Spyware?

**~bk** · October 3rd, 2004

Everytime I launch IE, these two search bars pop-up. I don't use IE but my parents do sometimes. I did a Spybot - Search and Destroy.. found like 5 problems and I fixed them. But still, they pop-up. Any ideas?

Your help is greatly appreciated.

**~bk** · October 3rd, 2004

Okay, I've some how fixed the bottom bar. But the top one is still showing.

**j79zlr** · October 3rd, 2004

post a HijackThis log and I can take a look.

**~bk** · October 3rd, 2004

Here:

Logfile of HijackThis v1.98.2
Scan saved at 2:41:23 PM, on 10/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Pulse\Pulse.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bilal\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cfmccjjbwrvbiyxssc.us/Apt...VbREom5zD0.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;
O2 - BHO: (no name) - {88B28A89-B431-C8D9-1B65-CCEA5851D23F} - C:\PROGRA~1\INTER4~1\CLOCK RULE.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Name Creative] C:\PROGRA~1\chicidledeaf\extragluecdrom.exe
O4 - HKLM\..\Run: [Rule up great owns] C:\Documents and Settings\All Users\Application Data\comp 32 rule up\comp1.exe
O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

**j79zlr** · October 3rd, 2004

Fix these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cfmccjjbwrvbiyxssc.us/Ap...vVbREom5zD0.php
O2 - BHO: (no name) - {88B28A89-B431-C8D9-1B65-CCEA5851D23F} - C:\PROGRA~1\INTER4~1\CLOCK RULE.exe
O4 - HKLM\..\Run: [Name Creative] C:\PROGRA~1\chicidledeaf\extragluecdrom.exe
O4 - HKLM\..\Run: [Rule up great owns] C:\Documents and Settings\All Users\Application Data\comp 32 rule up\comp1.exe

Also, run this uninstaller, http://lop.com/new_uninstall.exe MessengerPlus installs lop.com crap if you allow it to, one reason I definitely recommend against it.

Reboot into safemode, and delete:

C:\Documents and Settings\All Users\Application Data\comp 32 rule up\ <--folder
C:\Program Files\chicidledeaf\ <--folder
C:\Program Files\INTER4~1\ <--folder that begins with inter4

Reboot normally and post a new log. All of this spyware was installed via MessengerPlus.

**~bk** · October 3rd, 2004

sh!t! via Messenger Plus!

Will do what you said and let you know.

**~bk** · October 4th, 2004

Those bars are now removed. Here's the new log. Everything seems fine to me.

Logfile of HijackThis v1.98.2
Scan saved at 4:57:28 PM, on 10/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Pulse\Pulse.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\DOCUME~1\Bilal\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Bilal\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bilal\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

**~bk** · October 4th, 2004

Oh and I don't know why but when I did that uninstaller thing, all my bookmarks were gone from Firefox.

Is it possible to recover them?

**j79zlr** · October 4th, 2004

never heard of that, is the bookmarks.html file still in C:\Docs and settings\<username>\Application Data\Mozilla\Firefox\default.xyz\ ?

**~bk** · October 4th, 2004

Yeah, it's still there.

**j79zlr** · October 4th, 2004

try and redirect Firefox to use it.

**~bk** · October 4th, 2004

How do I redirect it?

edit: Nevermind, got it.

**j79zlr** · October 4th, 2004

did it work? I've never seen that uninstaller affect firefox.

**~bk** · October 4th, 2004

Yeah, the bookmarks are back.

I don't know why it happened. It gave me a warning when I used it to close all your internet browsers, maybe something happened in between.

October 3rd, 2004	Top \| #1
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	Spyware? Everytime I launch IE, these two search bars pop-up. I don't use IE but my parents do sometimes. I did a Spybot - Search and Destroy.. found like 5 problems and I fixed them. But still, they pop-up. Any ideas? Your help is greatly appreciated. Attached Thumbnails +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

October 3rd, 2004	Top \| #2
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	Okay, I've some how fixed the bottom bar. But the top one is still showing. +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

October 3rd, 2004	Top \| #3
j79zlr Glaanies script monkey Joined: February 2003 Location: Chicago Posts: 2,725 Reputation: 1520 Power: 155	post a HijackThis log and I can take a look. http://www.j79zlr.com

October 3rd, 2004	Top \| #4
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	Here: Logfile of HijackThis v1.98.2 Scan saved at 2:41:23 PM, on 10/3/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe C:\Program Files\Athan\Athan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Pulse\Pulse.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Bilal\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cfmccjjbwrvbiyxssc.us/Apt...VbREom5zD0.php R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com; O2 - BHO: (no name) - {88B28A89-B431-C8D9-1B65-CCEA5851D23F} - C:\PROGRA~1\INTER4~1\CLOCK RULE.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Name Creative] C:\PROGRA~1\chicidledeaf\extragluecdrom.exe O4 - HKLM\..\Run: [Rule up great owns] C:\Documents and Settings\All Users\Application Data\comp 32 rule up\comp1.exe O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

October 3rd, 2004	Top \| #5
j79zlr Glaanies script monkey Joined: February 2003 Location: Chicago Posts: 2,725 Reputation: 1520 Power: 155	Fix these: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cfmccjjbwrvbiyxssc.us/Ap...vVbREom5zD0.php O2 - BHO: (no name) - {88B28A89-B431-C8D9-1B65-CCEA5851D23F} - C:\PROGRA~1\INTER4~1\CLOCK RULE.exe O4 - HKLM\..\Run: [Name Creative] C:\PROGRA~1\chicidledeaf\extragluecdrom.exe O4 - HKLM\..\Run: [Rule up great owns] C:\Documents and Settings\All Users\Application Data\comp 32 rule up\comp1.exe Also, run this uninstaller, http://lop.com/new_uninstall.exe MessengerPlus installs lop.com crap if you allow it to, one reason I definitely recommend against it. Reboot into safemode, and delete: C:\Documents and Settings\All Users\Application Data\comp 32 rule up\ <--folder C:\Program Files\chicidledeaf\ <--folder C:\Program Files\INTER4~1\ <--folder that begins with inter4 Reboot normally and post a new log. All of this spyware was installed via MessengerPlus. http://www.j79zlr.com

Latest News Posts

Latest Forum Posts

Latest Member Blogs

October 3rd, 2004	Top \| #6
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	sh!t! via Messenger Plus! Will do what you said and let you know. +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

October 4th, 2004	Top \| #7
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	Those bars are now removed. Here's the new log. Everything seems fine to me. Logfile of HijackThis v1.98.2 Scan saved at 4:57:28 PM, on 10/3/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe C:\Program Files\Athan\Athan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Pulse\Pulse.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\rsvp.exe C:\Program Files\Adobe\Photoshop CS\Photoshop.exe C:\DOCUME~1\Bilal\LOCALS~1\Temp\~e5d141.tmp C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\Bilal\LOCALS~1\Temp\~e5d141.tmp C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Bilal\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com; O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

October 4th, 2004	Top \| #8
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	Oh and I don't know why but when I did that uninstaller thing, all my bookmarks were gone from Firefox. Is it possible to recover them? +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

October 4th, 2004	Top \| #9
j79zlr Glaanies script monkey Joined: February 2003 Location: Chicago Posts: 2,725 Reputation: 1520 Power: 155	never heard of that, is the bookmarks.html file still in C:\Docs and settings\<username>\Application Data\Mozilla\Firefox\default.xyz\ ? http://www.j79zlr.com

October 4th, 2004	Top \| #10
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	Yeah, it's still there. +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

October 4th, 2004	Top \| #11
j79zlr Glaanies script monkey Joined: February 2003 Location: Chicago Posts: 2,725 Reputation: 1520 Power: 155	try and redirect Firefox to use it. http://www.j79zlr.com

October 4th, 2004	Top \| #12
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	How do I redirect it? edit: Nevermind, got it. +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

October 4th, 2004	Top \| #13
j79zlr Glaanies script monkey Joined: February 2003 Location: Chicago Posts: 2,725 Reputation: 1520 Power: 155	did it work? I've never seen that uninstaller affect firefox. http://www.j79zlr.com

October 4th, 2004	Top \| #14
~bk I <3 Adriana Joined: November 2003 Location: Canada Posts: 3,768 Reputation: 1230 Power: 154	Yeah, the bookmarks are back. I don't know why it happened. It gave me a warning when I used it to close all your internet browsers, maybe something happened in between. +bk.designs; + notebook + deviantART __________ // art is literacy of the heart <3

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Need help!!!! spyware	zandyrei	Windows Desktop Systems	9	July 11th, 2006 6:14am
spyware .... can't get it out	the_music_man	Windows Desktop Systems	15	August 12th, 2004 9:55pm
Spyware...	ryan3dfan	Windows Desktop Systems	10	December 19th, 2002 11:51pm
any spyware or what not in IE6 sp1?	jkoXP	Windows Desktop Systems	2	September 10th, 2002 9:47pm
Best p2p without spyware?	chainsaw	Windows Desktop Systems	21	July 10th, 2002 3:54am