| homeboy |
| (regular) |
| Sat Mar 20 2004 12:12 PM |
unwanted wap pages
|
Evertime I re-boot my system I keep geting web pag links in my favorite folder I have run 2 spy programs and they both say that i am clear.
Hope someone can help me .
steve
| putasolutions |
| (regular) |
| Sat Mar 20 2004 12:21 PM |
|
|
Re: unwanted wap pages
|
Go to this page, and download 'Hijack This!'.
Unzip it, launch Hijack This, then press Scan, and press Save Log
This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.
open that file
Go to Edit | Select all
Now click Edit | copy to copy it
Do not change anything just yet
Come back to the forum, Right Click and paste its contents here
Someone will come along and have a look at it, and advise you what still needs to be removed.
Please post your query to the boards as many hands make light work, and I'm not talking electricians! If your problem is solved, let us know so that others can learn.
| safeTsurfa |
| (regular) |
| Sat Mar 20 2004 01:04 PM |
|
Re: unwanted wap pages
|
This is Homeboy's Hijack This log:
Thank for a fast reply
Logfile of HijackThis v1.97.5
Scan saved at 12:39:27, on 20/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allneedsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://allneedsearch.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3863E84D-BE5C-9B1E-BA4A-C20C87C00E66} - C:\PROGRA~1\ITCHCD~1\RemoteOnce.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {71ECC926-C106-4247-A533-A350442D5E0E} - C:\WINDOWS\System32\comluid.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SuperBar - {33B5B491-3A27-4FF3-ADDF-2FD75C79CAA9} - C:\Program Files\SuperBar\SuperBar.Dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Deafstore - {C9FBE505-0CA0-34E4-2B44-EA556DD0979F} - C:\PROGRA~1\ITCHCD~1\RemoteOnce.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [MSUpdate] C:\WINDOWS\MSUpdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [aimboot] %SystemRoot%\winrar.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Popup & Privacy Defender for IE] "C:\Program Files\Popup & Privacy Defender for IE\pdie.exe" Minimize
O4 - Startup: Spy Sweeper.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O4 - Global Startup: winlogon.exe
O9 - Extra button: P&&PDIE (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38050.4456712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00A587D3-371F-424D-86BF-AF30AB7E5F0B}: NameServer = 194.119.131.65,194.119.131.64
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ECB5C17-2FF2-40F6-936E-1736409258A8}: NameServer = 194.119.131.66,194.191.131.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{00A587D3-371F-424D-86BF-AF30AB7E5F0B}: NameServer = 194.119.131.65,194.119.131.64
O17 - HKLM\System\CS2\Services\Tcpip\..\{00A587D3-371F-424D-86BF-AF30AB7E5F0B}: NameServer = 194.119.131.65,194.119.131.64
Safety Tips for
Kids and Teens
| safeTsurfa |
| (regular) |
| Sat Mar 20 2004 01:19 PM |
|
Re: unwanted wap pages
|
Run Hijack This to make the following fixes, then reboot and scan with it again, and post a fresh log
in this thread using the Reply button, so we can review what's still there.
Don't run these all the time, start them manually when needed:
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kazaa Lite K \KazaaLite.kpp
Select and kill these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allneedsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://allneedsearch.com/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {3863E84D-BE5C-9B1E-BA4A-C20C87C00E66} - C:\PROGRA~1\ITCHCD~1\RemoteOnce.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {71ECC926-C106-4247-A533-A350442D5E0E} - C:\WINDOWS\System32\comluid.dll (file missing)
O3 - Toolbar: SuperBar - {33B5B491-3A27-4FF3-ADDF-2FD75C79CAA9} - C:\Program Files\SuperBar\SuperBar.Dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Deafstore - {C9FBE505-0CA0-34E4-2B44-EA556DD0979F} - C:\PROGRA~1\ITCHCD~1\RemoteOnce.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
Then stop loading stupid Search bars into your browser when they contain spyware!!! If you want a safe search bar, get the Google Toolbar
Safety Tips for
Kids and Teens