0

Blingo has hijacked my windows 2000 Dell Dimesnsion 4500S. I have followed lots of advice and still IE opens to it everytime. Here is the latest log. Please help.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:19:34 PM 6/14/2002

+ Scan result:

HKLM\SOFTWARE\Classes\AdultBar.AdultBar -> Adware.Adultlinks : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AdultBar.AdultBar.1 -> Adware.Adultlinks : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AdultBar.AdultBar\CLSID -> Adware.Adultlinks : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AdultBar.AdultBar\CurVer -> Adware.Adultlinks : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch -> Adware.Adultlinks : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch.1 -> Adware.Adultlinks : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch\CLSID -> Adware.Adultlinks : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch\CurVer -> Adware.Adultlinks : Cleaned with backup (quarantined).
C:\WINNT\system32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\javex80.vxd/C:/WINNT/system32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Applications\funcade.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Applications\funcade.exe\shell -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\ShopperReports\Bin -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\ShopperReports\Bin\1.0.4.0 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\ShopperReports\Bin\1.0.5.0 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINNT\system32\fljqifsh.exe -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbHostIE.Bho -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbHostIE.Bho.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbHostIE.Bho\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbHostIE.Bho\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbHostOL.HbWebmailSend.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\Hotbar\Install -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINNT\system32\lkawypov.exe -> Adware.Shopper : Cleaned with backup (quarantined).
C:\Downloads\FishTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\installer_funcade.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\installer_funcade.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\counter.cab/counter.exe -> Dropper.Small.ls : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Lucas\Local Settings\Temporary Internet Files\QaBar.cab/QaBar.dll -> Hijacker.Qabar.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Lucas\Local Settings\Temporary Internet Files\QaBar.dll -> Hijacker.Qabar.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@247realmedia[1].txt[/email] -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@cnn.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@msnportal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@partygaming.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@aavalue[1].txt[/email] -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@adc.aavalue[1].txt[/email] -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ads.addynamix[2].txt[/email] -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Mr Lucas\Cookies\mr [email]lucas@rotator.adjuggler[2].txt[/email] -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@rotator.adjuggler[2].txt[/email] -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@www.adobe[1].txt[/email] -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@z1.adserver[1].txt[/email] -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@adtech[2].txt[/email] -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@advertising[2].txt[/email] -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@bfast[1].txt[/email] -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@bluestreak[2].txt[/email] -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@www.burstbeacon[1].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@www.burstnet[1].txt[/email] -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@casalemedia[2].txt[/email] -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ads.cnn[1].txt[/email] -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@data.coremetrics[1].txt[/email] -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@test.coremetrics[1].txt[/email] -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@cpvfeed[1].txt[/email] -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@e-2dj6wfkywnc5ilo.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@adopt.euroclick[1].txt[/email] -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@fastclick[2].txt[/email] -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@media.fastclick[1].txt[/email] -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ehg-dig.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ehg-highlights.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ehg-housevaluesinc.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ehg-knightridder.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ehg-traderpublishing.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@kmpads[2].txt[/email] -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@sales.liveperson[2].txt[/email] -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@server.iad.liveperson[2].txt[/email] -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@mediaplex[1].txt[/email] -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@search.msn[2].txt[/email] -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Mr Lucas\Cookies\mr [email]lucas@ssl-hints.netflame[2].txt[/email] -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@data1.perf.overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ads.pointroll[1].txt[/email] -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@realmedia[2].txt[/email] -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@revsci[1].txt[/email] -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@edge.ru4[2].txt[/email] -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@serving-sys[1].txt[/email] -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@statcounter[1].txt[/email] -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@anad.tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@tribalfusion[1].txt[/email] -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@statse.webtrendslive[2].txt[/email] -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mr Lucas\Local Settings\Temp\Cookies\mr [email]lucas@zedo[1].txt[/email] -> TrackingCookie.Zedo : Cleaned.


::Report end

2
Contributors
10
Replies
11
Views
10 Years
Discussion Span
Last Post by gerbil
0

Luke, toss us a hijackthis log, will you?
HiJackThis:
==download hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe.
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

0

Logfile of HijackThis v1.99.1
Scan saved at 9:04:16 AM, on 7/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\imabunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/?src=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.africare.org"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Help - {01E07129-B123-4782-93F2-F8719D489F9F} - http://online.comcast.net/help/ (file missing) (HKCU)
O9 - Extra button: Support - {1AF7EF0F-C3D5-438F-A97E-921A49D3D95B} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {520E9540-EAE3-4B93-914D-451EEA4046E7} - http://www.comcast.net/ (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\VerizonDSL\Netscape\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\Program Files\VerizonDSL\Netscape\Program\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c6/v15.591/qboax9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
O23 - Service: Webroot SpySweeper Service (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

0

Luke, start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/?src=hp
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Help - {01E07129-B123-4782-93F2-F8719D489F9F} - http://online.comcast.net/help/ (file missing) (HKCU)
O9 - Extra button: Support - {1AF7EF0F-C3D5-438F-A97E-921A49D3D95B} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {520E9540-EAE3-4B93-914D-451EEA4046E7} - http://www.comcast.net/ (file missing) (HKCU)

Good. Blingone?

0

Blingo BeBACK! Here is the log...
Logfile of HijackThis v1.99.1
Scan saved at 10:58:00 AM, on 7/8/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\imabunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/?src=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.africare.org"); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\System32\shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\VerizonDSL\Netscape\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\Program Files\VerizonDSL\Netscape\Program\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c6/v15.591/qboax9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
O23 - Service: Webroot SpySweeper Service (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

0

You did fix that R0 entry, right? Well, I don't know - blingo is not listed as malicious, only as a BHO and toolbar item, so removing those items should kill it.
No entry in add/remove pgms, or in your pgm files [check the subfolder Common Files also] ? Big Fish...?

0

Yes, I fixed that RO entry but it will not go away. I have looked in the common files and erased Big Fish. Any suggestions on what to do now. Is there anyone out there who has even heard of BLINGO??

0

Hmm. start hijackthis, open Misc Tools section, check the topmost box "list minor sections" and press Generate Startuplist log. Pls post that.

0

Per your instructions here is the detail you reequested. Thanks.

StartupList report, 7/11/2007, 5:04:24 PM
StartupList version: 1.52.2
Started from : C:\imabunny.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\imabunny.exe
C:\WINNT\System32\cidaemon.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
vptray = C:\Program Files\NavNT\vptray.exe
Webroot Spy Sweeper, Enterprise Edition = C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
IgfxTray = C:\WINNT\system32\igfxtray.exe
HotKeysCmds = C:\WINNT\system32\hkcmd.exe
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
PhotoShow Deluxe Media Manager = C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\System32\ssflwbox.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[QuickBooks Online Edition Utilities Class v9]
InProcServer32 = C:\WINNT\Downloaded Program Files\qboax9.dll
CODEBASE = https://accounting.quickbooks.com/c6/v15.591/qboax9.cab

[ZoneIntro Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINNT\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 5,058 bytes
Report generated in 1.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

0

Oh... I was not looking for this... and I missed it! Please fix this entry with hijackthis, but do NOT delete the file!!
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\System32\shdocvw.dll

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.