I've run all the anti-virus/spyware/adware/trojan blocker software that is usually 
recommended (upgraded/dated and configured): Spybot, HijackThis, Norton Systemworks, 
and Blockers with my ISP (earthlink).  Searched and combed my computer (including 
registry) for anything and everything that even remotely resembles .dll/exe files 
and anything that could possibly be associated with the following:  PeopleOnPage(trojan), 
WildTangent(sysmonadware), and Atdmt, bluestreak, double click(cookies).

Here is where it started:  
 http://www.earthlink.net/spyaudit/
I ran this (due to 'funny' and slow actions on puter) and it came up with the above 
listed culprits.  

At some point I remember having agreed to the wildtanget, but have since removed 
*or thought I had* removed it.  The other three I have NO idea where they came from.
I uninstalled and reinstalled (required due to prior installation of spybot i think) 
my ISP spyware blocker (since my ISP provided the online 
test) and that didn't get it so I downloaded the Spybot and HT...still no progress. 
 Found these instructions for removal: http://www.pchell.com/support/peopleonpage.shtml
but I didn't register(that i'm aware of) and can find zero files related to it.  
I've tried the instuctions (most are pretty consistant) here to get rid of the others. 
 I also did the EIFIX.reg to hopefully restore a few things to default.  None of 
this has worked. 

System is VERY slow, fonts (online) are messed up, and a few options that 'seem' 
to be unrelated are just acting funny (would take way too long to describe here).

Does anyone have an idea of what info I am missing that I can't get rid of these 
last couple of things that are bugging the canola out of me?
Thanks,
Angela

PS..carl ...no matter what ...if you should respond to this one..i promise i won't 
get upset again ;)

Tip: Run a free scan for common Windows errors ad

re: PeopleOnPage, WildTangent and a couple other lil buggers... Tuesday, February 3, 2004 at 1:30 pm Posted by mojo7819 (5744 messages posted) Here is some info on wildtangent and people on page. http://www.kephyr.com/spywarescanner/library/apropos/index.phtml http://www.kephyr.com/spywarescanner/library/wildtangent/index.phtml Would also run CWShredder and run an online virus scan. An online scanner is available at: Trend Micro or Panda Stinger Symantec On Tuesday, February 3, 2004 at 12:35 pm, US_Blue wrote: >I've run all the anti-virus/spyware/adware/trojan blocker software that is usually >recommended (upgraded/dated and configured): Spybot, HijackThis, Norton Systemworks, >and Blockers with my ISP (earthlink). Searched and combed my computer (including >registry) for anything and everything that even remotely resembles .dll/exe files >and anything that could possibly be associated with the following: PeopleOnPage(trojan), >WildTangent(sysmonadware), and Atdmt, bluestreak, double click(cookies). > >Here is where it started: > http://www.earthlink.net/spyaudit/ >I ran this (due to 'funny' and slow actions on puter) and it came up with the above >listed culprits. > >At some point I remember having agreed to the wildtanget, but have since removed >*or thought I had* removed it. The other three I have NO idea where they came from. >I uninstalled and reinstalled (required due to prior installation of spybot i think) >my ISP spyware blocker (since my ISP provided the online >test) and that didn't get it so I downloaded the Spybot and HT...still no progress. > Found these instructions for removal: http://www.pchell.com/support/peopleonpage.shtml >but I didn't register(that i'm aware of) and can find zero files related to it. >I've tried the instuctions (most are pretty consistant) here to get rid of the others. > I also did the EIFIX.reg to hopefully restore a few things to default. None of >this has worked. > >System is VERY slow, fonts (online) are messed up, and a few options that 'seem' >to be unrelated are just acting funny (would take way too long to describe here). > >Does anyone have an idea of what info I am missing that I can't get rid of these >last couple of things that are bugging the canola out of me? >Thanks, >Angela > >PS..carl ...no matter what ...if you should respond to this one..i promise i won't >get upset again ;) > > [Reply or follow-up to this message] re: PeopleOnPage, WildTangent and a couple other lil buggers... Tuesday, February 3, 2004 at 6:34 pm Posted by Ms. Eagle (33507 messages posted) Hi again! Normally I'm not on the XP forum much, but I'm glad I decided to check things out. Btw, it's Carol not Carl. :) OK, you said you don't like clicking links, so I posted the name of the website. If you don't still have a copy of HijackThis, please download and run it again. You didn't post a log the last time for me to look at. I lost track of the link to your thread, too. I didn't know you had problems with WildTangent and People on Page. If you can, locate and uninstall those items mentioned on that page. You don't need to dig in the registry to remove those entries manually. HijackThis will show, where they're located and when selected, you can have them fixed. It creates a backup. There's also an option to generate a StartupList, if necessary. Please download 'HT'. Merijn.org - HijackThis Unzip 'HT' into a new folder. Close all browser windows and run it offline. Double click the .Exe file to run it. Choose Scan. It will display a list. Most of the things you see listed are necessary or required entries, so don't fix anything, until you know which items to fix. After the scan is finished, the Scan button will turn into Save Log. Press that and copy/paste the contents in a post. Before you post it, please be sure to check this below: Check this box to preserve your spacing.... [Reply or follow-up to this message] re: PeopleOnPage, WildTangent and a couple other lil buggers... Tuesday, February 3, 2004 at 6:42 pm Posted by werner (7087 messages posted) SpybotS&D needed about two or three trys to remove WILD TANGENT.Also asked to Run and did Run on Bootup(Twice)before all that Crud was removed.To turn off SYSTEMRESTORE while Fixing the Problem. On Tuesday, February 3, 2004 at 12:35 pm, US_Blue wrote: >I've run all the anti-virus/spyware/adware/trojan blocker software that is usually >recommended (upgraded/dated and configured): Spybot, HijackThis, Norton Systemworks, >and Blockers with my ISP (earthlink). Searched and combed my computer (including >registry) for anything and everything that even remotely resembles .dll/exe files >and anything that could possibly be associated with the following: PeopleOnPage(trojan), >WildTangent(sysmonadware), and Atdmt, bluestreak, double click(cookies). > >Here is where it started: > http://www.earthlink.net/spyaudit/ >I ran this (due to 'funny' and slow actions on puter) and it came up with the above >listed culprits. > >At some point I remember having agreed to the wildtanget, but have since removed >*or thought I had* removed it. The other three I have NO idea where they came from. >I uninstalled and reinstalled (required due to prior installation of spybot i think) >my ISP spyware blocker (since my ISP provided the online >test) and that didn't get it so I downloaded the Spybot and HT...still no progress. > Found these instructions for removal: http://www.pchell.com/support/peopleonpage.shtml >but I didn't register(that i'm aware of) and can find zero files related to it. >I've tried the instuctions (most are pretty consistant) here to get rid of the others. > I also did the EIFIX.reg to hopefully restore a few things to default. None of >this has worked. > >System is VERY slow, fonts (online) are messed up, and a few options that 'seem' >to be unrelated are just acting funny (would take way too long to describe here). > >Does anyone have an idea of what info I am missing that I can't get rid of these >last couple of things that are bugging the canola out of me? >Thanks, >Angela > >PS..carl ...no matter what ...if you should respond to this one..i promise i won't >get upset again ;) > > [Reply or follow-up to this message] re: PeopleOnPage, WildTangent and a couple other lil buggers... Tuesday, February 3, 2004 at 7:04 pm Posted by werner (7087 messages posted) PCHELL.COM has INFO on removing PEOPLEONPAGE.and is otherwise a pretty useful Site. On Tuesday, February 3, 2004 at 12:35 pm, US_Blue wrote: >I've run all the anti-virus/spyware/adware/trojan blocker software that is usually >recommended (upgraded/dated and configured): Spybot, HijackThis, Norton Systemworks, >and Blockers with my ISP (earthlink). Searched and combed my computer (including >registry) for anything and everything that even remotely resembles .dll/exe files >and anything that could possibly be associated with the following: PeopleOnPage(trojan), >WildTangent(sysmonadware), and Atdmt, bluestreak, double click(cookies). > >Here is where it started: > http://www.earthlink.net/spyaudit/ >I ran this (due to 'funny' and slow actions on puter) and it came up with the above >listed culprits. > >At some point I remember having agreed to the wildtanget, but have since removed >*or thought I had* removed it. The other three I have NO idea where they came from. >I uninstalled and reinstalled (required due to prior installation of spybot i think) >my ISP spyware blocker (since my ISP provided the online >test) and that didn't get it so I downloaded the Spybot and HT...still no progress. > Found these instructions for removal: http://www.pchell.com/support/peopleonpage.shtml >but I didn't register(that i'm aware of) and can find zero files related to it. >I've tried the instuctions (most are pretty consistant) here to get rid of the others. > I also did the EIFIX.reg to hopefully restore a few things to default. None of >this has worked. > >System is VERY slow, fonts (online) are messed up, and a few options that 'seem' >to be unrelated are just acting funny (would take way too long to describe here). > >Does anyone have an idea of what info I am missing that I can't get rid of these >last couple of things that are bugging the canola out of me? >Thanks, >Angela > >PS..carl ...no matter what ...if you should respond to this one..i promise i won't >get upset again ;) > > [Reply or follow-up to this message] PCHELL.com Wednesday, February 4, 2004 at 4:46 am Posted by US_Blue (5 messages posted) :( Went there...it tells you to 'unregister' (which I never knowingly registered in the first place) and tells you to go to the add/remove feature and delete the program that way. There is NO sign of this that I can find in any files or program list. So, unfortunately, this page doesn't help much here. Thank you for the information tho. That page is the ONLY page I have been able to find that even attempts to give directions specific to POP to remove it. Thanks, Raelyyn On Tuesday, February 3, 2004 at 7:04 pm, werner wrote: >PCHELL.COM has INFO on removing PEOPLEONPAGE.and is otherwise a pretty useful Site. > > :( Went there...it tells you to 'unregister' (which I never knowingly registered in the first place) and tells you to go to the add/remove feature and delete the program that way. There is NO sign of this that I can find in any files or program list. So, unfortunately, this page doesn't help much here. Thank you for the information tho. That page is the ONLY page I have been able to find that even attempts to give directions specific to POP to remove it. Thanks, Raelyyn [Reply or follow-up to this message] re: PeopleOnPage, WildTangent and a couple other lil buggers... Wednesday, February 4, 2004 at 4:51 am Posted by US_Blue (5 messages posted) Sorry about the typo on your name :( >I didn't know you had problems with WildTangent and People on Page. >If you can, locate and uninstall those items mentioned on that page. LOL I didn't know I had problems with them either! I was still having problems (like the internet options thing, chnage in position and items included on my toolbars, and change in online text size), so I did an online check just in case "IT" had changed something to prevent detection from what's on my puter. Here's what I've done: I've ran thru Spybot a few times and ran HiJackThis-see log below. Nothing shows up in either of those places, nor on the virus/spyware checker assoc. w/Norton or Earthlink(my ISP). BUT...when I run the online checkers The POP, WT, and a couple of cookie catchers show up. (The online checkers do just that...check!) The ISP and Norton checkers picked up the junk so I ran the ISP and Norton(Symantec) Blocker/Cleaner/Sweeper (whatever you want to call them!) to get rid of them but they didn't show up there :( After not finding it through SB, HT, and the others...I ran through every thing and "combed" through files (including hidden) and then the registry for any hint of these things and I just can't find anything at all related to them. That's where this frustration is...I Can't Find them!! But they show up only in the online checks :( So, there must be something somewhere on my puter for the online check to catch it. Before 'fixing' anything in HT, I config for back up and then, I found a site that lists what all the start up stuff is so not to get rid of the ones I need to keep and I also looked through the info items in HT for the same reason. The first 'log' is what I have saved (ignored) and the other is a list of what I've "fixed" ...together they are a complete list. I can send the start up list if you want/need me to...it's pretty long and I haven't had a chance to really look at it yet. Here goes (list of the ones I've ignored/saved): Logfile of HijackThis v1.97.7 Scan saved at 7:11:06 AM, on 2/4/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Softex\OmniPass\Omniserv.exe C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\HP\KBD\KBD.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\WINDOWS Power Toys for XP\taskswitch.exe C:\WINDOWS\System32\LVComS.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Documents and Settings\Owner\My Documents\DOWNLOADS\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINDOWS\System32\askbarAC.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\Program Files\WINDOWS Power Toys for XP\taskswitch.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0 O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Startup: PowerReg Scheduler V3.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} (AJ Installer Control) - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab What I fixed (I took off everything that I either didn't need/want/use or could not identify: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\pchbutton.exe O8 - Extra context menu item: Ask Jeeves Search - res://C:\WINDOWS\System32\askbarAC.dll/cmd-search-selection O8 - Extra context menu item: Dictionary Search - res://C:\WINDOWS\System32\askbarAC.dll/cmd-search-selection-word O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37999.8402893519 O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab Maybe you can see something that I've missed :( I'm just not seeing anything at all and it's got me stumped! I think I can figure out how to do screenshots if you need/want them and can cut/pste what ever else you might want to see. I appreciate you're helping me out here :) Thanks again CarOl :) Raelyyn [Reply or follow-up to this message] re: PeopleOnPage, WildTangent and a couple other lil buggers... Wednesday, February 4, 2004 at 8:54 pm Posted by Ms. Eagle (33507 messages posted) Oh boy, there's not one spyware app or any other baddie showing up in your log, with the exception of Earthlink's Popup blocker. It's ironic that they include Spysweeper, but install a trojan. ISP's can't be trusted anymore either. They're not the only one. I'll address these other things one at a time. You said, "when I run the online checkers The POP, WT, and a couple of cookie catchers show up. Atdmt, bluestreak, double click (cookies)" I don't know about Earthlink's online checker, but Spywareinfo has an online spyware scanner. I'd rather go by them. That website is the best resouce on the net for info. on spyware. Is that the ONLY reason you assume you have that problem with POP and WT? If so, I'd forget it, if you not having problems. Note: I suggest, if after doing these things, you still have problems, run HijackThis and hit the Config tab - Misc. Tools - choose generate a StartupList. It'll automatically save the log and open in Notepad. You can post it here if you want to. It sounds like you're familiar with using the Registry editor, and that log will show you what's located where in every startup location on your system. Off the subject: There's an application called "IESpyads", which is a registry file with a long list of URL's to add into the Restricted Zone. It's a reg file to merge, a host file. There's a download link on "Spywareinfo.com" site under spyware prevention software. You can read about it. I also use Jason Levine's Cookie Jar to manage cookies and easily clear them out (See URL below). A couple online Browser Security Checks: http://www.cyscape.com/showbrow.asp?all=1&bhcp=1 http://www.jasons-toolbox.com/BrowserSecurity/ActiveX.asp You said, "I also did the EIFIX.reg to hopefully restore a few things to default". You mean IEFix.reg, I assume? Anyhow, you missed a couple VERY important things in your log. Browser restrictions!! I'm surprised you didn't notice it in the HijackThis tutorial. Have these two entries fixed: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Fix this entry only, if you DO NOT use a Proxy Server: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 You can read the descriptions for these on Sysinfo site. You can search by pasting in the filename with the .exe extension. You may, or may not, want to restore the backups for these five 04 entries in Hijack This: O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\LogiTray.exe Sysinfo.org - startuplist You may want to remove this from startup, after checking the description>>> nopdb.exe (Symantec) http://www.answersthatwork.com/Tasklist_pages/tasklist.htm FYI, In Spyware Weekly, March 19, 2003, they had an article entitled "Earthlink's Pop-up Blocker A Trojan?" (Their newsletters are archived, in case you're interested) Quote: Worth looking into: "Earthlink program's Popup stopper is a Trojan and is very bad news. That's if you've installed one, that they may have advised you to do. Why Earthlink's Pop-Up Blocker is Very, Very Bad...." Earthlink Wants Total Access (to Your PC) http://www.pbs.org/cringely/pulpit/pulpit20030206.html {Snip} You don't have to install Earthlink's software CD, in order to have internet access through them. They don't tell people, unless you ask. AOL is the only IP that's an exception to the rule. Don't even get me started on AOL. LOL....All you need is a Dial-Up (or another type) connection set up and a browser. Btw, security experts are recommending (actually pleading with people) using Mozilla, Mozilla Firebird or Opera anything but Internet Explorer. [Reply or follow-up to this message] re: PeopleOnPage, WildTangent and a couple other lil buggers... Friday, February 6, 2004 at 2:10 am Posted by Ms. Eagle (33507 messages posted) Wow! I just came across this thread on the Spywareinfo forum. Let me know how you're doing. Wild Tangent in ....., ............new AOL IM ver. 5.5 http://forums.spywareinfo.com/index.php?showtopic=31524&st=0&#entry165729 [Reply or follow-up to this message] re: PeopleOnPage, WildTangent and a couple other lil buggers... Monday, October 10, 2005 at 11:19 am Posted by Marcos (1 messages posted) Hello All, Not at all an expert, can you tell me if there is anything here I need to be cocerned of after running HT? Logfile of HijackThis v1.99.1 Scan saved at 2:04:21 PM, on 10/10/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINNT\System32\svchost.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\s3hotkey.exe C:\WINNT\system32\S3trayhp.exe C:\WINNT\essspk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\My Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02bd27e9b992a1474a16/netzip/RdxIE601.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe On Friday, February 6, 2004 at 2:10 am, Carol J wrote: > > >Wow! I just came across this thread on the Spywareinfo forum. Let me know how you're >doing. > >Wild Tangent in ....., ............new AOL IM ver. 5.5 > >http://forums.spywareinfo.com/index.php?showtopic=31524&st=0&#entry165729 > [Reply or follow-up to this message] Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum