Tech Support Guy banner
Status
Not open for further replies.
2,461 - 2,480 of 2,888 Posts
Discussion starter · #2,462 ·
yes, okay, but it hasn't caused me any trouble all these years. it was that smiley site, cause that's where i traced that comet cursor back to! and why can't i just use my restore to go back before i downloaded the smileys??? that sounds the easiest to me! ;)
 
Comet cursor is just one of the spyware items you have.
IF we are going to get rid of them, let's get rid of ALL of them.
 
Here is what you can put back:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: NetAnts (HKLM)
O9 - Extra 'Tools' menuitem: &NetAnts (HKLM)

O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://download.yahoo.com/dl/installs/yab_af.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...swflash5r42.cab
 
Discussion starter · #2,465 ·
the thing that is bothering me is all the work i have into this new system...it's taken me two weeks to get it working right and if i have to turn off system restore, won't it delete all that out too? then i will have a big mess on my hands.
 
And here's how to put back:

I would suggest you print the above list so you can check them off.

Run HJT and on the lower right click on "Configure" and then "backups". You will see a list of everything that HJT deleted. One by one highlight the ones on the above list and click "Restore"

When you are done click the "Back" button and run and post another scan. Let's see what either has to come out or be put back in.
 
Hold off on turning off System Restore. Let's just get you back with the things you need.
 
NetAnts? To slow down your downloads and spy on you?
Only if you insist!! :)
 
Got all those restored??

Yes, give me another HJT log
 
Discussion starter · #2,477 ·
Logfile of HijackThis v1.96.4
Scan saved at 11:52:22 PM, on 11/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\TurboNote\tbnote.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/login?.partner=sbc&.done=http://sbc.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
 
Discussion starter · #2,480 ·
nitehawk, please forgive me but i didn't get hardly any sleep last nite over this mess.... i must go now.. thank you so much for all your help. maybe i can finish up tomorrow okay... good nite now nitehawk! thank you!
 
2,461 - 2,480 of 2,888 Posts
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top