re: Hijak This file scan--need advice Friday, December 5, 2003 at 11:15 pm Windows Me Annoyances Discussion Forum Posted by Ms. Eagle (33507 messages posted) Did you put any restrictions on this system, are you the sole user of this computer? Get back to me on that, and let me know how things go after you do these things. For one thing you system's infected with the "W32.Xabot.Worm" (SysInit - wininit32.exe). It's listed in your startups in at least a few places according to this log. After you fix the entries in Hijack This, you'll need to clear out your System Restore folder. You can check instr. on this site: http://securityresponse.symantec.com/avcenter/venc/data/w32.xabot.worm.html Run Hijack This again and select these. Have them fixed. Reboot. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by InsightBB.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = , F1 - win.ini: run=LXDBOXCP.EXE O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [SysInit] wininit32.exe O4 - HKLM\..\RunServices: [SysInit] wininit32.exe O4 - HKCU\..\Run: [SysInit] wininit32.exe O4 - Startup: OFFICE STARTUP.LNK = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: MICROSOFT FIND FAST.LNK = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://aft.ancestry.com/aftfiles/files/install/AncestryFamilyTree.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://64.154.221.61/ads/lsdialer.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: Yahoo! MLB StatTracker - http://aud7.sports.yahoo.com/java/y/mlbst8298_x.cab O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud12.sports.yahoo.com/java/y/nflgcst1008_x.cab O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab Written in response to: re: Hijak This file scan--need advice (Frank: Friday, December 5, 2003 at 7:58 pm) Responses to this message: re: Hijak This file scan--need advice (worm: Saturday, December 6, 2003 at 4:36 am) All messages in this thread [show all] Hijak This file scan--need advice (Frank: Fri, Dec 5, 2003, 2:51 pm) re: Hijak This file scan--need advice (Ms. Eagle: Fri, Dec 5, 2003, 3:52 pm) re: Hijak This file scan--need advice (worm: Fri, Dec 5, 2003, 4:32 pm) re: Hijak This file scan--need advice (Frank: Fri, Dec 5, 2003, 5:26 pm) re: Hijak This file scan--need advice (Ms. Eagle: Fri, Dec 5, 2003, 7:35 pm) re: Hijak This file scan--need advice (Frank: Fri, Dec 5, 2003, 7:58 pm) re: Hijak This file scan--need advice (Ms. Eagle: Fri, Dec 5, 2003, 11:15 pm) re: Hijak This file scan--need advice (worm: Sat, Dec 6, 2003, 4:36 am) re: Hijak This file scan--need advice (Frank: Sat, Dec 6, 2003, 6:44 am) re: Hijak This file scan--need advice (worm: Sat, Dec 6, 2003, 7:37 am) re: Hijak This file scan--need advice (Frank: Sat, Dec 6, 2003, 10:11 am) re: Hijak This file scan--need advice (Frank: Sat, Dec 6, 2003, 10:33 am) re: Hijak This file scan--need advice (worm: Sat, Dec 6, 2003, 10:53 am) re: Hijak This file scan--need advice (Frank: Sat, Dec 6, 2003, 11:06 am) re: Hijak This file scan--need advice (worm: Sat, Dec 6, 2003, 12:13 pm) re: Hijak This file scan--need advice (Ms. Eagle: Sat, Dec 6, 2003, 2:34 pm) re: Hijak This file scan--need advice (worm: Sat, Dec 6, 2003, 4:50 pm) re: Hijak This file scan--need advice (Ms. Eagle: Sat, Dec 6, 2003, 5:50 pm) re: Hijak This file scan--need advice (worm: Sun, Dec 7, 2003, 3:38 am) re: Hijak This file scan (Ms. Eagle: Sat, Dec 6, 2003, 6:27 pm) re: Hijak This file scan (worm: Sun, Dec 7, 2003, 3:32 am) re: Hijak This file scan--need advice (Ms. Eagle: Sat, Dec 6, 2003, 3:58 pm) re: Hijak This file scan--need advice (Frank: Sun, Dec 7, 2003, 9:27 am) re: Hijak This file scan--need advice (Ms. Eagle: Mon, Dec 8, 2003, 3:02 pm) That's not a big deal! (Ms. Eagle: Sat, Dec 6, 2003, 2:25 pm) re: That's not a big deal! (Frank: Sun, Dec 7, 2003, 9:18 am) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows Me Discussion Forum