Hijackthis log...

Kizzmit5 · #1 (**permalink**) 05-06-2006, 07:20 AM

I thought I would see if you could spot any problems. I get an error when moving around neopets and when i usually get that message its been a virus or something. Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:15 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\regprot.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Aaren\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RegProt] c:\program files\regprot.exe /start
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://google.com/diskless/bin/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Neal · #2 (**permalink**) 05-06-2006, 06:36 PM

HI,

Don't see a thing in your log.

Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..

How long has it been since you did a scan with Ewido?

Kizzmit5 · #3 (**permalink**) 06-06-2006, 02:38 PM

well at least my log was clear. Here are the bit defender scan results.

BitDefender Online Scanner

Scan report generated at: Tue, Jun 06, 2006 - 03:36:46

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
01:53:55

Files
366894

Folders
5946

Boot Sectors
4

Archives
3944

Packed Files
19195

Results

Identified Viruses
9

Infected Files
9

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
14

Engines Info

Virus Definitions
386625

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Aaren\.housecall\Quarantine\install[1].htm.bac_a01812=>(Quarantine-4)
Infected with: Trojan.Exploit.Html.Codebaseexec.BI

C:\Documents and Settings\Aaren\.housecall\Quarantine\install[1].htm.bac_a01812=>(Quarantine-4)
Disinfection failed

C:\Documents and Settings\Aaren\.housecall\Quarantine\install[1].htm.bac_a01812=>(Quarantine-4)
Deleted

C:\Documents and Settings\Aaren\.housecall\Quarantine\kl[1].txt.bac_a00788=>(Quarantine-4)
Infected with: Trojan.PWS.Agent.BU

C:\Documents and Settings\Aaren\.housecall\Quarantine\kl[1].txt.bac_a00788=>(Quarantine-4)
Deleted

C:\Documents and Settings\Aaren\.housecall\Quarantine\tool2[1].txt.bac_a00788=>(Quarantine-4)
Infected with: Trojan.FakeAlert.R

C:\Documents and Settings\Aaren\.housecall\Quarantine\tool2[1].txt.bac_a00788=>(Quarantine-4)
Disinfection failed

C:\Documents and Settings\Aaren\.housecall\Quarantine\tool2[1].txt.bac_a00788=>(Quarantine-4)
Deleted

C:\Documents and Settings\Aaren\.housecall\Quarantine\tool3[1].txt.bac_a00788=>(Quarantine-4)
Infected with: Trojan.Downloader.Small.BFZ

C:\Documents and Settings\Aaren\.housecall\Quarantine\tool3[1].txt.bac_a00788=>(Quarantine-4)
Disinfection failed

C:\Documents and Settings\Aaren\.housecall\Quarantine\tool3[1].txt.bac_a00788=>(Quarantine-4)
Deleted

C:\Documents and Settings\Aaren\.housecall\Quarantine\toolbar[1].txt.bac_a00788=>(Quarantine-4)
Infected with: Trojan.Downloader.Adload.J

C:\Documents and Settings\Aaren\.housecall\Quarantine\toolbar[1].txt.bac_a00788=>(Quarantine-4)
Disinfection failed

C:\Documents and Settings\Aaren\.housecall\Quarantine\toolbar[1].txt.bac_a00788=>(Quarantine-4)
Deleted

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0014
Infected with: Trojan.Dloader.HK

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0014
Disinfection failed

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0014
Deleted

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe
Update failed

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0015
Infected with: Dropped:Application.Adware.NewDotNet.A

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0015
Disinfection failed

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0015
Deleted

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe
Update failed

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0016
Infected with: Trojan.Dropper.Small.FF

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0016
Disinfection failed

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0016
Deleted

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe
Update failed

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0024
Infected with: Trojan.Downloader.Wren.D

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0024
Disinfection failed

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe=>wise0024
Deleted

E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe
Update failed

I'll post the hijackthis in another post.

Kizzmit5 · #4 (**permalink**) 06-06-2006, 02:44 PM

Here is the log file. Its been awhile since I have done the ewido, do you want me to run that? The trial ran out do I have to have that to do the test?

Logfile of HijackThis v1.99.1
Scan saved at 6:41:44 AM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\regprot.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Aaren\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RegProt] c:\program files\regprot.exe /start
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://google.com/diskless/bin/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Neal · #5 (**permalink**) 06-06-2006, 10:00 PM

Yes do an Ewido scan, doesn't matter if trial has run out, you can still update and scan with it but it will not run in the background.

Before doing the scan disable spywareguard:

Disable SpywareGuard by right clicking the icon down by the clock and select "exit".

Kizzmit5 · #6 (**permalink**) 07-06-2006, 01:50 AM

Hi Neal,

Here is the log for Ewido

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:48:57 PM, 6/6/2006
+ Report-Checksum: C8CDADAD

+ Scan result:

C:\Documents and Settings\Aaren\Cookies\aaren@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@e-2dj6wjnywncpclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Aaren\Cookies\aaren@www.myaffiliateprogra m[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup

::Report End

Neal · #7 (**permalink**) 07-06-2006, 10:14 PM

All cookies, any better?

Kizzmit5 · #8 (**permalink**) 08-06-2006, 04:29 AM

actually I have been having internet explorer crashes. I clicked the "more information" when i send the report and it says it doesn't know the cause but that it could be plugins. how do I find out what should be there and what shouldn't?

When AVG comes on it alerts me to an item that killbox has in it. It can't heal it. Is it ok to have it there or do I have to delete it?

And I saw this on the hijackthis log, R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

does that mean I have a toolbar? I shouldn't have any toolbars because I uninstalled them all... or thought I did.

thanks for helping.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~

Here is one of the things I get from Neopets:

ERROR : Oops you have been directed to this page from the wrong place! If you KEEP getting this error, chances are you have some security settings enabled that are not letting you play Neopets correctly.

Click here to see some tips that might help you fix this problem.

Security Settings Help

You may be familiar with this message:

Oops you have been directed to this page from the wrong place! If you KEEP getting this error, chances are you have some security settings enabled that are not letting you play Neopets correctly.

This is usually caused by your computer having a Firewall or your security settings not being configured to work with the Neopets.com website. Not to worry, though! The below information should be able to help. Please read the following carefully and try each of the suggested tips. If all goes well, you should be surfing around Neopia in no time!

Firewall
Is it possible that you have a firewall such as Norton Internet Securities set up in your home or office? The firewall will block your computer from being able to access Neopets properly. You can try turning off the firewall temporarily for the duration of time you are using the Neopets website. Please check with your parents or administrators beforehand for permission.

If you have Norton Internet Security or Norton Personal Firewall 2004, you can change these settings in order to fix the problem.

Start Norton Internet Security or Norton Personal Firewall.
Click Ad Blocking, then click the yellow Configure button. The Ad Blocking window appears.
Click Advanced. The Advanced Web Contents Options dialog box appears.
Click Add Site. The New Site/Domain dialog box appears.
Type neopets.com and then click OK.
In the list of Web sites, locate neopets.com and click to highlight it.
Click the Global Settings tab.
In the "Information about your browser" section, uncheck "Use default settings," and then click "Permit."
In the "Information about visited sites" section, uncheck "Use default settings," and then click "Permit."
Click OK to close the Advanced Web Contents Options dialog box.
Click OK to close the Ad Blocking window.
Or if this does not work for you, go to the Norton Internet Security Website at http://www.symantec.com/techsupp/nis/

Windows XP and Internet Explorer
Are you perhaps using the latest version of Internet Explorer or Windows XP? If you have Windows XP, following these instructions should make the pages viewable:

First of all, please make sure you are able to use the Run command. If you are unable to use the Run command, please follow these instructions to enable the Run command to show up in the Start Menu:
Right click on the Taskbar
Select Properties
Click on the Start Menu Tab
Make sure that Start Menu is checked
Click Customize (that's right next to it)
Click on Advanced Tab
Scroll and make sure the box for the Run command is checked.
Now, go back to Start, then to Run and type the following: regsvr32 urlmon.dll and press Enter to execute it.

I don't have norton and as far as the rest goes, is that not a good idea to run the command? I don't want to cause any harm to my puter.

Neal · #9 (**permalink**) 08-06-2006, 06:25 PM

Post me a HJT log and...

Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

You definately have some yahoo stuff, includeing the toolbar showing in HJT.

Kizzmit5 · #10 (**permalink**) 08-06-2006, 06:58 PM

ok, here is the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:07 AM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\regprot.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aaren\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RegProt] c:\program files\regprot.exe /start
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://google.com/diskless/bin/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

and here is the uninstall list:

A4Tech iKeyWorks 7.66
Ad-Aware SE Personal
AVG Free Edition
CCleaner (remove only)
CEP - Color Enable Package
Charter High-Speed™ Self-Installation
C-Media 3D Audio
DivX
DivX Player
Entertainment NPCs, Starter Pack
ewido anti-malware
Faerie Bubbles Screen Saver
Heroes of Might and Magic III Complete
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
Kaspersky On-line Scanner
Logo Snow Fall Screen Saver
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Miscellaneous NPCs, Starter Pack
MSN Messenger 7.5
Nero Suite
Panda ActiveScan
PowerDVD
Q-Xpress Installer 1.0.81
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Shadow Usul Screen Saver
Sims2Pack Clean Installer
Slingo Wild 7's
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
The Sims Makin' Magic
The Sims Superstar
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB917425)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPatrol
WinRAR archiver
WooHoo NPCs, Starter Pack
Workers NPCs, Starter Pack
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar