Boston7
join:2002-04-22
| Hijack this log Can someone examine this log and tell me what can be fixed? Like in particular, the O17... I assume I can fix all of those, I don't recognize them.
Thanks,
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum Pro\FpLaunch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file)
O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Internet\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\tclock\TCLOCKEX.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Update InstaCode.lnk = C:\Program Files\InstaCode\WiseUpdt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - »www.flipside.com/cab/WONWebLaunc···trol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = +s
O17 - HKLM\Software\..\Telephony: DomainName = +s
O17 - HKLM\System\CCS\Services\Tcpip\..\{A37AC1CC-94D1-458A-9209-E7CD28D231DC}: Domain = f26798.tfil.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B606CAC7-02A2-4B01-BCE3-D9BDE6D1A1CD}: Domain = f26798.tfil.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0117F4F-3FE3-4632-8E40-1430EFD9849A}: Domain = f26798.tfil.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = +s | |
|
 |
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| SpyBot S&D from »security.kolla.de is able to remove lop for you.
Download it and after install, update it, then run it.
If you do not know how to set it up, this thread will help.
»Internet Washer
[text was edited by author 2003-10-08 15:00:37] | |
|
dp
Go Steelers
Premium,MVM
join:2000-12-08
Greensburg, PA | Clean out LOP as John suggested and then post another Hijack log. | |
|
Boston7
join:2002-04-22
| Ok thanks all,
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum Pro\FpLaunch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file)
O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Internet\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\tclock\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?�??????\WkDetect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Update InstaCode.lnk = C:\Program Files\InstaCode\WiseUpdt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - »www.flipside.com/cab/WONWebLaunc···trol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab | |
|
 |
dp
Go Steelers
Premium,MVM
join:2000-12-08
Greensburg, PA
 ·Verizon Online DSL
| Re: Hijack this log You can tick off and fix:
O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file)
O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file)
I don't see anything else, maybe someone else will take another look at it.
--
Write your questions down on the back of a $20 dollar bill and send them to me | |
|
| |
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| Re: Hijack this log said by dp  :
You can tick off and fix:
O3 - Toolbar: (no name) - {D97A579C-7811-46D5-84A3-6262A02CA46F} - (no file)
O3 - Toolbar: (no name) - {362a256f-b243-4d93-95e4-e696626a5e59} - (no file)
I don't see anything else, maybe someone else will take another look at it.
[text was edited by author 2003-10-08 16:26:55] | |
|
| | | |
| | | | |
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| Wrong info
[text was edited by author 2003-10-08 16:25:48] | |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| This info was wrong. I was reading the wrong line in some .dll info.
[text was edited by author 2003-10-08 16:24:16] | |
|
| 
Zupe
Premium,MVM
join:2001-11-29
New York, NY
clubs:
| Re: Hijack this log said by John2g :
This is the entry that identifies it as WurldMedia
C:\WINDOWS\system32\dla\tfswshx.dll
According to this page: »216.239.41.104/search?q=cache:rl···ie=UTF-8 , that's part of Hewlett-Packard's DLA software
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"? | |
|
|
Boston7
join:2002-04-22
| said by John2g :
This is the entry that identifies it as WurldMedia
C:\WINDOWS\system32\dla\tfswshx.dll
Are you sure? I ran spybot and it didnt find anything related to that. I Identified that entry as being:
O {5CA3D70E-1895-11CF-8E15-001234567890}: tfswshx.dll - Hewlett-Packard/Veritas DLA software
from this page »www.spywareinfo.com/bhos/archive···3_05.php
I still don't know if it is needed or not, it labels it as "O" not sure what "O" means...
But I do have veritas DLA(drive letter access)...
So do you know if I still need it?
Thanks,
Edit: Oops, I see I type to slow lol...others beat me to it...Thanks all for the responses,
[text was edited by author 2003-10-08 16:25:09] | |
|
| |
dp
Go Steelers
Premium,MVM
join:2000-12-08
Greensburg, PA
·Verizon Online DSL
| Re: Hijack this log said by Boston7 :
O {5CA3D70E-1895-11CF-8E15-001234567890}: tfswshx.dll - Hewlett-Packard/Veritas DLA software
from this page »www.spywareinfo.com/bhos/archive···3_05.php
I still don't know if it is needed or not, it labels it as "O" not sure what "O" means...
But I do have veritas DLA(drive letter access)...
So do you know if I still need it?
Thanks,
I would leave that intact.
--
Write your questions down on the back of a $20 dollar bill and send them to me | |
|
|
|
|
