HiJack Log that you requested

[roeo727]

Here is the log. Let me know what you think. Thank you!!

Logfile of HijackThis v1.98.2
Scan saved at 12:17:15 PM, on 10/13/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDSYMTRAY.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOW***PLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESVERIZON ONLINEWINPOETWINPPPOVERETHERNET.EXE
C:WINDOWSSYSTEMUSBMONIT.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON ANTIVIRUSNAVAPW32.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON UTILITIESNPROTECT.EXE
C:WINDOWSSYSTEMATIPTAXX.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON CLEANSWEEPCSINSM32.EXE
C:Program FilesNorton SystemWorksNorton CleanSweepMonwow.exe
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESYAHOO!MESSENGERYPAGER.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:MY DOCUMENTSROE'S DOCSHIGHJACK THISHIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [a-winpoet-service] "C:Program FilesVerizon OnlineWinPoETwinpppoverethernet.exe"
O4 - HKLM..Run: [Gene USB Monitor] C:WINDOWSSYSTEMUSBMonit.exe
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~2NORTON~1NAVAPW32.EXE
O4 - HKLM..Run: [NPROTECT] C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O4 - HKLM..Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" -atboottime
O4 - HKLM..RunServices: [ScriptBlocking] "C:Program FilesCommon FilesSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [SymTray - Norton SystemWorks] C:Program FilesCommon FilesSymantec SharedSymTray.exe "Norton SystemWorks"
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:Program FilesNorton SystemWorksNorton CleanSweepcsinsm32.exe
O4 - Global Startup: Verizon Online.lnk = C:Program FilesVerizon OnlineVOLSWVerizon Online.exe
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:PROGRAM FILESVERIZON ONLINECONTROLPADMisca_menu.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRAM FILESAIM95AIM.EXE
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clie...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clie...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clie...ts/y/dot2_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSCo...ol_v1-0-3-0.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.3.20/bac...n-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clie...nts/y/at1_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...dc8e23e872259cf

[Mobo]

The only thing there at this time is this entry :
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...dc8e23e872259cf

Other than that its clean. Have you rebooted since removing those hijack items ?

[roeo727]

I had, but I rebooted again and now it seems to have stopped. I'll see what happens. What should I do with that entry that you pointed out?

[Mobo]

Have hijack it then what I want you to do is do a search for winupdates. If it turns up anything, delete it..whether its a file or a folder. just make sure its spelling is exactly as above and one word..[/b]

[roeo727]

Had HighjackThis fix it and then did a search and nothing came up. Here is another log:

Logfile of HijackThis v1.98.2
Scan saved at 2:29:35 PM, on 10/13/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDSYMTRAY.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOW***PLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESVERIZON ONLINEWINPOETWINPPPOVERETHERNET.EXE
C:WINDOWSSYSTEMUSBMONIT.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON ANTIVIRUSNAVAPW32.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON UTILITIESNPROTECT.EXE
C:WINDOWSSYSTEMATIPTAXX.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON CLEANSWEEPCSINSM32.EXE
C:Program FilesNorton SystemWorksNorton CleanSweepMonwow.exe
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:MY DOCUMENTSROE'S DOCSHIGHJACK THISHIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [a-winpoet-service] "C:Program FilesVerizon OnlineWinPoETwinpppoverethernet.exe"
O4 - HKLM..Run: [Gene USB Monitor] C:WINDOWSSYSTEMUSBMonit.exe
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~2NORTON~1NAVAPW32.EXE
O4 - HKLM..Run: [NPROTECT] C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O4 - HKLM..Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" -atboottime
O4 - HKLM..RunServices: [ScriptBlocking] "C:Program FilesCommon FilesSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [SymTray - Norton SystemWorks] C:Program FilesCommon FilesSymantec SharedSymTray.exe "Norton SystemWorks"
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:Program FilesNorton SystemWorksNorton CleanSweepcsinsm32.exe
O4 - Global Startup: Verizon Online.lnk = C:Program FilesVerizon OnlineVOLSWVerizon Online.exe
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:PROGRAM FILESVERIZON ONLINECONTROLPADMisca_menu.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRAM FILESAIM95AIM.EXE
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clie...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clie...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clie...ts/y/dot2_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSCo...ol_v1-0-3-0.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.3.20/bac...n-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clie...nts/y/at1_x.cab

Do I assume that my security settings in internet options are ok? My son was on AIM last night when all this started, so I was wondering if something isn't set as it should be. I had come up with 57 entries when he was done. Ahhhh...

[Mobo]

Thats clean.. :wink:

[roeo727]

Thank you SOO much... [img]style_emoticons/<#EMO_DIR#>/laugh.gif[/img]

[Mobo]

Anytime and please feel free to return anytime and I would appreciate and nudges you may give to friends to visit as well..Have a good day..