1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

What trash can I take out?!

Discussion in 'Virus & Other Malware Removal' started by Atradies, Sep 22, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Atradies

    Atradies Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    2
    I have a dirty computer. Things need to be removed but I'm not sure what. At night, when sleep finally comes, pop-ups plague my dreams. I have too many things loading when I start up. New object show up on my computer for no reason other than to seemingly point and laugh and call me names. Any suggestions:

    Logfile of HijackThis v1.97.2
    Scan saved at 11:54:41 AM, on 9/22/2003
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\SymTray.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb02.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Media\Media\UpdateStats.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINNT\System32\IEDriver\IEDriver.exe
    C:\WINNT\uptodate.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Documents and Settings\administrator\Application Data\twiu.exe
    C:\OPLIMIT\ocrawr32.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINNT\System32\MOStat.exe
    C:\WINNT\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\System32\winservn.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe
    C:\WINNT\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\sb.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy:8080
    R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
    F0 - system.ini: Shell=Explorer.exe openme.exe
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
    F2 - REG:system.ini: Shell=Explorer.exe openme.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
    O2 - BHO: (no name) - {51B29104-61F7-49C4-907B-CC9781A14359} - C:\WINNT\system32\ygajs.dll
    O2 - BHO: (no name) - {8EEC99B7-E882-4645-A676-983BF08CD5BF} - C:\WINNT\system32\moz030715s.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\System32\stlbdist.DLL
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
    O4 - HKLM\..\Run: [IEDriver] C:\WINNT\System32\IEDriver\IEDriver.exe
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    O4 - HKCU\..\Run: [Artt] C:\Documents and Settings\administrator\Application Data\twiu.exe
    O4 - HKCU\..\Run: [ContentService] C:\WINNT\System32\winservn.exe
    O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} - http://www.real.com/vivo/index.html
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://www.liveupdate.com/controls/getcab5.dll
    O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.2.block2.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinstall.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,8/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13aff952e64665def717/netzip/RdxIE601.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37516.2966435185
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://onstage1.webex.com/client/latest/webex/ieatgpc.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = potlnd1.or.home.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = potlnd1.or.home.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = potlnd1.or.home.com
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    welcome to T.S.G

    "dirty".its filthy....lets get the industial suds out:D

    run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything
    .....then,close all browser and outlook windows and "fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\sb.htm
    R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
    F0 - system.ini: Shell=Explorer.exe openme.exe
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
    F2 - REG:system.ini: Shell=Explorer.exe openme.exe
    O2- BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
    O2 - BHO: (no name) - {51B29104-61F7-49C4-907B-CC9781A14359} - C:\WINNT\system32\ygajs.dll
    O2 - BHO: (no name) - {8EEC99B7-E882-4645-A676-983BF08CD5BF} - C:\WINNT\system32\moz030715s.dll
    O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\System32\stlbdist.DLL
    O4 - HKLM\..\Run: [IEDriver] C:\WINNT\System32\IEDriver\IEDriver.exe
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe

    do you have any idea what this one is?
    O4 - HKCU\..\Run: [Artt] C:\Documents and Settings\administrator\Application Data\twiu.exe

    O4 - HKCU\..\Run: [ContentService] C:\WINNT\System32\winservn.exe

    did you set these? if not "fix" this one
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://www.liveupdate.com/controls/getcab5.dll
    O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-d....4.2.block2.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13aff952e64665...ip/RdxIE601.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://onstage1.webex.com/client/la...bex/ieatgpc.cab


    re-boot into safe mode and delete:
    C:\WINNT\System32\winservn.exe
    C:\WINNT\uptodate.exe
    C:\WINNT\System32\IEDriver
    C:\WINNT\System32\stlbdist.DLL
    C:\WINNT\system32\ygajs.dll
    C:\WINNT\System32\MOStat.exe


    then....Spybot Search & Destroy http://beam.to/spybotsd

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows...... hit 'Check for Problems', and have SpyBot remove/fix all it finds.

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.

    Thanx
    ;)
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Atradies .....i have added to and taken out of the fix list.

    out goes this one:O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe

    not flagged as spy/adware.......my mistake.

    and i added:C:\WINNT\System32\MOStat.exe
    probably a leftover from kazaa/grokster.
     
  4. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
    Next, close all browser Windows, and have HT fix all checked.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\sb.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy:8080
    R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)

    F0 - system.ini: Shell=Explorer.exe openme.exe
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
    F2 - REG:system.ini: Shell=Explorer.exe openme.exe

    O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
    O2 - BHO: (no name) - {51B29104-61F7-49C4-907B-CC9781A14359} - C:\WINNT\system32\ygajs.dll
    O2 - BHO: (no name) - {8EEC99B7-E882-4645-A676-983BF08CD5BF} - C:\WINNT\system32\moz030715s.dll

    O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)

    O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\System32\stlbdist.DLL

    O4 - HKLM\..\Run: [IEDriver] C:\WINNT\System32\IEDriver\IEDriver.exe
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
    O4 - HKCU\..\Run: [ContentService] C:\WINNT\System32\winservn.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} - http://www.real.com/vivo/index.html
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13aff952e64665...ip/RdxIE601.cab

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = potlnd1.or.home.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = potlnd1.or.home.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = potlnd1.or.home.com


    IF you are running ME or XP Disable SYSTEM RESTORE : How to disable or enable System Restore in Windows ME

    How to disable or enable System Restore in Windows XP


    Next reboot into Safe Mode and remove the following files and folders that are bolded

    Search for, find, and delete
    openme.exe

    C:\OPLIMIT\ocrawr32.exe

    C:\WINNT\uptodate.exe

    C:\WINNT\System32\stlbdist.DLL
    C:\WINNT\system32\ygajs.dll
    C:\WINNT\System32\MOStat.exe
    C:\WINNT\System32\winservn.exe

    C:\WINNT\System32\IEDriver\IEDriver.exe


    See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

    Reboot into normal mode

    RE-ENABLE SYSTEM RESTORE and create a new restore point


    Now download Spybot - Search & Destroy (if you haven't got the program installed already)

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.

    Thanks
     
  5. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Once you are done use NotePad to open system.ini and wini and look at these lines.

    F0 - system.ini: Shell=Explorer.exe openme.exe
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe

    System.ini should read:

    Shell=Explorer.exe

    win.ini should read:

    load=
     
  6. Atradies

    Atradies Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    2
    I've got to hand it to you guys. You really helped me out. The suggestions you made clearly made a difference in removing some annoyances. Thank you.

    Here's what is currently showing:

    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SymTray.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb02.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINNT\System32\wuauclt.exe
    C:\WINNT\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {BE508045-3E63-4B2B-999A-A0ED7A6DB840} - C:\WINNT\System32\aduwfil.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
    O4 - HKLM\..\Run: [CZADGJNQT] C:\WINNT\CZADGJNQT.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    O4 - HKCU\..\Run: [Artt] C:\Documents and Settings\administrator\Application Data\twiu.exe
    O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinstall.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,8/mcinsctl.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37516.2966435185
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
     
  7. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    these need fixing also:
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {BE508045-3E63-4B2B-999A-A0ED7A6DB840} - C:\WINNT\System32\aduwfil.dll
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

    re:this next one..........check its location in this "fix" list and when you run H/T again check if the file name has changed(morphed)
    if so,"fix" it and delete the entry from C:\WINNT
    O4 - HKLM\..\Run: [CZADGJNQT] C:\WINNT\CZADGJNQT.exe

    lets see a 3rd log just to make sure all is gone.

    ;)


    again....any idea about this one?
    O4 - HKCU\..\Run: [Artt] C:\Documents and Settings\administrator\Application Data\twiu.exe
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166627

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice