Jump to content


Photo

Can't quite shake homepage hijack


  • Please log in to reply
1 reply to this topic

#1 big dog otag

big dog otag

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 June 2004 - 04:10 PM

Please help! I've been trying to shake this for about a week. I've followed the latest forum advice including running the latest Ad-aware with deep scan options. It seemed to work, but after a reboot, came up dirty again. Tried CWSshredder, but I'm clearly pulling at straws here...

Here's my log. Many thanks!

Logfile of HijackThis v1.97.7
Scan saved at 5:07:22 PM, on 6/29/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\MYCIO\AGENT\MYAGTSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\WINDOWS\MYCIO\AGENT\MYAGTTRY.EXE
C:\WINDOWS\SYSTEM\CRTU.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\udyic.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presar...archbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...archbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\udyic.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\udyic.dll/sp.html#37049
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {64B60CF5-9CF6-9B27-C0AF-BFA5C1796482} - C:\WINDOWS\SYSTEM\MSBH32.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [CRTU.EXE] C:\WINDOWS\SYSTEM\CRTU.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MyCIO Agent Service] C:\WINDOWS\MYCIO\AGENT\MYAGTSVC.EXE /ServiceStart
O4 - HKLM\..\RunServices: [SYSPQ32.EXE] C:\WINDOWS\SYSTEM\SYSPQ32.EXE
O4 - HKLM\..\RunServices: [WINAL.EXE] C:\WINDOWS\SYSTEM\WINAL.EXE
O4 - HKLM\..\RunServices: [D3DZ32.EXE] C:\WINDOWS\D3DZ32.EXE
O4 - HKLM\..\RunServices: [APPGV32.EXE] C:\WINDOWS\APPGV32.EXE
O4 - HKLM\..\RunServices: [WINCF32.EXE] C:\WINDOWS\WINCF32.EXE
O4 - HKLM\..\RunServices: [MSBN32.EXE] C:\WINDOWS\SYSTEM\MSBN32.EXE
O4 - HKLM\..\RunServices: [APIIZ.EXE] C:\WINDOWS\APIIZ.EXE
O4 - HKLM\..\RunServices: [ADDQX32.EXE] C:\WINDOWS\SYSTEM\ADDQX32.EXE
O4 - HKLM\..\RunServices: [SDKBM.EXE] C:\WINDOWS\SYSTEM\SDKBM.EXE
O4 - HKLM\..\RunServices: [ATLOB.EXE] C:\WINDOWS\ATLOB.EXE
O4 - HKLM\..\RunServices: [JAVAJU.EXE] C:\WINDOWS\SYSTEM\JAVAJU.EXE
O4 - HKLM\..\RunServices: [ADDPV.EXE] C:\WINDOWS\ADDPV.EXE
O4 - HKLM\..\RunServices: [IENR.EXE] C:\WINDOWS\SYSTEM\IENR.EXE
O4 - HKLM\..\RunServices: [SYSDM.EXE] C:\WINDOWS\SYSDM.EXE
O4 - HKLM\..\RunServices: [APIXC32.EXE] C:\WINDOWS\SYSTEM\APIXC32.EXE
O4 - HKLM\..\RunServices: [APIUP32.EXE] C:\WINDOWS\APIUP32.EXE
O4 - HKLM\..\RunServices: [WINZJ.EXE] C:\WINDOWS\WINZJ.EXE
O4 - HKLM\..\RunServices: [APIPW.EXE] C:\WINDOWS\SYSTEM\APIPW.EXE
O4 - HKLM\..\RunServices: [ADDTL32.EXE] C:\WINDOWS\SYSTEM\ADDTL32.EXE
O4 - HKLM\..\RunServices: [SYSBF.EXE] C:\WINDOWS\SYSTEM\SYSBF.EXE
O4 - HKLM\..\RunServices: [MFCTC32.EXE] C:\WINDOWS\MFCTC32.EXE
O4 - HKLM\..\RunServices: [D3IR32.EXE] C:\WINDOWS\SYSTEM\D3IR32.EXE
O4 - HKLM\..\RunServices: [MFCWG.EXE] C:\WINDOWS\MFCWG.EXE
O4 - HKLM\..\RunServices: [SDKVH.EXE] C:\WINDOWS\SDKVH.EXE
O4 - HKLM\..\RunServices: [SYSTY32.EXE] C:\WINDOWS\SYSTEM\SYSTY32.EXE
O4 - HKLM\..\RunServices: [IPZD.EXE] C:\WINDOWS\IPZD.EXE
O4 - HKLM\..\RunServices: [APPFZ32.EXE] C:\WINDOWS\APPFZ32.EXE
O4 - HKLM\..\RunServices: [IESJ.EXE] C:\WINDOWS\IESJ.EXE
O4 - HKLM\..\RunServices: [CRKQ32.EXE] C:\WINDOWS\CRKQ32.EXE
O4 - HKLM\..\RunServices: [NTID32.EXE] C:\WINDOWS\NTID32.EXE
O4 - HKLM\..\RunServices: [NETJX.EXE] C:\WINDOWS\NETJX.EXE
O4 - HKLM\..\RunServices: [ADDPV32.EXE] C:\WINDOWS\ADDPV32.EXE
O4 - HKLM\..\RunServices: [MFCXB.EXE] C:\WINDOWS\MFCXB.EXE
O4 - HKLM\..\RunServices: [SYSOJ.EXE] C:\WINDOWS\SYSOJ.EXE
O4 - HKLM\..\RunServices: [IPLB.EXE] C:\WINDOWS\SYSTEM\IPLB.EXE
O4 - HKLM\..\RunServices: [D3LQ.EXE] C:\WINDOWS\D3LQ.EXE
O4 - HKLM\..\RunServices: [IEZT32.EXE] C:\WINDOWS\IEZT32.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://www.comcastsu...ad/tgctlins.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://66.115.191.15...WebMonProj1.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscanasap.cli...in/myCioAgt.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8111.7274652778

