If not already done so could you please run Cwshredder download, install (after unzip), run, delete all that it finds.
I was concerned to see so many O17's in your list, very unusual, I have checked these out and they are either web hosting services or ISP's. If they are all known to you that is OK, if any of these are not, please let me know.
1) http://www.mydomain.com/ 2) EarthLink Network, Inc. ATLANTA 3) Everyones Internet, Inc. Houston.
Please advise on those before I give advice on your log.
ChrisRLG, I very much appreciate your analysis of my hijack information. I just ran Cwshredder, it did not seem to detect anything unusual. I ran Cwshredder on Friday of last week and It did clean up some items. 017 is a "Domain Hijack", not real sure what that is. I am not familiar at all with www.mydomain.com, I do not have any idea what this is. Everyone's Internet was my former internet provider, I had 56K & DSL with Everyone's Internet, and they are no longer my internet provider. My current internet provider is Earthlink, I have cable modem ISP service with them, Earthlink is the only "OK" item that I know about on that list. What should I do about www.mydomain.com and Everyone's Internet, can I safely delete these items, leave them alone, I don't know. Below is the result of my new Hijackthis scan: Thank you very much
Logfile of HijackThis v1.97.7 Scan saved at 9:41:59 AM, on 12/17/2003 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
I carefully checked the items listed and then used hijackthis to remove them. I could not find any matching R1 items, I have one R1 item that I left alone. I also could not find the 015 AOL trusted site, I would have deleted that, I don't trust AOL. My list is much shorted and my computer seems to be running just fine. The below hijacklist log is after scanning hijackthis and then a reboot. How does it look now? I really do appreciate the help.
Logfile of HijackThis v1.97.7 Scan saved at 4:18:18 PM, on 12/17/2003 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
To help you stay clear look on my website (link below) and in the malware section, for spywareblaster and spywareguard, both free and they will help stop bad activeX controls being installed. Also do a google for ie-spyad and install that. It will put 5000 sites into your restricted sites list for that you can't accidently go to them, and an optional 950 adult sites as well.
ChrisRLG
3.9K Posts
0
December 17th, 2003 11:00
If not already done so could you please run Cwshredder
download, install (after unzip), run, delete all that it finds.
I was concerned to see so many O17's in your list, very unusual, I have checked these out and they are either web hosting services or ISP's.
If they are all known to you that is OK, if any of these are not, please let me know.
1) http://www.mydomain.com/
2) EarthLink Network, Inc. ATLANTA
3) Everyones Internet, Inc. Houston.
Please advise on those before I give advice on your log.
Please reboot and post a new log for me to check.
Trenchgun
4 Posts
0
December 17th, 2003 13:00
ChrisRLG, I very much appreciate your analysis of my hijack information. I just ran Cwshredder, it did not seem to detect anything unusual. I ran Cwshredder on Friday of last week and It did clean up some items. 017 is a "Domain Hijack", not real sure what that is. I am not familiar at all with www.mydomain.com, I do not have any idea what this is. Everyone's Internet was my former internet provider, I had 56K & DSL with Everyone's Internet, and they are no longer my internet provider. My current internet provider is Earthlink, I have cable modem ISP service with them, Earthlink is the only "OK" item that I know about on that list. What should I do about www.mydomain.com and Everyone's Internet, can I safely delete these items, leave them alone, I don't know. Below is the result of my new Hijackthis scan: Thank you very much
Logfile of HijackThis v1.97.7
Scan saved at 9:41:59 AM, on 12/17/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Greetings Workshop\Gwremind.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.288125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{26CDA90B-A883-4159-869C-7DCDE90DFCBC}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{283EDFB1-6A56-4DAE-9520-C19859BEBCF6}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD3187A-9256-4FEC-A6EE-6628A8DAC4C9}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{4612B0E2-11E5-406A-9ABC-A43D82DE7ECC}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B0D94F9-4426-4663-8989-6611338C774B}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE740C4-234B-461E-91AB-F420E6826B27}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0514612-D3E0-4E90-91C8-8BC96D0EBED6}: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.288125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{26CDA90B-A883-4159-869C-7DCDE90DFCBC}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{283EDFB1-6A56-4DAE-9520-C19859BEBCF6}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD3187A-9256-4FEC-A6EE-6628A8DAC4C9}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{4612B0E2-11E5-406A-9ABC-A43D82DE7ECC}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B0D94F9-4426-4663-8989-6611338C774B}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE740C4-234B-461E-91AB-F420E6826B27}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0514612-D3E0-4E90-91C8-8BC96D0EBED6}: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
ChrisRLG
3.9K Posts
0
December 17th, 2003 17:00
Tick these in hijackthis, AND WITH ALL BROWSER WINDOWS CLOSED, fix ticked:-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{26CDA90B-A883-4159-869C-7DCDE90DFCBC}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{283EDFB1-6A56-4DAE-9520-C19859BEBCF6}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD3187A-9256-4FEC-A6EE-6628A8DAC4C9}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{4612B0E2-11E5-406A-9ABC-A43D82DE7ECC}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B0D94F9-4426-4663-8989-6611338C774B}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE740C4-234B-461E-91AB-F420E6826B27}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0514612-D3E0-4E90-91C8-8BC96D0EBED6}: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
Do you trust AOL? if not tick to remove this one.
O15 - Trusted Zone: http://free.aol.com
Then reboot and post a fresh log. Please confirm if you are all ok then.
Trenchgun
4 Posts
0
December 17th, 2003 20:00
I carefully checked the items listed and then used hijackthis to remove them. I could not find any matching R1 items, I have one R1 item that I left alone. I also could not find the 015 AOL trusted site, I would have deleted that, I don't trust AOL. My list is much shorted and my computer seems to be running just fine. The below hijacklist log is after scanning hijackthis and then a reboot. How does it look now? I really do appreciate the help.
Logfile of HijackThis v1.97.7
Scan saved at 4:18:18 PM, on 12/17/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Greetings Workshop\Gwremind.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.288125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{21549BF2-9370-494B-B05D-246555BE213E}: NameServer = 207.217.120.83,207.217.77.82
ChrisRLG
3.9K Posts
0
December 18th, 2003 06:00
You do look clear now.
To help you stay clear look on my website (link below) and in the malware section, for spywareblaster and spywareguard, both free and they will help stop bad activeX controls being installed. Also do a google for ie-spyad and install that. It will put 5000 sites into your restricted sites list for that you can't accidently go to them, and an optional 950 adult sites as well.
Trenchgun
4 Posts
0
December 18th, 2003 10:00
ChrisRLG, I will follow your advice and get spywareblaster, spywareguard and
ie-spyad. I appreciate your help greatly in working with me to clean up my computer.