Hijackthis [Archive] - GameMecca Forums

TNT Tonic

01-22-2004, 03:55 AM

Just wondering if anyone could tell me what's not supposed to be here.

Logfile of HijackThis v1.97.7
Scan saved at 9:48:39 PM, on 1/21/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRA~1\LOGITECH\WINGMA~1\Lwinst.exe -d -l "C:\PROGRA~1\LOGITECH\WINGMA~1\Lwpevntm.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7920.6345717593 (http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37920.6345717593)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab (http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab)?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

Slice

01-22-2004, 04:09 AM

Get rid of WeatherBug!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! It is one of the biggest spyware bvllsh!t scams going.

<<Hybrid>>

01-22-2004, 02:57 PM

download spybot, i think its free

i really hate weatherbug and gator

Death Engineer

01-22-2004, 04:14 PM

Originally posted by Slice@Jan 21 2004, 11:09 PM
Get rid of WeatherBug!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! It is one of the biggest spyware bvllsh!t scams going.
I would disagree. At least it gives you theo ption not to install the additional software. Also, I don't have it run at startup. Never had a problem with it and it never sends any outgoing messages according to my firewall.

<<Hybrid>>

01-22-2004, 04:51 PM

Originally posted by Death Engineer+Jan 22 2004, 06:14 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Death Engineer @ Jan 22 2004, 06:14 PM)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-Slice@Jan 21 2004, 11:09 PM
Get rid of WeatherBug!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  It is one of the biggest spyware bvllsh!t scams going.
I would disagree. At least it gives you theo ption not to install the additional software. Also, I don't have it run at startup. Never had a problem with it and it never sends any outgoing messages according to my firewall. [/b][/quote]
but why its detected as spyware?

Death-Dude

01-22-2004, 07:36 PM

Originally posted by <<Hybrid>>@Jan 22 2004, 08:57 AM
download spybot, i think its free

i really hate weatherbug and gator
I hate GATOR and GAIN with a passion....and I recently installed them. My 22 month old girl was jacking with the keyboard, so I typed in "ggogle" instead of "google", hit CTRL+Enter, and got redirected to a site that had a Gator pop-up asking for permission. Missy-Poo hit Enter, and away we went: Gain, Gator, Date Manager, Precision Time, CMEIISys (whatever that is)and one other that escapes me now ..ALL INSTALLED! I was so pissed. They don't have uninstalls from the program group, some had them in the folders they were installed in, but two of them involved scraping the registry. One uninstall bopped me to a 'comment' page for Gator, asking what I thought of their software, and I unloaded. What really gets me about them, is the trouble they cause people who have no idea what they are really agreeing to, like the "extra" programs they install and load up to run all the time.

<<Hybrid>>

01-22-2004, 09:14 PM

Originally posted by Death-Dude+Jan 22 2004, 09:36 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Death-Dude @ Jan 22 2004, 09:36 PM)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-<<Hybrid>>@Jan 22 2004, 08:57 AM
download spybot, i think its free

i really hate weatherbug and gator
I hate GATOR and GAIN with a passion....and I recently installed them. My 22 month old girl was jacking with the keyboard, so I typed in "ggogle" instead of "google", hit CTRL+Enter, and got redirected to a site that had a Gator pop-up asking for permission. Missy-Poo hit Enter, and away we went: Gain, Gator, Date Manager, Precision Time, CMEIISys (whatever that is)and one other that escapes me now ..ALL INSTALLED! I was so pissed. They don't have uninstalls from the program group, some had them in the folders they were installed in, but two of them involved scraping the registry. One uninstall bopped me to a 'comment' page for Gator, asking what I thought of their software, and I unloaded. What really gets me about them, is the trouble they cause people who have no idea what they are really agreeing to, like the "extra" programs they install and load up to run all the time. [/b][/quote]
you can try to deactive thrm at registry, then remove from startup, and then delete folders where they are hiding (mostly at program files/comon files/internet explorer)

but registry changing is extremely danger for PC to work

Had to reinstall when deleted somthing from regedit. (cant remind what that was)

Death-Dude

01-22-2004, 09:43 PM

Originally posted by <<Hybrid>>+Jan 22 2004, 03:14 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (<<Hybrid>> @ Jan 22 2004, 03:14 PM)</td></tr><tr><td id='QUOTE'>
Originally posted by Death-Dude@Jan 22 2004, 09:36 PM
<!--QuoteBegin-<<Hybrid>>@Jan 22 2004, 08:57 AM
download spybot, i think its free

i really hate weatherbug and gator
I hate GATOR and GAIN with a passion....and I recently installed them. My 22 month old girl was jacking with the keyboard, so I typed in "ggogle" instead of "google", hit CTRL+Enter, and got redirected to a site that had a Gator pop-up asking for permission. Missy-Poo hit Enter, and away we went: Gain, Gator, Date Manager, Precision Time, CMEIISys (whatever that is)and one other that escapes me now ..ALL INSTALLED! I was so pissed. They don't have uninstalls from the program group, some had them in the folders they were installed in, but two of them involved scraping the registry. One uninstall bopped me to a 'comment' page for Gator, asking what I thought of their software, and I unloaded. What really gets me about them, is the trouble they cause people who have no idea what they are really agreeing to, like the "extra" programs they install and load up to run all the time.
you can try to deactive thrm at registry, then remove from startup, and then delete folders where they are hiding (mostly at program files/comon files/internet explorer)

but registry changing is extremely danger for PC to work

Had to reinstall when deleted somthing from regedit. (cant remind what that was) [/b][/quote]
I did the uninstalls that were there in the folders, either Program Files, or Common Files, then did the Windows uninstall if they remained, and looked for them starting up in the Start Up folder, and msconfig, and everywhee I could think to look. I think it was CMEsys that was still stubborn, so I went to the registry for that. I ditched all the folders they put in, of course. Then I searched the registry for GAIN and Gator, and found a few more values, which I deleted. I backed up the registry first in case I hose myself.

Slice

01-22-2004, 11:40 PM

Originally posted by Death Engineer+Jan 22 2004, 12:14 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Death Engineer @ Jan 22 2004, 12:14 PM)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-Slice@Jan 21 2004, 11:09 PM
Get rid of WeatherBug!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!* It is one of the biggest spyware bvllsh!t scams going.
I would disagree. At least it gives you theo ption not to install the additional software. Also, I don't have it run at startup. Never had a problem with it and it never sends any outgoing messages according to my firewall. [/b][/quote]
I think that any pop up that wants to install something should be illegal. If you want to install something go visit the website. I have a friend that installed weather bug and not knowingly he let it install all the bs along with it. Well it screwed his computer up and he had to reformat. :down: