# Pop up ads on my desktop



## Gary300 (Jul 4, 2003)

I have run spybot search and destroy and I have also run adaware and I am still getting 10 to 20 pop ups on my desktop, it is driving me insane!!!!!!!!


If I start my system and let it idle for a 1/2 hour or so..when I return my comp, I have 20 pop up ads on my desktop.


What's going on???

Can anyone help me??


----------



## sweetcheekies (Aug 23, 2001)

what version of adaware are u using? have u done a virus check? I had a virus a while back that did that to me. if not try using noads.. or a popup ad killer. those things are a blessing. 

not much help but maybe a bit.


----------



## Gary300 (Jul 4, 2003)

Hi,

Thanks for the quick response. I have the free version of pop up killer. I ran a virus check with AVG 6.0 - I don't know how accurate that is, I downloaded it from the internet free.


noads?


Gary


----------



## sweetcheekies (Aug 23, 2001)

noads is a pop up killer and very easy to use. what version of adaware? i have found that if u run anything less that version 6 it don't catch all of the spyware anymore.


----------



## Gary300 (Jul 4, 2003)

adaware 6.0


These pop ups are COUNTER AND IE


It seems like my pop up killer destroys all pop ups but the ones mentioned above.


----------



## sweetcheekies (Aug 23, 2001)

that seems like the virus I had.. have u tried housecall a free online virus checker?

here is the link
http://housecall.trendmicro.com/housecall/start_corp.asp


----------



## Gary300 (Jul 4, 2003)

Thanks,

I'm looking into that now.


----------



## Gary300 (Jul 4, 2003)

oops!!!


forgot to mention...


IF this is a virus..could it be deadly?


----------



## sweetcheekies (Aug 23, 2001)

no . its a nothing virus.. it just likes to throw pop ups at u constantly.


----------



## Gary300 (Jul 4, 2003)

i was running the anti-virus you gave me..and i started getting pop ups...i'm guessing maybe 50 or 60 started coming from everywhere...it got so bad, it performed an illegal operation on my IE. (MyGeek) was the file name on the message error.

I looked it up and there is a mygeek.dll


----------



## sweetcheekies (Aug 23, 2001)

from what I can tell they are huge spammers.. therein lies ur problem from what I can tell.. let me check out a few things and see how we can get rid of it for u.


----------



## Top Banana (Nov 11, 2002)

Download HijackThis. Unzip, run, "Scan", "Scan" changes to "Save log". Save the log and copy and paste the HijackThis log into your next post.

Do not fix anything in HijackThis. Most entries will be harmless.


----------



## JohnWill (Oct 19, 2002)

If you don't have a firewall, download one NOW! Are these Messenger Popups? If so, the firewall will stop them cold. Here's the link for ZoneAlarm http://www.zonelabs.com/


----------



## Gary300 (Jul 4, 2003)

I tried www.hijackthis.com and when i went to download it..it says I need a BDEViewer?


----------



## Gary300 (Jul 4, 2003)

No! I meant i clicked on your Hijackthis and tried to download what you said. and to unzip a file I need a BDEViewer.


----------



## Top Banana (Nov 11, 2002)

To unzip, rightclick, "Extract All". If not available get WinZip or QuickZip.


----------



## Gary300 (Jul 4, 2003)

I ran that antivirus sweetcheekies told me to perform. It found (1) infected file 


ADW TENGET.A Program Files/File SubmitKingpin

What do I do now?

After the test was performed, it said "Non cleanable"


----------



## sweetcheekies (Aug 23, 2001)

from what i have found have u done the hijack program yet? anywhere I have found anything about that ( not many) it says to run hijack. so do as earlier mentioned then we will see if that fixes it.


----------



## sweetcheekies (Aug 23, 2001)

is kingpin a program on your computer? a game or what.. and is that exactly what housecalls stated?


----------



## sweetcheekies (Aug 23, 2001)

gary go here there is someone who had the same problem.. this is the only thing i can find on it.

http://www.computing.net/security/wwwboard/forum/5765.html


----------



## Gary300 (Jul 4, 2003)

yes thats what housecall stated. I deleted the empty folder. I am guessing...the ADW TENGET.A 

I think that might be the virus that was sending all of those pop up ads.

I don't recall having a program or game called "kingpin theme"


----------



## Gary300 (Jul 4, 2003)

Logfile of HijackThis v1.95.1
Scan saved at 10:06:12 PM, on 7/31/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\SYSLOG\SYSLOG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\QUICKZIP\QUICKZIP.EXE
C:\WINDOWS\TEMP\QZTEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.unipages.cc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-o-matic.mygeek.com/som_sidesearch.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://search.unipages.cc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.unipages.cc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-o-matic.mygeek.com/som_sidesearch.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Adelphia
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/search.php?qq=%s (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\,HomeOldSP = http://www.unipages.cc/
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O1 - Hosts: 193.125.201.50 ie.search.msn.com
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\WINSHOW.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O3 - Toolbar: (no name) - {82599E0A-8C81-11d7-9F97-0050FC5441CB} - C:\WINDOWS\SYSTEM\shdocvw.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\Tuner\bin\motmon.exe
O4 - HKLM\..\Run: [syslog lptt01] "c:\program files\syslog\syslog.exe"
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [PopUpInspector] C:\PROGRAM FILES\GIANT COMPANY SOFTWARE INC\POPUP INSPECTOR\POPUPINSPECTOR.exe
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Linked Ima&ges - C:\Program Files\IEimage\IEimage.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Stop popups from this web page - C:\PROGRAM FILES\GIANT COMPANY SOFTWARE INC\POPUP INSPECTOR\denysite.htm
O9 - Extra button: Linked Images (HKLM)
O9 - Extra 'Tools' menuitem: Linked Ima&ges (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O13 - DefaultPrefix: http://193.125.201.50/?trk=
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37618.6560416667
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: Yahoo! Chat (Shockwave Flash Object) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn1.adsdk.com/bannerfarm/42833/VbouncerOuter1123030507.exe
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/010a922ee2e3219e2915/netzip/RdxIE601.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/payload2.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/25751de8bf8689/housecall.antivirus.com/housecall/xscan53.cab


----------



## Top Banana (Nov 11, 2002)

Download RapidBlaster Killer. This will terminate and remove RapidBlaster.

Scan with HijackThis, put a checkmark at and "Fix checked" the following entries. Close all windows except HijackThis before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.unipages.cc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-o-matic.mygeek.com/som_sidesearch.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://search.unipages.cc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.unipages.cc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-o-matic.mygeek.com/som_sidesearch.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/search.php?qq=%s (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\,HomeOldSP = http://www.unipages.cc/
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O1 - Hosts: 193.125.201.50 ie.search.msn.com
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\WINSHOW.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O3 - Toolbar: (no name) - {82599E0A-8C81-11d7-9F97-0050FC5441CB} - C:\WINDOWS\SYSTEM\shdocvw.dll
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [winmain] winmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O13 - DefaultPrefix: http://193.125.201.50/?trk=
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn1.adsdk.com/bannerfarm/42...r1123030507.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/010a922ee2e321...ip/RdxIE601.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...B8108/turbo.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...08/payload2.cab

Restart your computer.

Download Spybot S&D. Update SS&D via the "Online" tab. Search for and download all updates. Close all browser windows, hit "Check for problems". After scan hit "Fix selected problems".


----------



## NiteHawk (Mar 9, 2003)

O4 - HKLM\..\Run: [winmain] winmain.exe
Would indicate the the Yaha worm. You may need more than HJT to get rid of it.

See this page to read about and get the removal tool. The link to the tool is towards the bottom of the page.

Go here and download and run the removal tool:

http://securityresponse.symantec.co...moval.tool.html


----------



## Gary300 (Jul 4, 2003)

I want to thank you guys for all of your help. It seems as of right now the pop up ads are gone.

I think running hijackthis did the trick.

Thanks top banana!

A stupid question, but I might as well throw it out there.
Wad there a program within the files shown in hijackthis that was sending those ads?


----------



## Top Banana (Nov 11, 2002)

Wad there a program within the files shown in hijackthis that was sending those ads?

syslog.exe and stcloader.exe.


----------



## Gary300 (Jul 4, 2003)

I left my computer idle for 4 hours and when I came home..
THERE IS NOT A MILLION ADS ON MY DESKTOP!!!!!!!!!
I was so tired of clicking my life away to get rid of those.



I HAVE BEEN SAVED!!!


Everything you told me to check and fix in hijackthis, should I delete those files completely? I noticed when I tried to delete them...a message came on saying...DELETE ONLY IF YOU REALLY WANT TO..and something about....YOU WILL BE SORRY IF YOU DELETE A FILE THAT YOU MAY NEED LATER ON......ect.


----------



## NiteHawk (Mar 9, 2003)

Top Banana did well for you!! Glad to hear you are running pop-up free 

HJT keeps a back up list of things that have been removed. If you click on the Config button and then the Backups button you will see the list of everything that was deleted.

If you wish to be on the safe side, keep these items in the backups file for a week or two, then if you don't see any arrors crying for something you deleted, you can safely deep 6 them.

Keep in mind that some programs like Kazaa and Morpheus have spyware so deeply embedded in them that they will not function without the spyware. In my opinion, if a program needs spyware to function, it's not worth having.


----------



## psyintific (Aug 12, 2003)

i read some of the previous messages so i ran hijack and this is my log i didnt know if i should delete the same things as other people or not so i was wondering if anyone could help me so here is my log

Logfile of HijackThis v1.96.0
Scan saved at 10:50:24 PM, on 08/11/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\uptodate.exe
C:\WINNT\System32\hphmon04.exe
D:\User data\HP imaging\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\wjview.exe
C:\WINNT\system32\rundll32.exe
D:\User data\HP imaging\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINNT\System32\HPHipm11.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\Program Files\websearch\websearch.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\excite\PrvtMsgr\bin\X8PLAY.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\excite\PrvtMsgr\bin\X8PLAY.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidebar.smarter.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.smarter.com/index.php?sidebar=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidebar.smarter.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.smarter.com/index.php?sidebar=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.smarter.com/index.php?sidebar=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.smarter.com/index.php?sidebar=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\Program Files\CommonName\Toolbar\CNBabe.dll (file missing)
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\ipinsigt.dll
O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINNT\MSView.DLL
O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINNT\System32\mpz300.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_20.dll
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINNT\System\BHO001.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sentry] C:\WINNT\Sentry.exe
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINNT\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\User data\HP imaging\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [websearch] wjview /cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: Browser Pal Toolbar (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/02b063a105a9af9bf505/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/en/oneclick/uninstbb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37738.8813078704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab


----------



## twill (Jul 29, 2003)

Hey psyintific, go to http://spybot.eon.net.au/
This is a great website for a free spyware/adware remover. It doesn't list the stuff you don't want to remove and almost only the things that you do want.

If you have any problems with this, just post.


----------



## psyintific (Aug 12, 2003)

hey thanks twill im going to check into that now


----------