#2 big dog otag

big dog otag

    Member

  • New Member
  • Pip
  • 2 posts

Posted 30 June 2004 - 07:59 PM

I stopped using IE (using Netscape 7.1), ran Ad-aware, About:Buster, but I'm still getting infected after each reboot. So, I reran AD-aware and Hijack this. Here is my log. Please help!

Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 8:56:03 PM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\MYCIO\AGENT\MYAGTSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\WINDOWS\MYCIO\AGENT\MYAGTTRY.EXE
C:\WINDOWS\SYSTEM\CRTU.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presar...archbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...archbar&LC=0409
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.comcast.net"); (C:\Program Files\Netscape\Users\rostertag99@comcast.net\prefs.js)
O2 - BHO: (no name) - {38EA8712-9AED-82F9-0AB9-F1B2A69B4EDB} - C:\WINDOWS\IESH.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [CRTU.EXE] C:\WINDOWS\SYSTEM\CRTU.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MyCIO Agent Service] C:\WINDOWS\MYCIO\AGENT\MYAGTSVC.EXE /ServiceStart
O4 - HKLM\..\RunServices: [SYSPQ32.EXE] C:\WINDOWS\SYSTEM\SYSPQ32.EXE
O4 - HKLM\..\RunServices: [WINAL.EXE] C:\WINDOWS\SYSTEM\WINAL.EXE
O4 - HKLM\..\RunServices: [D3DZ32.EXE] C:\WINDOWS\D3DZ32.EXE
O4 - HKLM\..\RunServices: [APPGV32.EXE] C:\WINDOWS\APPGV32.EXE
O4 - HKLM\..\RunServices: [WINCF32.EXE] C:\WINDOWS\WINCF32.EXE
O4 - HKLM\..\RunServices: [MSBN32.EXE] C:\WINDOWS\SYSTEM\MSBN32.EXE
O4 - HKLM\..\RunServices: [APIIZ.EXE] C:\WINDOWS\APIIZ.EXE
O4 - HKLM\..\RunServices: [ADDQX32.EXE] C:\WINDOWS\SYSTEM\ADDQX32.EXE
O4 - HKLM\..\RunServices: [SDKBM.EXE] C:\WINDOWS\SYSTEM\SDKBM.EXE
O4 - HKLM\..\RunServices: [ATLOB.EXE] C:\WINDOWS\ATLOB.EXE
O4 - HKLM\..\RunServices: [JAVAJU.EXE] C:\WINDOWS\SYSTEM\JAVAJU.EXE
O4 - HKLM\..\RunServices: [ADDPV.EXE] C:\WINDOWS\ADDPV.EXE
O4 - HKLM\..\RunServices: [IENR.EXE] C:\WINDOWS\SYSTEM\IENR.EXE
O4 - HKLM\..\RunServices: [SYSDM.EXE] C:\WINDOWS\SYSDM.EXE
O4 - HKLM\..\RunServices: [APIXC32.EXE] C:\WINDOWS\SYSTEM\APIXC32.EXE
O4 - HKLM\..\RunServices: [APIUP32.EXE] C:\WINDOWS\APIUP32.EXE
O4 - HKLM\..\RunServices: [WINZJ.EXE] C:\WINDOWS\WINZJ.EXE
O4 - HKLM\..\RunServices: [APIPW.EXE] C:\WINDOWS\SYSTEM\APIPW.EXE
O4 - HKLM\..\RunServices: [ADDTL32.EXE] C:\WINDOWS\SYSTEM\ADDTL32.EXE
O4 - HKLM\..\RunServices: [SYSBF.EXE] C:\WINDOWS\SYSTEM\SYSBF.EXE
O4 - HKLM\..\RunServices: [MFCTC32.EXE] C:\WINDOWS\MFCTC32.EXE
O4 - HKLM\..\RunServices: [D3IR32.EXE] C:\WINDOWS\SYSTEM\D3IR32.EXE
O4 - HKLM\..\RunServices: [MFCWG.EXE] C:\WINDOWS\MFCWG.EXE
O4 - HKLM\..\RunServices: [SDKVH.EXE] C:\WINDOWS\SDKVH.EXE
O4 - HKLM\..\RunServices: [SYSTY32.EXE] C:\WINDOWS\SYSTEM\SYSTY32.EXE
O4 - HKLM\..\RunServices: [IPZD.EXE] C:\WINDOWS\IPZD.EXE
O4 - HKLM\..\RunServices: [APPFZ32.EXE] C:\WINDOWS\APPFZ32.EXE
O4 - HKLM\..\RunServices: [IESJ.EXE] C:\WINDOWS\IESJ.EXE
O4 - HKLM\..\RunServices: [CRKQ32.EXE] C:\WINDOWS\CRKQ32.EXE
O4 - HKLM\..\RunServices: [NTID32.EXE] C:\WINDOWS\NTID32.EXE
O4 - HKLM\..\RunServices: [NETJX.EXE] C:\WINDOWS\NETJX.EXE
O4 - HKLM\..\RunServices: [ADDPV32.EXE] C:\WINDOWS\ADDPV32.EXE
O4 - HKLM\..\RunServices: [MFCXB.EXE] C:\WINDOWS\MFCXB.EXE
O4 - HKLM\..\RunServices: [SYSOJ.EXE] C:\WINDOWS\SYSOJ.EXE
O4 - HKLM\..\RunServices: [IPLB.EXE] C:\WINDOWS\SYSTEM\IPLB.EXE
O4 - HKLM\..\RunServices: [D3LQ.EXE] C:\WINDOWS\D3LQ.EXE
O4 - HKLM\..\RunServices: [IEZT32.EXE] C:\WINDOWS\IEZT32.EXE
O4 - HKLM\..\RunServices: [IPUY.EXE] C:\WINDOWS\SYSTEM\IPUY.EXE
O4 - HKLM\..\RunServices: [ATLEL32.EXE] C:\WINDOWS\SYSTEM\ATLEL32.EXE
O4 - HKLM\..\RunServices: [SDKCE32.EXE] C:\WINDOWS\SDKCE32.EXE
O4 - HKLM\..\RunServices: [MFCHY.EXE] C:\WINDOWS\MFCHY.EXE
O4 - HKLM\..\RunServices: [D3XC32.EXE] C:\WINDOWS\D3XC32.EXE
O4 - HKLM\..\RunServices: [ADDHY32.EXE] C:\WINDOWS\SYSTEM\ADDHY32.EXE
O4 - HKLM\..\RunServices: [NTSJ32.EXE] C:\WINDOWS\NTSJ32.EXE
O4 - HKLM\..\RunServices: [ATLLV.EXE] C:\WINDOWS\SYSTEM\ATLLV.EXE
O4 - HKLM\..\RunServices: [MSYS32.EXE] C:\WINDOWS\SYSTEM\MSYS32.EXE
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscanasap.cli...in/myCioAgt.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8111.7274652778




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button