Please Help Me Remove Downloader.Agent.BF

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by UpNorthChick, Jun 29, 2004.

  1. UpNorthChick

    UpNorthChick Private E-2

    Ok I have this virus running rampant in my computer lol. I have tried everything that I could think of and have but to no avail. Avg finds it but cannot do anything about it. I also found a new program in my add / remove programs .. it is .. Home Search Assistent (exact spelling) .. Pleaseeeee help me .. oh and im no computer expert so if you say to put a "tick" somewhere tell me if that means on or off lol ... Here is my latest HJT log

    Logfile of HijackThis v1.97.7
    Scan saved at 11:34:24 PM, on 6/29/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\d3bb32.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    C:\WINDOWS\webshots.scr
    C:\WINDOWS\System32\LVComS.exe
    C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\continentalhc\My Documents\Hijack\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eznic.dll/sp.html#37680
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://eznic.dll/index.html#37680
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://eznic.dll/index.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eznic.dll/sp.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://eznic.dll/index.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eznic.dll/sp.html#37680
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {EFC9626F-F99C-FF8F-1E87-9F02800DA3C2} - C:\WINDOWS\system32\ntdw.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [d3bb32.exe] C:\WINDOWS\d3bb32.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKLM\..\RunOnce: [ntiy32.exe] C:\WINDOWS\system32\ntiy32.exe
    O4 - HKLM\..\RunOnce: [appkj32.exe] C:\WINDOWS\appkj32.exe
    O4 - HKLM\..\RunOnce: [d3ec.exe] C:\WINDOWS\d3ec.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: 3 Point Showdown by pogo - http://threepoint01.pogo.com/applet/threepoint/threepoint-ob-assets.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://temp35.pogo.com/applet/slots/alibaba-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.4.18/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Bump by pogo - http://play09.pogo.com/applet/bump/bump-ob-assets.cab
    O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/checkers2/checkers-ob-assets.cab
    O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.8.4.18/chess2/chess2-ob-assets.cab
    O16 - DPF: Command and Conquer Comanche by pogo - http://ccstrike.pogo.com/applet/ccstrike/ccstrike-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.5.21/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
    O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3.26/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://solitaire44.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5.21/hearts/hearts-ob-assets.cab
    O16 - DPF: Heavy Cannon by pogo - http://play15.pogo.com/applet/heavycannon/heavycannon-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.3.20/drawpoker/drawpoker-ob-assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.1.28/pool2/pool-ob-assets.cab
    O16 - DPF: Highland Golf by pogo - http://golf01.pogo.com/applet/golf/golf-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet/itsoutofhere/itsoutofhere-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke03.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.3.26/gin/gin-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.3.20/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.18/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.8.5.21/waterwheel/waterwheel-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/flinger/flinger-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://solitaire22.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.3.26/poppit/poppit-ob-assets.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: Quick Shot by pogo - http://quickshot01.pogo.com/applet/quickshot/quickshot-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.8.3.26/slots/showbiz2-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.4.18/slots/showbiz-ob-assets.cab
    O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.18/spades/spades-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://solitaire11.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.com/applet-5.8.3.20/holdem/holdem-ob-assets.cab
    O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/simball-ob-assets.cab
    O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
    O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo.com/applet-5.8.2.19/topdown2/topdown2-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.3.20/peaks/peaks-ob-assets.cab
    O16 - DPF: Tube Runner by pogo - http://play05.pogo.com/applet/tube/tube-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2.19/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo02.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Vert Skater by pogo - http://vertskater.pogo.com/applet/vertskater/vertskater-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker04.pogo.com/applet-5.8.2.19/videopoker2/videopoker-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.3.26/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8.4.24/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.4.24/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} (IEplugin Class) - http://www.mrketing.biz/IE_plugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play09.pogo.com/game/deluxe/zuma/popcaploader_v5.cab
     
    UpNorthChick, Jun 29, 2004
    #1
  2. UpNorthChick

    UpNorthChick Private E-2

    Please can someone help me =( Here is a new Hijacker log taken just now


    Logfile of HijackThis v1.97.7
    Scan saved at 11:03:31 AM, on 6/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\WINDOWS\webshots.scr
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\continentalhc\My Documents\Hijack\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imjxc.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://imjxc.dll/index.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://imjxc.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imjxc.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://imjxc.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\imjxc.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {EFC9626F-F99C-FF8F-1E87-9F02800DA3C2} - C:\WINDOWS\system32\ntdw.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [d3bb32.exe] C:\WINDOWS\d3bb32.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: 3 Point Showdown by pogo - http://threepoint01.pogo.com/applet/threepoint/threepoint-ob-assets.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://temp35.pogo.com/applet/slots/alibaba-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.4.18/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Bump by pogo - http://play09.pogo.com/applet/bump/bump-ob-assets.cab
    O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/checkers2/checkers-ob-assets.cab
    O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.8.4.18/chess2/chess2-ob-assets.cab
    O16 - DPF: Command and Conquer Comanche by pogo - http://ccstrike.pogo.com/applet/ccstrike/ccstrike-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.5.21/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
    O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3.26/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://solitaire44.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5.21/hearts/hearts-ob-assets.cab
    O16 - DPF: Heavy Cannon by pogo - http://play15.pogo.com/applet/heavycannon/heavycannon-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.3.20/drawpoker/drawpoker-ob-assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.1.28/pool2/pool-ob-assets.cab
    O16 - DPF: Highland Golf by pogo - http://golf01.pogo.com/applet/golf/golf-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet/itsoutofhere/itsoutofhere-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke03.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.3.26/gin/gin-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.3.20/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.18/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.8.5.21/waterwheel/waterwheel-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/flinger/flinger-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://solitaire22.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.3.26/poppit/poppit-ob-assets.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: Quick Shot by pogo - http://quickshot01.pogo.com/applet/quickshot/quickshot-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.8.3.26/slots/showbiz2-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.4.18/slots/showbiz-ob-assets.cab
    O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.18/spades/spades-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://solitaire11.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.com/applet-5.8.3.20/holdem/holdem-ob-assets.cab
    O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/simball-ob-assets.cab
    O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
    O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo.com/applet-5.8.2.19/topdown2/topdown2-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.3.20/peaks/peaks-ob-assets.cab
    O16 - DPF: Tube Runner by pogo - http://play05.pogo.com/applet/tube/tube-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2.19/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo02.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Vert Skater by pogo - http://vertskater.pogo.com/applet/vertskater/vertskater-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker04.pogo.com/applet-5.8.2.19/videopoker2/videopoker-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.3.26/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8.4.24/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.4.24/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} (IEplugin Class) - http://www.mrketing.biz/IE_plugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play09.pogo.com/game/deluxe/zuma/popcaploader_v5.cab
     
    UpNorthChick, Jun 30, 2004
    #2
  3. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Major Attitude, Jun 30, 2004
    #3
  4. UpNorthChick

    UpNorthChick Private E-2

    I am sorry I just became a memeber yesterday and I am not sure how the forum works, I was just posting like a friend had told me to, to see if I could get help
     
    UpNorthChick, Jun 30, 2004
    #4
  5. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    No probs.. we all had our first steps into the world of Forums at some stage, best peice of advice I can give you is to use the search function ( helps me out alot in finding fixes ) and read over some of the current threads as most of the time especially in the spyware section they are mostly about the current threats.

    follow the Majors advice and follow the steps in the thread he linked to and if you have further questions or feel you are getting lost in what steps to take... post a question back in this your thead adn someone will help you through it.


    another thing popin to this section as there is great info on all subjects, spyware, virii etc etc (well worth a read) http://www.majorgeeks.com/vb/forumdisplay.php?f=33
     
    DavidGP, Jun 30, 2004
    #5
  6. UpNorthChick

    UpNorthChick Private E-2

    Ok I read, and printed off Majors advice for the Generic Solution for Only the Best Hijacker .. I am soooo lost on #7 and #8 ... I am new to this stuff, and I have no idea whatsoever as to what to delete and not delete from my computer .. Here is my latest HJT log can someone give me a clue, hold my hand, anything? lol


    Logfile of HijackThis v1.97.7
    Scan saved at 1:06:45 PM, on 6/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    C:\WINDOWS\webshots.scr
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\continentalhc\My Documents\Hijack\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imjxc.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://imjxc.dll/index.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://imjxc.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imjxc.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://imjxc.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\imjxc.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {EFC9626F-F99C-FF8F-1E87-9F02800DA3C2} - C:\WINDOWS\system32\ntdw.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [d3bb32.exe] C:\WINDOWS\d3bb32.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: 3 Point Showdown by pogo - http://threepoint01.pogo.com/applet/threepoint/threepoint-ob-assets.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://temp35.pogo.com/applet/slots/alibaba-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.4.18/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Bump by pogo - http://play09.pogo.com/applet/bump/bump-ob-assets.cab
    O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/checkers2/checkers-ob-assets.cab
    O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.8.4.18/chess2/chess2-ob-assets.cab
    O16 - DPF: Command and Conquer Comanche by pogo - http://ccstrike.pogo.com/applet/ccstrike/ccstrike-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.5.21/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
    O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3.26/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://solitaire44.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5.21/hearts/hearts-ob-assets.cab
    O16 - DPF: Heavy Cannon by pogo - http://play15.pogo.com/applet/heavycannon/heavycannon-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.3.20/drawpoker/drawpoker-ob-assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.1.28/pool2/pool-ob-assets.cab
    O16 - DPF: Highland Golf by pogo - http://golf01.pogo.com/applet/golf/golf-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet/itsoutofhere/itsoutofhere-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke03.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.3.26/gin/gin-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.3.20/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.18/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.8.5.21/waterwheel/waterwheel-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/flinger/flinger-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://solitaire22.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.3.26/poppit/poppit-ob-assets.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: Quick Shot by pogo - http://quickshot01.pogo.com/applet/quickshot/quickshot-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.8.3.26/slots/showbiz2-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.4.18/slots/showbiz-ob-assets.cab
    O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.18/spades/spades-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://solitaire11.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.com/applet-5.8.3.20/holdem/holdem-ob-assets.cab
    O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/simball-ob-assets.cab
    O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
    O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo.com/applet-5.8.2.19/topdown2/topdown2-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.3.20/peaks/peaks-ob-assets.cab
    O16 - DPF: Tube Runner by pogo - http://play05.pogo.com/applet/tube/tube-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2.19/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo02.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Vert Skater by pogo - http://vertskater.pogo.com/applet/vertskater/vertskater-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker04.pogo.com/applet-5.8.2.19/videopoker2/videopoker-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.3.26/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8.4.24/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.4.24/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} (IEplugin Class) - http://www.mrketing.biz/IE_plugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play09.pogo.com/game/deluxe/zuma/popcaploader_v5.cab
     
    UpNorthChick, Jun 30, 2004
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This should help you:

    This is the file for Step 5:
    C:\WINDOWS\imjxc.dll

    This is your BHO for step 7:
    O2 - BHO: (no name) - {EFC9626F-F99C-FF8F-1E87-9F02800DA3C2} - C:\WINDOWS\system32\ntdw.dll

    This is the only EXE I see for step 8:
    O4 - HKLM\..\Run: [d3bb32.exe] C:\WINDOWS\d3bb32.exe

    These are the lines for step 12:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imjxc.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://imjxc.dll/index.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://imjxc.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\imjxc.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://imjxc.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\imjxc.dll/sp.html#37049
     
    chaslang, Jun 30, 2004
    #7
  8. UpNorthChick

    UpNorthChick Private E-2

    Ok with your help I finally got through all of Majors steps and did everything it said. This is my new HJT log and so far everything looks ok when I rebooted the computer in normal mode. Does it look like I got everything now?

    Logfile of HijackThis v1.97.7
    Scan saved at 5:40:03 PM, on 6/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    C:\WINDOWS\webshots.scr
    C:\WINDOWS\System32\LVComS.exe
    C:\Documents and Settings\continentalhc\My Documents\Hijack\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.majorgeeks.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: 3 Point Showdown by pogo - http://threepoint01.pogo.com/applet/threepoint/threepoint-ob-assets.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://temp35.pogo.com/applet/slots/alibaba-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.4.18/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Bump by pogo - http://play09.pogo.com/applet/bump/bump-ob-assets.cab
    O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/checkers2/checkers-ob-assets.cab
    O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.8.4.18/chess2/chess2-ob-assets.cab
    O16 - DPF: Command and Conquer Comanche by pogo - http://ccstrike.pogo.com/applet/ccstrike/ccstrike-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.5.21/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
    O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3.26/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://solitaire44.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5.21/hearts/hearts-ob-assets.cab
    O16 - DPF: Heavy Cannon by pogo - http://play15.pogo.com/applet/heavycannon/heavycannon-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.3.20/drawpoker/drawpoker-ob-assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.1.28/pool2/pool-ob-assets.cab
    O16 - DPF: Highland Golf by pogo - http://golf01.pogo.com/applet/golf/golf-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet/itsoutofhere/itsoutofhere-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke03.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.3.26/gin/gin-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.3.20/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.18/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.8.5.21/waterwheel/waterwheel-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/flinger/flinger-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://solitaire22.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.3.26/poppit/poppit-ob-assets.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: Quick Shot by pogo - http://quickshot01.pogo.com/applet/quickshot/quickshot-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.8.3.26/slots/showbiz2-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.4.18/slots/showbiz-ob-assets.cab
    O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.18/spades/spades-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://solitaire11.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.com/applet-5.8.3.20/holdem/holdem-ob-assets.cab
    O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/simball-ob-assets.cab
    O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
    O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo.com/applet-5.8.2.19/topdown2/topdown2-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.3.20/peaks/peaks-ob-assets.cab
    O16 - DPF: Tube Runner by pogo - http://play05.pogo.com/applet/tube/tube-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2.19/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game6.pogo.com/applet-5.8.5.28/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Vert Skater by pogo - http://vertskater.pogo.com/applet/vertskater/vertskater-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker04.pogo.com/applet-5.8.2.19/videopoker2/videopoker-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.3.26/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8.4.24/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.4.24/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} (IEplugin Class) - http://www.mrketing.biz/IE_plugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play09.pogo.com/game/deluxe/zuma/popcaploader_v5.cab
     
    UpNorthChick, Jun 30, 2004
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I would suggest having HijaakThis fix this line too:
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...Transporter.cab?


    Other than that, your log looks okay but do you really want all that pogo.com crap. Game playing on line can be an easy place to get all kinds of bad stuff.
     
    chaslang, Jun 30, 2004
    #9
  10. UpNorthChick

    UpNorthChick Private E-2

    Thank you for all of your help, each and every one of you!!! I am so glad I found a place to help me and be patient enough to explain some steps to me since im so computer dumb lol. Thank You !!!!
     
    UpNorthChick, Jul 1, 2004
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    How is everything working? By the way, where is UpNorth?
     
    chaslang, Jul 1, 2004
    #11
  12. UpNorthChick

    UpNorthChick Private E-2

    Everything seems to be working fine now I am just so greatful for all of the help! I haven't had a single popup and my homepage isn't hijacked anymore. UpNorth is in Northern Michigan
     
    UpNorthChick, Jul 1, 2004
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's good news!

    Okay that is North! I guess it's staying light out pretty late into the evening by you.
     
    chaslang, Jul 1, 2004
    #13
  14. UpNorthChick

    UpNorthChick Private E-2

    Yes it is. Darkness doesnt come around until 9:30 or so now its nice for the summer and for the kids .
     
    UpNorthChick, Jul 1, 2004
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds