FileVersion : 9.05.1015
    ProductVersion : 9.05.1015
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    OriginalFilename : NAVAPSVC.EXE
    ProductName : Norton AntiVirus
    Created on : 4/24/2004 1:51:52 AM
    Last accessed : 4/24/2004 4:49:18 PM
    Last modified : 11/15/2002 12:41:26 AM

    #:13 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 4-24-2004 4:50:54 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 11/16/2002 7:31:30 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 8/29/2002 12:00:00 PM

    #:14 [wanmpsvc.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 4-24-2004 4:50:54 PM
    BasePriority : Normal
     
  9. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    FileSize : 64 KB
    FileVersion : 7, 0, 0, 2
    ProductVersion : 7, 0, 0, 2
    Copyright : Copyright
    CompanyName : America Online, Inc.
    FileDescription : Wan Miniport (ATW) Service
    InternalName : WanMPSvc
    OriginalFilename : WanMPSvc.exe
    ProductName : America Online
    Created on : 3/1/2003 12:14:36 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 5/10/2002 6:50:04 PM

    #:15 [hpsysdrv.exe]
    FilePath : C:\windows\system\
    ThreadCreationTime : 4-24-2004 4:50:58 PM
    BasePriority : Normal
    FileSize : 51 KB
    FileVersion : 1, 7, 0, 0
    ProductVersion : 1, 7, 0, 0
    Copyright : Copyright
    CompanyName : Hewlett-Packard Company
    FileDescription : hpsysdrv
    InternalName : hpsysdrv
    OriginalFilename : hpsysdrv.exe
    ProductName : hpsysdrv
    Created on : 10/29/2002 9:16:14 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 5/8/1998 12:04:38 AM

    #:16 [sgtray.exe]
    FilePath : C:\Program Files\VERITAS Software\Update Manager\
    ThreadCreationTime : 4-24-2004 4:50:58 PM
    BasePriority : Normal
    FileSize : 152 KB
    FileVersion : 1.01.02a
    Copyright : Copyright
    CompanyName : VERITAS Software, Inc.
    FileDescription : VERITAS Update Manager
    Created on : 6/18/2002 4:01:00 PM
    Last accessed : 4/24/2004 4:51:53 PM
    Last modified : 6/18/2002 4:01:00 PM

    #:17 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ThreadCreationTime : 4-24-2004 4:50:58 PM
    BasePriority : Normal
    FileSize : 148 KB
    FileVersion : 0.1.0.1599
    ProductVersion : 0.1.0.1599
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    OriginalFilename : realsched.exe
    ProductName : RealOne Player (32-bit)
    Created on : 10/29/2002 9:41:46 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 10/29/2002 9:41:46 PM

    #:18 [ps2.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 4-24-2004 4:50:59 PM
    BasePriority : Normal
    FileSize : 80 KB
    FileVersion : 1.0.2.1
    ProductVersion : 1.0.2.1
    Copyright : Copyright
    CompanyName : Hewlett-Packard Company
    FileDescription : PS2 EXE
    InternalName : PS2 EXE
    OriginalFilename : Ps2.exe
    ProductName : Hewlett-Packard Company PS2 EXE
    Created on : 10/29/2002 9:34:09 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 8/1/2002 4:28:38 AM

    #:19 [rnathchk.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ThreadCreationTime : 4-24-2004 4:50:59 PM
    BasePriority : Normal
    FileSize : 56 KB
    FileVersion : 7.0.0.1167
    ProductVersion : 7.0.0.1167
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks ATH Check App
    InternalName : rnathchk
    OriginalFilename : rnathchk.EXE
    ProductName : RealOne Player (32-bit)
    Created on : 10/29/2002 9:41:45 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 10/29/2002 9:41:45 PM

    #:20 [ccapp.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ThreadCreationTime : 4-24-2004 4:51:00 PM
    BasePriority : Normal
    FileSize : 53 KB
    FileVersion : 1.03.15
    ProductVersion : 1.03.15
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Common Client CC App
    InternalName : ccApp
    OriginalFilename : ccApp.exe
    ProductName : Common Client
    Created on : 4/24/2004 1:51:58 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 7/17/2003 4:16:38 PM

    #:21 [lxbbbmgr.exe]
    FilePath : C:\Program Files\Lexmark X74-X75\
    ThreadCreationTime : 4-24-2004 4:51:00 PM
    BasePriority : Normal
    FileSize : 56 KB
    FileVersion : 1.0.6.0
    ProductVersion : 1.0.6.0
    Copyright : (C) 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : Lexmark X74-X75 Button Manager
    InternalName : lxbbbmgr.exe
    OriginalFilename : lxbbbmgr.exe
    ProductName : Button Manager Executable
    Created on : 10/14/2002 8:09:12 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 10/14/2002 8:09:12 PM

    #:22 [s3tray2.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 4-24-2004 4:51:01 PM
    BasePriority : Normal
    FileSize : 68 KB
    FileVersion : 1.00.19-0113
    ProductVersion : 1.00.19-0113
    Copyright : Copyright (C) 2001-2003 S3 S3 Graphics, Inc.
    CompanyName : S3 Graphics, Inc.
    FileDescription : s3contrl
    InternalName : s3contrl
    OriginalFilename : s3contrl.exe
    ProductName : S3 Graphics Utilities
    Created on : 2/25/2003 10:33:14 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 2/25/2003 10:33:14 AM

    #:23 [wkufind.exe]
    FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
    ThreadCreationTime : 4-24-2004 4:51:01 PM
    BasePriority : Normal
    FileSize : 28 KB
    FileVersion : 7.00.0716.0
    ProductVersion : 7.00.0716.0
    Copyright : Copyright
    CompanyName : Microsoft
    FileDescription : Microsoft
    InternalName : WkUFind
    OriginalFilename : WkUFind.exe
    ProductName : Update Detection Module
    Created on : 7/16/2002 9:21:48 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 7/16/2002 9:21:48 PM

    #:24 [lxbbbmon.exe]
    FilePath : C:\Program Files\Lexmark X74-X75\
    ThreadCreationTime : 4-24-2004 4:51:02 PM
    BasePriority : Normal
    FileSize : 48 KB
    FileVersion : 1.0.6.0
    ProductVersion : 1.0.6.0
    Copyright : (C) 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : Lexmark X74-X75 Button Monitor
    InternalName : lxbbbmon.exe
    OriginalFilename : lxbbbmon.exe
    ProductName : Button Monitor Executable
    Created on : 10/14/2002 8:22:04 PM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 10/14/2002 8:22:04 PM

    #:25 [msmsgs.exe]
    FilePath : C:\Program Files\Messenger\
    ThreadCreationTime : 4-24-2004 4:51:02 PM
    BasePriority : Normal
    FileSize : 1456 KB
    FileVersion : 4.7.2009
    ProductVersion : Version 4.7
    Copyright : Copyright (c) Microsoft Corporation 1997-2003
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 4/15/2003 1:30:14 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 4/15/2003 1:30:14 AM

    #:26 [weather.exe]
    FilePath : C:\Program Files\AWS\WeatherBug\
    ThreadCreationTime : 4-24-2004 4:51:04 PM
    BasePriority : Normal
    FileSize : 772 KB
    FileVersion : 4, 1, 0, 2
    ProductVersion : 4, 1, 0, 2
    Copyright : Copyright
    CompanyName : AWS Convergence Technologies, Inc.
    FileDescription : WeatherBug
    InternalName : Desktop Weather
    OriginalFilename : WeatherBug.exe
    ProductName : AWS, Inc.WeatherBug
    Created on : 10/30/2002 1:28:24 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 10/26/2002 11:59:38 AM

    #:27 [teatimer.exe]
    FilePath : C:\Program Files\Spybot - Search & Destroy\
    ThreadCreationTime : 4-24-2004 4:51:05 PM
    BasePriority : Normal
    FileSize : 1012 KB
    Created on : 4/14/2004 6:03:00 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 4/14/2004 6:03:00 AM

    #:28 [waol.exe]
    FilePath : C:\Program Files\America Online 7.0\
    ThreadCreationTime : 4-24-2004 4:51:59 PM
    BasePriority : Normal
    FileSize : 176 KB
    FileVersion : 7.00.000
    ProductVersion : 7.00.000
    Copyright : Copyright (C) America Online, Inc. 1999 - 2001
    CompanyName : America Online, Inc.
    FileDescription : AOL
    InternalName : WAOL
    ProductName : America Online
    Created on : 3/1/2003 12:08:11 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 5/10/2002 6:16:56 PM

    #:29 [ypager.exe]
    FilePath : C:\Program Files\Yahoo!\Messenger\
    ThreadCreationTime : 4-24-2004 4:53:42 PM
    BasePriority : Normal
    FileSize : 1496 KB
    FileVersion : 5, 6, 0, 1358
    ProductVersion : 5, 6, 0, 1358
    Copyright : Copyright 1998-2003
    CompanyName : Yahoo! Inc.
    FileDescription : Yahoo! Messenger
    InternalName : Yahoo! Messengerr
    OriginalFilename : YPager.exe
    ProductName : Yahoo! Messenger
    Created on : 4/8/2004 10:50:36 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 12/26/2003 8:57:44 PM

    #:30 [ad-aware.exe]
    FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
    ThreadCreationTime : 4-24-2004 5:09:32 PM
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 4/24/2004 4:29:01 PM
    Last accessed : 4/24/2004 4:56:16 PM
    Last modified : 7/13/2003 2:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Alexa Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


    HotBar Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{954814C0-40F3-4249-8528-B4922CD2964E}


    MPGCom Toolbar Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{39c0d1ad-078d-47bf-aecd-3cd8151d902f}


    MPGCom Toolbar Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : iempg.iempgobj


    MPGCom Toolbar Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : iempg.iempgobj.1


    MPGCom Toolbar Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E8}


    MPGCom Toolbar Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : mpgcom.zoom


    MPGCom Toolbar Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : mpgcom.zoom.1


    MPGCom Toolbar Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : TYPELIB\{7280873c-bdf4-429d-a320-f69eeedd8e6d}


    MPGCom Toolbar Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : TypeLib\{FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E7}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Apropos.Client


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Apropos.Client.1.1


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{A4A58A2C-B039-432B-8BC1-DCA7AC0757DC}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Apropos


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Envolo


    PeopleOnPage Object recognized!
    Type : RegKey
    Data : e_uninstall.log
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate
     
  10. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

    Created on : 4/2/2003 2:36:58 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/2/2003 2:36:58 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

    Created on : 7/8/2003 2:27:31 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 7/8/2003 2:27:31 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

    Created on : 4/15/2003 6:32:19 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/15/2003 6:32:19 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

    Created on : 4/2/2003 8:17:38 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/2/2003 8:17:38 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

    Created on : 4/2/2003 2:46:28 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/2/2003 2:52:20 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

    Created on : 7/8/2003 2:02:12 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 7/8/2003 2:02:12 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

    Created on : 7/8/2003 2:02:10 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 7/8/2003 2:02:12 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\

    Created on : 7/8/2003 2:48:06 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 7/8/2003 2:48:06 PM



    Cydoor Object recognized!
    Type : File
    Data : cd_clint.dll
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\
    FileSize : 151 KB
    FileVersion : 3, 2, 1, 0
    ProductVersion : 3, 2, 1, 0
    Copyright : Copyright (C) Cydoor Technologies, Inc. 1999-2001
    CompanyName : Cydoor Technologies, Inc.
    FileDescription : Cydoor Technologies ad-system
    InternalName : CD_Clint.dll
    OriginalFilename : CD_Clint.dll
    ProductName : Cydoor Technologies ad-system
    Created on : 4/15/2003 2:34:17 PM
    Last accessed : 4/24/2004 5:20:17 PM
    Last modified : 1/14/2002 7:57:00 PM



    Lop.com Object recognized!
    Type : File
    Data : tim11.tmp.exe
    Category : Malware
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\
    FileSize : 7 KB
    Created on : 4/13/2004 12:25:28 AM
    Last accessed : 4/24/2004 5:20:21 PM
    Last modified : 4/13/2004 12:25:29 AM



    Lop.com Object recognized!
    Type : File
    Data : tim14.tmp.exe
    Category : Malware
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\
    FileSize : 7 KB
    Created on : 4/12/2004 7:15:58 PM
    Last accessed : 4/24/2004 5:20:21 PM
    Last modified : 4/12/2004 7:15:58 PM



    Lop.com Object recognized!
    Type : File
    Data : tim7c.tmp.exe
    Category : Malware
    Comment :
    Object : C:\Documents and Settings\Owner\Local Settings\Temp\
    FileSize : 7 KB
    Created on : 4/3/2004 6:11:32 AM
    Last accessed : 4/24/2004 5:20:21 PM
    Last modified : 4/3/2004 6:11:32 AM



    PeopleOnPage Object recognized!
    Type : File
    Data : autoupdate.exe
    Category : Data Miner
    Comment :
    Object : C:\Program Files\AutoUpdate\
    FileSize : 220 KB
    Created on : 4/16/2004 12:13:14 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 4/16/2004 12:13:11 AM



    Lop.com Object recognized!
    Type : File
    Data : eqbuild.dll
    Category : Malware
    Comment :
    Object : C:\Program Files\Eggs Peak Extra\
    FileSize : 192 KB
    Created on : 4/15/2004 11:57:43 PM
    Last accessed : 4/24/2004 5:18:27 PM
    Last modified : 4/15/2004 11:57:43 PM



    WildTangent Object recognized!
    Type : File
    Data : wildtangent.jar
    Category : Data Miner
    Comment :
    Object : C:\Program Files\Java\j2re1.4.0\lib\ext\
    FileSize : 126 KB
    Created on : 4/20/2004 2:50:02 PM
    Last accessed : 4/24/2004 5:23:02 PM
    Last modified : 1/15/2003 10:38:10 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : more.exe
    Category : Data Miner
    Comment :
    Object : C:\Program Files\rdrante\
    FileSize : 68 KB
    Created on : 4/15/2004 11:58:00 PM
    Last accessed : 4/24/2004 5:24:00 PM
    Last modified : 4/15/2004 11:58:00 PM



    WurldMedia Object recognized!
    Type : File
    Data : mo030414s.dll
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\system32\
    FileSize : 332 KB
    FileVersion : 1.0.0.0
    ProductVersion : 1.0.0.0
    Copyright : Copyright 2000, 2001, 2002, 2003 Wurld Media Inc.
    CompanyName : Wurld Media Inc.
    FileDescription : mobho module
    InternalName : mobho
    OriginalFilename : mobho.dll
    ProductName : mobho
    Created on : 6/27/2003 5:47:09 AM
    Last accessed : 4/24/2004 5:30:46 PM
    Last modified : 6/27/2003 5:47:10 AM



    WurldMedia Object recognized!
    Type : File
    Data : mobho.dll
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\system32\
    FileSize : 332 KB
    FileVersion : 1.0.0.0
    ProductVersion : 1.0.0.0
    Copyright : Copyright 2000, 2001, 2002, 2003 Wurld Media Inc.
    CompanyName : Wurld Media Inc.
    FileDescription : mobho module
    InternalName : mobho
    OriginalFilename : mobho.dll
    ProductName : mobho
    Created on : 6/27/2003 5:47:10 AM
    Last accessed : 4/24/2004 5:30:47 PM
    Last modified : 6/27/2003 5:47:12 AM



    WurldMedia Object recognized!
    Type : File
    Data : mostat.exe
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\system32\
    FileSize : 220 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright 2003
    FileDescription : sostatatl Module
    InternalName : sostatatl
    OriginalFilename : sostatatl.EXE
    ProductName : sostatatl Module
    Created on : 6/27/2003 5:47:07 AM
    Last accessed : 4/24/2004 5:30:47 PM
    Last modified : 4/7/2003 8:38:02 PM



    BrilliantDigital Object recognized!
    Type : File
    Data : bdedownloader.dll
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\Temp\Altnet\
    FileSize : 93 KB
    FileVersion : 3, 0, 39, 0
    ProductVersion : 3, 0, 39, 0
    Copyright : Copyright
    CompanyName : Brilliant Digital Entertainment Inc.
    FileDescription : BDEDownloader
    InternalName : BDEDownloader
    OriginalFilename : BDEDownloader.dll
    ProductName : Brilliant Digital Entertainment Inc. BDEDownloader
    Created on : 6/27/2003 6:11:40 PM
    Last accessed : 4/24/2004 5:31:30 PM
    Last modified : 7/21/2003 7:39:40 PM



    BrilliantDigital Object recognized!
    Type : File
    Data : bdefdi.dll
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\Temp\Altnet\
    FileSize : 49 KB
    FileVersion : 1, 0, 0, 7
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : Brilliant Digital Entertainment Inc.
    FileDescription : BDEFdiTest
    InternalName : BDEFdiTest
    OriginalFilename : BDEFdiTest.exe
    ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest
    Created on : 6/27/2003 6:11:40 PM
    Last accessed : 4/24/2004 5:31:30 PM
    Last modified : 7/21/2003 7:39:40 PM



    WildTangent Object recognized!
    Type : File
    Data : wcmdmgr.exe
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\wt\backup\1.6.0.037\
    FileSize : 140 KB
    FileVersion : 1.6.0.37
    ProductVersion : 1.6.0.37
    Copyright : Copyright
    CompanyName : WildTangent, Inc.
    FileDescription : wcmdmgr
    InternalName : WildTangent Updater Service
    OriginalFilename : wcmdmgr.exe
    ProductName : WildTangent Updater Service
    Created on : 9/27/2002 8:47:32 PM
    Last accessed : 4/24/2004 5:31:33 PM
    Last modified : 9/27/2002 8:47:32 PM



    WildTangent Object recognized!
    Type : File
    Data : wcmdmgrl.exe
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\wt\backup\1.6.0.037\
    FileSize : 20 KB
    FileVersion : 1.6.0.37
    ProductVersion : 1.6.0.37
    Copyright : Copyright
    CompanyName : WildTangent, Inc.
    FileDescription : wcmdmgrl
    InternalName : wcmdmgrl
    OriginalFilename : wcmdmgrl.exe
    ProductName : Wild Tangent wcmdmgrl
    Created on : 9/27/2002 8:47:34 PM
    Last accessed : 4/24/2004 5:31:33 PM
    Last modified : 9/27/2002 8:47:34 PM



    WildTangent Object recognized!
    Type : File
    Data : wtcpl.cpl
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\wt\backup\1.6.0.037\
    FileSize : 44 KB
    FileVersion : 1.6.0.37
    ProductVersion : 1.6.0.37
    Copyright : Copyright
    CompanyName : WildTangent, Inc.
    FileDescription : wtcpl
    InternalName : wtcpl
    OriginalFilename : wtcpl.cpl
    ProductName : Wild Tangent wtcpl
    Created on : 9/27/2002 8:47:26 PM
    Last accessed : 4/24/2004 5:31:33 PM
    Last modified : 9/27/2002 8:47:26 PM



    WildTangent Object recognized!
    Type : File
    Data : wtisa.dll
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\wt\backup\1.6.0.037\
    FileSize : 32 KB
    FileVersion : 1, 0, 0, 4
    ProductVersion : 1, 0, 0, 4
    Copyright : Copyright 2002
    CompanyName : WildTangent, Inc.
    FileDescription : Information Services Client
    InternalName : ISA
    OriginalFilename : wtisa.dll
    ProductName : Information Services Application
    Created on : 9/27/2002 8:47:40 PM
    Last accessed : 4/24/2004 5:31:33 PM
    Last modified : 9/27/2002 8:47:40 PM



    WildTangent Object recognized!
    Type : File
    Data : wtvh.dll
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\wt\
    FileSize : 52 KB
    Created on : 3/1/2003 12:27:27 AM
    Last accessed : 4/24/2004 5:31:34 PM
    Last modified : 1/15/2003 10:26:12 PM



    MPGCom Toolbar Object recognized!
    Type : File
    Data : iempg.dll
    Category : Malware
    Comment :
    Object : C:\WINDOWS\
    FileSize : 13 KB
    Created on : 10/12/2003 9:07:45 PM
    Last accessed : 4/24/2004 5:31:35 PM
    Last modified : 10/12/2003 9:07:45 PM



    Disk scan result for C:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 120


    Deep scanning and examining files (D:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Disk scan result for D:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 120


    Deep scanning and examining files (E:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Disk scan result for E:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 120


    Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    1 entries scanned.
    New objects :0
    Objects found so far: 120




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    HotBar Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{A54814C0-40F3-4249-8528-B4922CD2964E}


    MPGCom Toolbar Object recognized!
    Type : File
    Data : iempg.dat
    Category : Malware
    Comment :
    Object : c:\windows\fonts\

    Created on : 10/12/2003 9:30:08 PM
    Last accessed : 4/24/2004 5:32:47 PM
    Last modified : 2/15/2004 5:25:31 AM



    MPGCom Toolbar Object recognized!
    Type : File
    Data : mpgcom.ins
    Category : Malware
    Comment :
    Object : c:\windows\fonts\

    Created on : 10/12/2003 9:30:13 PM
    Last accessed : 4/24/2004 5:32:47 PM
    Last modified : 2/15/2004 5:25:39 AM



    MPGCom Toolbar Object recognized!
    Type : File
    Data : mpgcom.dll
    Category : Malware
    Comment :
    Object : c:\windows\
    FileSize : 18 KB
    Created on : 10/12/2003 9:30:13 PM
    Last accessed : 4/24/2004 5:32:47 PM
    Last modified : 2/15/2004 5:25:37 AM



    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{A2872B10-39F2-42DF-9335-7DD38CF75255}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{A1558B18-F76C-40FE-B358-9E47449F3CFE}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{A2872B10-39F2-42DF-9335-7DD38CF75255}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{A7D0472E-C1FC-4D8F-ABA1-98A7692561BF}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\AutoLoader


    PeopleOnPage Object recognized!
    Type : Folder
    Category : Data Miner
    Comment :
    Object : c:\program files\AutoUpdate


    PeopleOnPage Object recognized!
    Type : Folder
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\AutoUpdate0


    PeopleOnPage Object recognized!
    Type : File
    Data : libexpat.dll
    Category : Data Miner
    Comment :
    Object : c:\program files\autoupdate\
    FileSize : 140 KB
    Created on : 4/16/2004 12:13:14 AM
    Last accessed : 4/24/2004 4:50:47 PM
    Last modified : 4/16/2004 12:13:11 AM



    PeopleOnPage Object recognized!
    Type : File
    Data : aproposplugin.dll
    Category : Data Miner
    Comment :
    Object : c:\program files\sysai\
    FileSize : 60 KB
    Created on : 4/23/2004 2:18:58 AM
    Last accessed : 4/24/2004 5:24:05 PM
    Last modified : 4/23/2004 2:18:47 AM



    PeopleOnPage Object recognized!
    Type : File
    Data : auto_update_uninstall.exe
    Category : Data Miner
    Comment :
    Object : c:\windows\system32\
    FileSize : 228 KB
    Created on : 4/16/2004 12:13:14 AM
    Last accessed : 4/24/2004 5:30:14 PM
    Last modified : 4/16/2004 12:13:11 AM



    PeopleOnPage Object recognized!
    Type : File
    Data : auto_update_uninstall.log
    Category : Data Miner
    Comment :
    Object : c:\windows\system32\

    Created on : 4/16/2004 12:13:14 AM
    Last accessed : 4/24/2004 5:32:47 PM
    Last modified : 4/16/2004 12:13:14 AM



    PeopleOnPage Object recognized!
    Type : File
    Data : popcaploader.dll
    Category : Data Miner
    Comment :
    Object : c:\windows\downloaded program files\
    FileSize : 124 KB
    FileVersion : 1, 0, 0, 5
    ProductVersion : 1, 0, 0, 5
    Copyright : Copyright 2003
    CompanyName : PopCap Games
    FileDescription : PopCapLoader Module
    InternalName : PopCapLoader
    OriginalFilename : PopCapLoader.DLL
    ProductName : PopCapLoader Module
    Created on : 12/19/2003 10:02:06 PM
    Last accessed : 4/24/2004 5:18:40 PM
    Last modified : 12/19/2003 10:02:06 PM



    WildTangent Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CURRENT_USER
    Object : Control Panel\MMCPL


    WildTangent Object recognized!
    Type : Folder
    Category : Data Miner
    Comment :
    Object : c:\windows\wt


    WildTangent Object recognized!
    Type : File
    Data : backup
    Category : Data Miner
    Comment :
    Object : c:\windows\wt\

    Created on : 3/1/2003 12:27:25 AM
    Last accessed : 4/24/2004 5:31:34 PM
    Last modified : 4/5/2004 3:00:02 AM



    WildTangent Object recognized!
    Type : File
    Data : data.wts
    Category : Data Miner
    Comment :
    Object : c:\windows\wt\

    Created on : 3/1/2003 12:27:27 AM
    Last accessed : 4/24/2004 5:32:47 PM
    Last modified : 1/15/2003 10:43:08 PM



    WildTangent Object recognized!
    Type : File
    Data : ddcmpatch.exe
    Category : Data Miner
    Comment :
    Object : c:\windows\wt\
    FileSize : 24 KB
    FileVersion : 0, 0, 0, 0
    ProductVersion : 0, 0, 0, 0
    Copyright : Copyright
    CompanyName : WildTangent
    FileDescription : DDCMPatch
    InternalName : DDCMPatch
    OriginalFilename : DDCMPatch.exe
    ProductName : WildTangent DDCMPatch
    Created on : 10/12/2003 7:54:05 AM
    Last accessed : 4/24/2004 5:31:34 PM
    Last modified : 3/14/2002 8:56:16 PM



    WildTangent Object recognized!
    Type : File
    Data : dupguids.dat
    Category : Data Miner
    Comment :
    Object : c:\windows\wt\

    Created on : 10/12/2003 7:54:05 AM
    Last accessed : 4/24/2004 5:32:47 PM
    Last modified : 3/14/2002 6:48:02 PM



    WildTangent Object recognized!
    Type : File
    Data : wt3d.dll
    Category : Data Miner
    Comment :
    Object : c:\windows\wt\

    Created on : 3/1/2003 12:27:27 AM
    Last accessed : 4/24/2004 5:32:47 PM
    Last modified : 1/15/2003 10:43:08 PM



    WildTangent Object recognized!
    Type : File
    Data : wt3d.ini
    Category : Data Miner
    Comment :
    Object : c:\windows\wt\

    Created on : 3/1/2003 12:27:27 AM
    Last accessed : 4/24/2004 5:32:47 PM
    Last modified : 3/1/2003 12:27:27 AM



    WildTangent Object recognized!
    Type : File
    Data : wtbgm
    Category : Data Miner
    Comment :
    Object : c:\windows\wt\

    Created on : 3/1/2003 12:41:30 AM
    Last accessed : 4/24/2004 5:31:34 PM
    Last modified : 5/8/2003 11:38:54 PM



    WildTangent Object recognized!
    Type : File
    Data : wtgutils
    Category : Data Miner
    Comment :
    Object : c:\windows\wt\

    Created on : 3/1/2003 12:27:28 AM
    Last accessed : 4/24/2004 5:31:34 PM
    Last modified : 3/1/2003 12:27:28 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 4/2/2003 2:37:03 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/2/2003 2:37:03 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 4/2/2003 2:36:58 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/2/2003 2:36:58 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 7/8/2003 2:27:31 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 7/8/2003 2:27:31 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 4/15/2003 6:32:19 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/15/2003 6:32:19 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 4/2/2003 8:17:38 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/2/2003 8:17:38 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 4/2/2003 2:46:28 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 4/2/2003 2:52:20 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 7/8/2003 2:02:12 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 7/8/2003 2:02:12 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 7/8/2003 2:02:10 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 7/8/2003 2:02:12 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\Cookies\

    Created on : 7/8/2003 2:48:06 PM
    Last accessed : 4/24/2004 5:20:11 PM
    Last modified : 7/8/2003 2:48:06 PM



    WurldMedia Object recognized!
    Type : File
    Data : mo001.dat
    Category : Data Miner
    Comment :
    Object : c:\windows\system32\

    Created on : 7/5/2003 3:47:31 PM
    Last accessed : 4/24/2004 5:33:32 PM
    Last modified : 7/5/2003 3:47:31 PM



    WurldMedia Object recognized!
    Type : File
    Data : moad02020217.de
    Category : Data Miner
    Comment :
    Object : c:\windows\system32\
    FileSize : 10 KB
    Created on : 6/27/2003 5:48:05 AM
    Last accessed : 4/24/2004 5:33:32 PM
    Last modified : 9/4/2003 3:13:34 PM



    BrilliantDigital Object recognized!
    Type : Folder
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\BDECache


    BrilliantDigital Object recognized!
    Type : File
    Data : bde54.tmp
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\bdecache\

    Created on : 8/19/2003 12:21:47 AM
    Last accessed : 4/24/2004 5:33:32 PM
    Last modified : 8/19/2003 12:21:48 AM
     
  11. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    BrilliantDigital Object recognized!
    Type : File
    Data : bde56.tmp
    Category : Data Miner
    Comment :
    Object : c:\docume~1\owner\locals~1\temp\bdecache\

    Created on : 8/19/2003 12:23:29 AM
    Last accessed : 4/24/2004 5:33:32 PM
    Last modified : 8/19/2003 12:23:29 AM



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 41
    Objects found so far: 161


    12:33:32 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:16:02:719
    Objects scanned :171370
    Objects identified :161
    Objects ignored :0
    New objects :161
     
  12. chris54

    chris54

    Joined:
    Mar 22, 2004
    Messages:
    12
    Rog, Julie posted by accident before we followed your first directions. Please disregard that and see what she posted thereafter. We have not done anything from your second set of instructions, because I think we have deleted most of those files. Juliann could not find where to delete that one program file MYWEBSEARCH folder, so that is not as of yet deleted. Also, we have not deleted the following file that you had hoped she could shed some light on (which she cannot); EGGSPE~1\eqbuild.dll Waiting for further instructions, and thank you very much, Roger. Chris
     
  13. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    also rog when i turn my computer i get a popup thing that says the feture you are trying to use is on a network resourse that is unavaiable click ok to try again when i9 click that it saysfolder containing the installtion package is 'sguard.msi'in the box below which is c;/doumement`/owner/locals`1/temp/vies i think it is a vwritas up date manager have no clue what that is julieann
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, I really don't want to see the Ad-Aware log so much as a new HijackThis Scan after running Ad-aware and having it delete the malware it finds and then rebooting.

    I'll need to know if you are still having problems after doing that.
     
  15. julieann

    julieann Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    13
    Logfile of HijackThis v1.97.7
    Scan saved at 6:23:38 PM, on 4/24/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\America Online 7.0\waol.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPQFG5IJ\HijackThis[2].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {A572BBA0-73B6-57A1-22E7-573E945CD95A} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
    O3 - Toolbar: Bend Body Meow - {CE606D9D-F664-E370-9A31-654FB01F4FB8} - C:\PROGRA~1\EGGSPE~1\eqbuild.dll
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00632
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://temp80fe.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo08.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecursors.com/cursors/default.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76434F88-FD6D-40EE-AB1D-382DA6282493}: NameServer = 205.188.146.146
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223065

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice