Hijacked by bravenet-nothing's worked! Log incl. (Resolved)
-
Hijacked by bravenet-nothing's worked! Log incl. (Resolved)
I have tried Spybot, Ad-Aware, ZeroSpware, CWShredder, a2, & Hijack This (which, of course I haven't touched other than scan). So far nothing has worked. I re-installed Windows XP, tried another browser that was supposed to not be hijackable (Firefox...ha...not). I also posted on another board a cpl days ago and am waiting to hear something.
The hijack is always the same - a bravenet.com site. The address reads "clik.to/wolfman". The page says URL wolfmanart cannot be found. Then there is a 404 error message. The hijack happens with no pattern at all...during searches, games, chat, banking, shopping. Sometimes I can use my backbutton to get back to a site, but if I'm on a secure site or in a game, I lose everything.
I have been working on this for over 2 weeks now. I even contacted bravenet & asked them to stop, but they denied that I am on any of their lists & that the problem was my computer.
I'm really at my wits end and would greatly appreciate any help. My Hijack This log is below. Thanks in advance to anyone who can help!
Logfile of HijackThis v1.97.7
Scan saved at 1:06:51 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSR V.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FBM Software\ZeroSpyware Lite\ZeroSpyware Lite.exe
C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mary\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1424.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [PC-CAM 350 STI App Registration] RunDLL32.exe P1060pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSR V.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ZeroSpyware Lite] "C:\Program Files\FBM Software\ZeroSpyware Lite\ZeroSpyware Lite.exe" -STARTUP
O4 - HKCU\..\Run: [NetGuard Lite] "C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe" -STARTUP
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Ali Baba Slots TM by pogo - http://temp35.pogo.com/applet/slots/...-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo.com - http://slots02.pogo.com/applet/slots...-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play17.pogo.com/applet/animal...-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backga...-ob-assets.cab
O16 - DPF: Backgammon by pogo.com - http://backgammon05.pogo.com/applet/...-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet/roulet...-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3....-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Checkers by pogo.com - http://checkers.pogo.com/applet/chec...-ob-assets.cab
O16 - DPF: Command & Conquer Generals Comanche Strike by pogo.com - http://ccstrike.pogo.com/applet/ccst...-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage...-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet...-ob-assets.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet...-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5....-ob-assets.cab
O16 - DPF: Dominoes by pogo.com - http://temp22.pogo.com/applet/domino...-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/v...-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo.com - http://doublebonus.pogo.com/applet/v...-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3....-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire44.pogo.com/applet/s...-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo.com - http://solitaire44.pogo.com/applet/s...-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/gre...-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/gre...-ob-assets.cab
O16 - DPF: Hammerhead Pool by pogo - http://pool02.pogo.com/applet/pool/pool-ob-assets.cab
O16 - DPF: Hammerhead Pool by pogo.com - http://pool12.pogo.com/applet/pool/pool-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5....-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet/dra...-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo.com - http://hspoker04.pogo.com/applet/dra...-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet/pool2/pool-ob-assets.cab
O16 - DPF: Jackpot Bingo by pogo.com - http://bingoj03.pogo.com/applet/bing...-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp91.pogo.com/applet/videop...-ob-assets.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/game...s/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo.com - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://freecell.pogo.com/applet/free...-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble...-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3...-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet-...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit26.pogo.com/applet/popp...-ob-assets.cab
O16 - DPF: Poppit! TM by pogo.com - http://temp35.pogo.com/applet/poppit...-ob-assets.cab
O16 - DPF: Quick Shot by pogo.com - http://quickshot01.pogo.com/applet/q...-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slot...-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo.com - http://showbiz2.pogo.com/applet/slot...-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1...-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo.com - http://showbiz.pogo.com/applet/slots...-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4....-ob-assets.cab
O16 - DPF: Spades by pogo.com - http://spades07.pogo.com/applet/spad...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/sq...-ob-assets.cab
O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/sq...-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://solitaire31.pogo.com/applet-5...-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo.com - http://sweet04.pogo.com/applet/sweet...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.3...-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.8.4...-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Triviatron II by pogo - http://triviatron2.pogo.com/applet/t...-ob-assets.cab
O16 - DPF: Triviatron II by pogo.com - http://triviatron2.pogo.com/applet/t...-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2....-ob-assets.cab
O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbee...-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo14.pogo.com/applet/turbo...-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo.com - http://turbo08.pogo.com/applet/turbo...-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker02.pogo.com/applet/vide...-ob-assets.cab
O16 - DPF: Video Poker by pogo.com - http://vpoker05.pogo.com/applet/vide...-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.1...-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwho...-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/wh...-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/wha...-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct2_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/game...s/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1088380346093
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {65683480-5699-11D4-9D2C-525400E80BD5} (GlobFXCtl Class) - http://www.globfx.com/webplayer/globfx.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...140.3228819444
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{476D9B97-7B8C-4229-9EA8-00FFAE8A8645}: NameServer = 12.127.17.72 12.127.16.68
Last edited by Xayla; 01-07-2004 at 08:35 PM.
-
It seems like this is everyones problem. I can't believe that you reinstalled XP and you still have it. That was my next move. I wanted to format and reinstall my OS. It will take me 5 days to put all of my programs and setting including hardware back. This sucks! I don't have 5 days. I'm using Fire Fox because IE stopped working and NS crashes all of the time. I need my IE - what I would give to have a MAC!
Just curious, when you backed up did you only backup "my doc" files or did you back up others? Do you think the program sat in a part of what you backed up, Or did you save nothing and start completely over? Do you have an internal firewall? Did you block ports that are know to be used by hijackers? I want to know because eventually I have to erase the drive and not do it without gain.
This all started when I downloaded Juno.
-
I have no idea how this happened. I did a re-install of XP because most of my files are not infected...just IE. I didn't start from scratch. I would have to take my computer in to my tech for that. I have have over 9 years of info on here that has been transferred as I upgrade. I can't even imagine starting from scratch!
I tried Firefox & within an hour was hijacked by this same program. So much for no hijacks on Firefox. I have not seen that anyone else has been hijacked by this particular one and I have looked. Most I see are CWS problems or about:blank. I'm on some time restraints too, since I've been trying to get rid of this for over 2 weeks.
Sorry I can't help out, but I'm stuck myself. Good luck!
-
You need to start from scratch. You have me worried. I thought you started from the beginning. You're program files could easily be infected. This is a nasty thing going on.
Go here: http://www.d-a-l.com/help/showthread.php?t=97 . this was posted in this forum. I'm doing it now. You have investigate what belongs on the log and what doesn't. Then I guess set up what should and shouldn't run at start up. It will take a while. I'm still doing it in hopes that I will stop some of this.
-
Thanks, but I think I'll wait for one of the experts to answer. That's why I posted here & in one other forum. It's been recommended on several sites to post the Hijack This log & let the experts take a crack at it. I certainly don't want to remove something that I need, so I'll wait.
Good luck!
-
Formatting does not help in all situations. Sometimes it just appears straight again. It is very difficult to do your Hijack This log alone if you have never done one below. I apologise if it takes time for replies but doing these Logs is not an easy job.
Please restart Hijack This and put a checkmark next to the following entries:
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O4 - HKLM\..\Run: [PC-CAM 350 STI App Registration] RunDLL32.exe P1060pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O16 - DPF: Ali Baba Slots TM by pogo - http://temp35.pogo.com/applet/slots...a-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo.com - http://slots02.pogo.com/applet/slot...a-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play17.pogo.com/applet/anima...l-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backg...n-ob-assets.cab
O16 - DPF: Backgammon by pogo.com - http://backgammon05.pogo.com/applet...n-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet/roule...e-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3...k-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8...s-ob-assets.cab
O16 - DPF: Checkers by pogo.com - http://checkers.pogo.com/applet/che...s-ob-assets.cab
O16 - DPF: Command & Conquer Generals Comanche Strike by pogo.com - http://ccstrike.pogo.com/applet/ccs...e-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbag...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/apple...g-ob-assets.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/apple...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5...o-ob-assets.cab
O16 - DPF: Dominoes by pogo.com - http://temp22.pogo.com/applet/domin...o-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/...e-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo.com - http://doublebonus.pogo.com/applet/...e-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire44.pogo.com/applet/...2-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo.com - http://solitaire44.pogo.com/applet/...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/gr...k-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/gr...k-ob-assets.cab
O16 - DPF: Hammerhead Pool by pogo - http://pool02.pogo.com/applet/pool/pool-ob-assets.cab
O16 - DPF: Hammerhead Pool by pogo.com - http://pool12.pogo.com/applet/pool/pool-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet/dr...r-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo.com - http://hspoker04.pogo.com/applet/dr...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet/pool2/pool-ob-assets.cab
O16 - DPF: Jackpot Bingo by pogo.com - http://bingoj03.pogo.com/applet/bin...j-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp91.pogo.com/applet/video...d-ob-assets.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/gam...ts/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo.com - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8...g-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8...l-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://freecell.pogo.com/applet/fre...l-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebbl...e-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8....r-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit26.pogo.com/applet/pop...t-ob-assets.cab
O16 - DPF: Poppit! TM by pogo.com - http://temp35.pogo.com/applet/poppi...t-ob-assets.cab
O16 - DPF: Quick Shot by pogo.com - http://quickshot01.pogo.com/applet/...t-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slo...2-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo.com - http://showbiz2.pogo.com/applet/slo...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8....z-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo.com - http://showbiz.pogo.com/applet/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4...s-ob-assets.cab
O16 - DPF: Spades by pogo.com - http://spades07.pogo.com/applet/spa...s-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/s...s-ob-assets.cab
O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/s...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://solitaire31.pogo.com/applet-...h-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo.com - http://sweet04.pogo.com/applet/swee...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8....m-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.8....l-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Triviatron II by pogo - http://triviatron2.pogo.com/applet/...2-ob-assets.cab
O16 - DPF: Triviatron II by pogo.com - http://triviatron2.pogo.com/applet/...2-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2...e-ob-assets.cab
O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbe...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo14.pogo.com/applet/turb...1-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo.com - http://turbo08.pogo.com/applet/turb...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker02.pogo.com/applet/vid...r-ob-assets.cab
O16 - DPF: Video Poker by pogo.com - http://vpoker05.pogo.com/applet/vid...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2....p-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwh...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/w...n-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/wh...n-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8...s-ob-assets.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/gam...ts/y/dct2_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/gam...nts/y/tt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/gam...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/gam...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/gam...ts/y/ywt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
Click Fix Checked
Post a Fresh Log
-
Thanks, Owen. New log below. It made a backup of all those that I deleted. What should I do with those? Thanks!!!
Logfile of HijackThis v1.97.7
Scan saved at 2:32:01 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSR V.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FBM Software\ZeroSpyware Lite\ZeroSpyware Lite.exe
C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mary\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1424.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSR V.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ZeroSpyware Lite] "C:\Program Files\FBM Software\ZeroSpyware Lite\ZeroSpyware Lite.exe" -STARTUP
O4 - HKCU\..\Run: [NetGuard Lite] "C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe" -STARTUP
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1088380346093
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {65683480-5699-11D4-9D2C-525400E80BD5} (GlobFXCtl Class) - http://www.globfx.com/webplayer/globfx.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...140.3228819444
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{476D9B97-7B8C-4229-9EA8-00FFAE8A8645}: NameServer = 12.127.17.72 12.127.16.68
Last edited by Xayla; 30-06-2004 at 10:48 PM.
-
Backups on the desktop owen! Roflmao! You should have seen that one coming! 
Pray continue.
-
I'm sure I'd feel really stupid if I had any idea what Nirvana meant....LOL
-
I'm trying (and failing) to tell Owen not to run before he can walk. Is your desktop full of backups now?
