Hijack this log - dslreports.com

Author	All Replies
Boston7 join:2002-04-22	Hijack this log Can someone examine this log and tell me what can be fixed? Like in particular, the O17... I assume I can fix all of those, I don't recognize them. Thanks, R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum Pro\FpLaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file) O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Internet\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [TClockEx] C:\tclock\TCLOCKEX.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Update InstaCode.lnk = C:\Program Files\InstaCode\WiseUpdt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - »www.flipside.com/cab/WONWebLaunc···trol.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = +s O17 - HKLM\Software\..\Telephony: DomainName = +s O17 - HKLM\System\CCS\Services\Tcpip\..\{A37AC1CC-94D1-458A-9209-E7CD28D231DC}: Domain = f26798.tfil.com O17 - HKLM\System\CCS\Services\Tcpip\..\{B606CAC7-02A2-4B01-BCE3-D9BDE6D1A1CD}: Domain = f26798.tfil.com O17 - HKLM\System\CCS\Services\Tcpip\..\{E0117F4F-3FE3-4632-8E40-1430EFD9849A}: Domain = f26798.tfil.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = +s
	to forum · permalink · · 2003-10-08 14:42:03 ·
ColdinCbus Premium join:2002-12-28 Columbus, OH clubs:	»www.onlinepcfix.com/spyware/Lop.htm says tfil.com is part of the the LOP tool bar. -- Team Discovery Project Hope
	to forum · permalink · · 2003-10-08 14:54:07 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	reply to Boston7 SpyBot S&D from »security.kolla.de is able to remove lop for you. Download it and after install, update it, then run it. If you do not know how to set it up, this thread will help. »Internet Washer [text was edited by author 2003-10-08 15:00:37]
	to forum · permalink · · 2003-10-08 14:58:51 ·
dp Premium,MVM join:2000-12-08 Greensburg, PA	reply to Boston7 Clean out LOP as John suggested and then post another Hijack log.
	to forum · permalink · · 2003-10-08 15:46:23 ·
Boston7 join:2002-04-22	reply to Boston7 Ok thanks all, R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum Pro\FpLaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file) O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Internet\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [TClockEx] C:\tclock\TCLOCKEX.EXE O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Update InstaCode.lnk = C:\Program Files\InstaCode\WiseUpdt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - »www.flipside.com/cab/WONWebLaunc···trol.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
	to forum · permalink · · 2003-10-08 15:52:39 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	reply to Boston7 Wrong info [text was edited by author 2003-10-08 16:25:48]
	to forum · permalink · · 2003-10-08 16:06:57 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	reply to Boston7 This info was wrong. I was reading the wrong line in some .dll info. [text was edited by author 2003-10-08 16:24:16]
	to forum · permalink · · 2003-10-08 16:09:40 ·
dp Premium,MVM join:2000-12-08 Greensburg, PA ·Verizon Online DSL	reply to Boston7 You can tick off and fix: O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file) O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file) I don't see anything else, maybe someone else will take another look at it. -- Write your questions down on the back of a $20 dollar bill and send them to me
	to forum · permalink · · 2003-10-08 16:11:03 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	said by dp : You can tick off and fix: O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file) O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file) I don't see anything else, maybe someone else will take another look at it. [text was edited by author 2003-10-08 16:26:55]
	to forum · permalink · · 2003-10-08 16:16:14 ·
Zupe Premium,MVM join:2001-11-29 New York, NY clubs:	reply to John2g said by John2g : This is the entry that identifies it as WurldMedia C:\WINDOWS\system32\dla\tfswshx.dll According to this page: »216.239.41.104/search?q=cache:rl···ie=UTF-8 , that's part of Hewlett-Packard's DLA software -- Brain: Pinky, are you pondering what I'm pondering? Pinky: I think so, Brain, but "Snowball for Windows"?
	to forum · permalink · · 2003-10-08 16:17:24 ·
dp Premium,MVM join:2000-12-08 Greensburg, PA ·Verizon Online DSL	reply to John2g said by John2g : said by dp : You can tick off and fix: O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file) O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file) I don't see anything else, maybe someone else will take another look at it. And this entry O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll John, I'm not sure about tfswshx.dll as being WurldMedia. I believe it's for the HP CD-Writer backup software. -- Write your questions down on the back of a $20 dollar bill and send them to me
	to forum · permalink · · 2003-10-08 16:19:25 ·
Boston7 join:2002-04-22	reply to John2g said by John2g : This is the entry that identifies it as WurldMedia C:\WINDOWS\system32\dla\tfswshx.dll Are you sure? I ran spybot and it didnt find anything related to that. I Identified that entry as being: O {5CA3D70E-1895-11CF-8E15-001234567890}: tfswshx.dll - Hewlett-Packard/Veritas DLA software from this page »www.spywareinfo.com/bhos/archive···3_05.php I still don't know if it is needed or not, it labels it as "O" not sure what "O" means... But I do have veritas DLA(drive letter access)... So do you know if I still need it? Thanks, Edit: Oops, I see I type to slow lol...others beat me to it...Thanks all for the responses, [text was edited by author 2003-10-08 16:25:09]
	to forum · permalink · · 2003-10-08 16:23:35 ·
dp Premium,MVM join:2000-12-08 Greensburg, PA ·Verizon Online DSL	said by Boston7 : O {5CA3D70E-1895-11CF-8E15-001234567890}: tfswshx.dll - Hewlett-Packard/Veritas DLA software from this page »www.spywareinfo.com/bhos/archive···3_05.php I still don't know if it is needed or not, it labels it as "O" not sure what "O" means... But I do have veritas DLA(drive letter access)... So do you know if I still need it? Thanks, I would leave that intact. -- Write your questions down on the back of a $20 dollar bill and send them to me
	to forum · permalink · · 2003-10-08 16:27:50 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	reply to dp said by dp : said by John2g : said by dp : You can tick off and fix: O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file) O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file) I don't see anything else, maybe someone else will take another look at it. And this entry O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll John, I'm not sure about tfswshx.dll as being WurldMedia. I believe it's for the HP CD-Writer backup software. You are correct. I read the line above, instead of the line below, on the .dll info -- Better to remain silent and be thought a fool, than to speak and remove all doubt.
	to forum · permalink · · 2003-10-08 16:34:20 ·


Sunday, 05-Jul 08:55:07	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9.5 years online! © 1999-2009 dslreports.com. page compression OFF