errorplace - Help

Unknown
edited September 2004 in Spyware & Virus Removal
I'm getting redirected to errorplace.com more frequently...I have run AdAware 6.0 and Spybot 1.3 many times as well as Norton anti-virus registry clean up.

After reading previous posts here I have downloaded HiJackThis to a seperate folder. I ran a scan and have a log to post if anyone is interested. Thanks for any help you can provide!

Comments

  • TroganTrogan London, UK
    edited September 2004
    Post your log, everyone's always intrested :)
  • jakeandkaty
    edited September 2004
    Here's the HiJackthis log. Thanks!

    ogfile of HijackThis v1.98.2
    Scan saved at 1:52:09 PM, on 9/18/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\HJT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcafee.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/5/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://my-find.com/sp.htm
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: jimmyhelp.CBrowserHelper - {D206DA68-B316-432B-AC43-F73E9C30A202} - C:\WINDOWS\EUXRGC.DLL
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\drmstor.dll"
    O4 - HKLM\..\RunOnce: [WMC_1] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\drmclien.dll"
    O4 - HKLM\..\RunOnce: [WMC_2] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\asfsipc.dll"
    O4 - HKLM\..\RunOnce: [WMC_3] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\drmv2clt.dll"
    O4 - HKLM\..\RunOnce: [WMC_4] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\blackbox.dll"
    O4 - HKLM\..\RunOnce: [WMC_5] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\msnetobj.dll"
    O4 - HKLM\..\RunOnce: [WMC_6] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\msisam11.dll"
    O4 - HKLM\..\RunOnce: [WMC_7] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mindex.dll"
    O4 - HKLM\..\RunOnce: [WMC_8] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmstream.dll"
    O4 - HKLM\..\RunOnce: [WMC_9] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmnetmgr.dll"
    O4 - HKLM\..\RunOnce: [WMC_10] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmidx.ocx"
    O4 - HKLM\..\RunOnce: [WMC_11] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmadmoe.dll"
    O4 - HKLM\..\RunOnce: [WMC_12] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmadmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_13] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmsdmoe.dll"
    O4 - HKLM\..\RunOnce: [WMC_14] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmsdmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_15] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmvdmoe.dll"
    O4 - HKLM\..\RunOnce: [WMC_16] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmvdmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_17] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmv8dmoe.dll"
    O4 - HKLM\..\RunOnce: [WMC_18] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmv8dmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_19] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mpg4dmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_20] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\laprxy.dll"
    O4 - HKLM\..\RunOnce: [WMC_21] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmvcore.dll"
    O4 - HKLM\..\RunOnce: [WMC_22] "C:\WINDOWS\SYSTEM\logagent.exe" /RegServer
    O4 - HKLM\..\RunOnce: [WMC_23] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mswmdm.dll"
    O4 - HKLM\..\RunOnce: [WMC_24] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\msscp.dll"
    O4 - HKLM\..\RunOnce: [WMC_25] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mspmsp.dll"
    O4 - HKLM\..\RunOnce: [WMC_26] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmdmps.dll"
    O4 - HKLM\..\RunOnce: [WMC_27] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmdmlog.dll"
    O4 - HKLM\..\RunOnce: [WMC_28] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\CEWMDM.dll"
    O4 - HKLM\..\RunOnce: [WMC_29] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpui.dll"
    O4 - HKLM\..\RunOnce: [WMC_30] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmp.ocx"
    O4 - HKLM\..\RunOnce: [WMC_31] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpcore.dll"
    O4 - HKLM\..\RunOnce: [WMC_32] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpcd.dll"
    O4 - HKLM\..\RunOnce: [WMC_33] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\pdbrowse.dll"
    O4 - HKLM\..\RunOnce: [WMC_34] "C:\WINDOWS\INF\unregmp2.exe" /Shortcuts /RegExts
    O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.mcafee.com
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - http://beltyo.ud-dial.biz/1/dexUK626.exe
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4384/mcfscan.cab
  • SpywareShooterSpywareShooter 127.0.0.1
    edited September 2004
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcafee.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/5/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://my-find.com/sp.htm
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: jimmyhelp.CBrowserHelper - {D206DA68-B316-432B-AC43-F73E9C30A202} - C:\WINDOWS\EUXRGC.DLL
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\drmstor.dll"
    O4 - HKLM\..\RunOnce: [WMC_1] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\drmclien.dll"
    O4 - HKLM\..\RunOnce: [WMC_2] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\asfsipc.dll"
    O4 - HKLM\..\RunOnce: [WMC_3] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\drmv2clt.dll"
    O4 - HKLM\..\RunOnce: [WMC_4] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\blackbox.dll"
    O4 - HKLM\..\RunOnce: [WMC_5] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\msnetobj.dll"
    O4 - HKLM\..\RunOnce: [WMC_6] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\msisam11.dll"
    O4 - HKLM\..\RunOnce: [WMC_7] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mindex.dll"
    O4 - HKLM\..\RunOnce: [WMC_8] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmstream.dll"
    O4 - HKLM\..\RunOnce: [WMC_9] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmnetmgr.dll"
    O4 - HKLM\..\RunOnce: [WMC_10] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmidx.ocx"
    O4 - HKLM\..\RunOnce: [WMC_11] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmadmoe.dll"
    O4 - HKLM\..\RunOnce: [WMC_12] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmadmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_13] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmsdmoe.dll"
    O4 - HKLM\..\RunOnce: [WMC_14] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmsdmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_15] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmvdmoe.dll"
    O4 - HKLM\..\RunOnce: [WMC_16] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmvdmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_17] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmv8dmoe.dll"
    O4 - HKLM\..\RunOnce: [WMC_18] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmv8dmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_19] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mpg4dmod.dll"
    O4 - HKLM\..\RunOnce: [WMC_20] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\laprxy.dll"
    O4 - HKLM\..\RunOnce: [WMC_21] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmvcore.dll"
    O4 - HKLM\..\RunOnce: [WMC_22] "C:\WINDOWS\SYSTEM\logagent.exe" /RegServer
    O4 - HKLM\..\RunOnce: [WMC_23] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mswmdm.dll"
    O4 - HKLM\..\RunOnce: [WMC_24] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\msscp.dll"
    O4 - HKLM\..\RunOnce: [WMC_25] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mspmsp.dll"
    O4 - HKLM\..\RunOnce: [WMC_26] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmdmps.dll"
    O4 - HKLM\..\RunOnce: [WMC_27] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmdmlog.dll"
    O4 - HKLM\..\RunOnce: [WMC_28] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\CEWMDM.dll"
    O4 - HKLM\..\RunOnce: [WMC_29] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpui.dll"
    O4 - HKLM\..\RunOnce: [WMC_30] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmp.ocx"
    O4 - HKLM\..\RunOnce: [WMC_31] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpcore.dll"
    O4 - HKLM\..\RunOnce: [WMC_32] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpcd.dll"
    O4 - HKLM\..\RunOnce: [WMC_33] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\pdbrowse.dll"
    O4 - HKLM\..\RunOnce: [WMC_34] "C:\WINDOWS\INF\unregmp2.exe" /Shortcuts /RegExts
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - http://beltyo.ud-dial.biz/1/dexUK626.exe

    Have HijackThis fix those entries, then quarentine the files, reboot, and post a new log.
  • jakeandkaty
    edited September 2004
    I fixed the entries you listed and rebooted. I'll have to surf for awhile to check the results. Thanks for your expertise, generosity and kindness. I'll post an update. Oh, here's new HiJackThis log.

    Logfile of HijackThis v1.98.2
    Scan saved at 3:00:49 PM, on 9/18/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\HJT\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcafee.com
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.mcafee.com
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
  • SpywareShooterSpywareShooter 127.0.0.1
    edited September 2004
    Your log looks okay now. Are you still having any problems?
  • jakeandkaty
    edited September 2004
    Everything appears to be working fine. Many thanks for sharing your knowledge!
This discussion has been closed.