Newbie dot Org HomePage
Visit one of our web buddies
Mark..Snowman..Ed please have a look at this HJT
Sue

08/07/04 		Hi Guys
Remember the log I sent for one of my friends before.I believe Snow said he had never seen one like it...lol...Well here is another one from her comp she is having problems again and yes Ed she still has my email addy lol
Any help you guys could give me would be great and much appreciatedLogfile of HijackThis v1.97.7
Scan saved at 5:11:55 PM, on 8/4/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATIKEY32.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\ATIICON.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOWLIGHT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET
FILES\CONTENT.IE5\KXY38TUZ\HijackTHIS[1].EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.findwhatevernow.com/searchband2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.findwhatevernow.com/searchband2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoogames
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoogames
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.findwhatevernow.com/searchband2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
N1 - Netscape 4: user_pref("browser.startup.homepage",
"http://www.yahoo.com"); (C:\Program
Files\Netscape\Users\User00\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\MSGR.EN-US.EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FWN Toolbar - {3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} -
C:\WINDOWS\SYSTEM\FWNTOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [AtiKey] Atikey32.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] c:\Program
Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program
Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [rb32 ml075e] "c:\program
files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM
FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Drive] C:\Program
Files\Yahoo!\Drive\YahooDrive.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM
FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media
Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://c:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Acronym Finder lookup... -
http://www.acronymfinder.com/iesearch/
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM
FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: Yahoo! Cribbage -
http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
- http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Hearts -
http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
- http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Canasta -
http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Blackjack -
http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Dominoes -
http://download.games.yahoo.com/games/clients/y/dot7_x.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} -
http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38154.8140972222
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potd_x.cab

thanx Guys! :)

Anti-Virus: Norton
Browser: IE
OS: Win98

© Copyright 1998-2004 Newbie dot Org -- All rights reserved --
This site maintained by Galaxy Website Design


--|--