• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
richard_c

searchbar

5 posts in this topic

Please can someone help, I've got a searchbar appeared on my pc and keep getting lots of pop ups.

 

I've run csw and adware but they've not helped, any help much appreciated.

 

Thanks

 

Logfile of HijackThis v1.97.7

Scan saved at 18:06:53, on 04/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\OfficeScan NT\ntrtscan.exe

C:\OfficeScan NT\tmlisten.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\OfficeScan NT\pccntmon.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\documents and settings\richard cv\local settings\temp\v8hzyx.exe

C:\documents and settings\richard cv\local settings\temp\8v.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Maximizer\Mxalarm.exe

C:\Program Files\Maximizer\Mxfinder.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dp-him.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\uptodate.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\System32\linetobj.exe

C:\WINDOWS\System32\cdmrpres.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\PROGRA~1\WHENUS~1\Search.exe

C:\Program Files\Save\Save.exe

C:\Program Files\SysAI\SysAI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\CLOCKS~1\Sync.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Data RCV\1. RCV Mngt\Tools\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\System32\inetp60.dll

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [v8hzyx.exe] C:\documents and settings\richard cv\local settings\temp\v8hzyx.exe

O4 - HKLM\..\Run: [8v.exe] C:\documents and settings\richard cv\local settings\temp\8v.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [zbctww] C:\WINDOWS\System32\kbpkxl.exe

O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe

O4 - HKLM\..\Run: [t64U3mO] linetobj.exe

O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

O4 - HKCU\..\Run: [cxv8Rgi3X] cdmrpres.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe

O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - file://C:\install.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bridgethorne.com

O17 - HKLM\Software\..\Telephony: DomainName = bridgethorne.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bridgethorne.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bridgethorne.com

Share this post


Link to post
Share on other sites

Download AdAware from http://www.lavasoft.de/

 

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

 

Make sure the following settings are made and on (ON=GREEN)

 

From main window click "Start" then " Activate in-depth scan"

 

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

 

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning", "Cleaning engine" and "Let windows remove files in use at next reboot"

 

To save your settings click "proceed".

 

Now click the "Scan" button.

 

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

 

reboot again, and let Adaware run if it asks.

 

Then rescan with Hijack this, and post a fresh log.

Share this post


Link to post
Share on other sites

Dave

Thanks for your help, this is the log you wanted. i've also included the log from the adware programme. It shows ten items found, I've run this a couple of times now and I think they keep reoccuring.

 

Logfile of HijackThis v1.97.7

Scan saved at 19:21:29, on 05/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\OfficeScan NT\ntrtscan.exe

C:\OfficeScan NT\tmlisten.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\OfficeScan NT\pccntmon.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\documents and settings\richard cv\local settings\temp\v8hzyx.exe

C:\documents and settings\richard cv\local settings\temp\8v.exe

C:\WINDOWS\System32\kbpkxl.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Maximizer\Mxalarm.exe

C:\Program Files\Maximizer\Mxfinder.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Data RCV\1. RCV Mngt\Tools\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [v8hzyx.exe] C:\documents and settings\richard cv\local settings\temp\v8hzyx.exe

O4 - HKLM\..\Run: [8v.exe] C:\documents and settings\richard cv\local settings\temp\8v.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [zbctww] C:\WINDOWS\System32\kbpkxl.exe

O4 - HKLM\..\Run: [t64U3mO] linetobj.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe

O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - file://C:\install.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bridgethorne.com

O17 - HKLM\Software\..\Telephony: DomainName = bridgethorne.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bridgethorne.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bridgethorne.com

 

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :05 July 2004 19:10:52

Created with Ad-aware Personal, free for private use.

Using reference-file :01R326 01.07.2004

______________________________________________________

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

 

 

05-07-2004 19:10:52 - Scan started. (Smart mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 05-07-2004 17:36:20

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 05-07-2004 17:36:24

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 05-07-2004 17:36:24

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 29/08/2002 02:00:00

Last accessed : 05/07/2004 17:36:20

Last modified : 29/08/2002 02:00:00

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 05-07-2004 17:36:24

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 29/08/2002 02:00:00

Last accessed : 05/07/2004 17:36:20

Last modified : 29/08/2002 02:00:00

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 05-07-2004 17:36:24

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 29/08/2002 02:00:00

Last accessed : 05/07/2004 17:36:20

Last modified : 29/08/2002 02:00:00

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 05-07-2004 17:36:24

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 29/08/2002 02:00:00

Last accessed : 05/07/2004 17:36:20

Last modified : 29/08/2002 02:00:00

 

#:7 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 05-07-2004 17:36:25

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 29/08/2002 02:00:00

Last accessed : 05/07/2004 17:36:20

Last modified : 29/08/2002 02:00:00

 

#:8 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 05-07-2004 17:36:33

BasePriority : Normal

FileSize : 128 KB

Created on : 23/09/2002 12:50:33

Last accessed : 05/07/2004 17:36:20

Last modified : 11/06/2002 22:38:54

 

#:9 [cvpnd.exe]

FilePath : C:\Program Files\Cisco Systems\VPN Client\

ThreadCreationTime : 05-07-2004 17:36:33

BasePriority : Normal

FileSize : 1380 KB

FileVersion : 4.0.1 (Rel)

ProductVersion : 4.0.1 (Rel)

Copyright : Copyright

CompanyName : Cisco Systems, Inc.

FileDescription : Cisco Systems VPN Client

InternalName : cvpnd

OriginalFilename : CVPND.EXE

ProductName : Cisco Systems VPN Client

Created on : 22/01/2004 14:09:08

Last accessed : 05/07/2004 17:36:20

Last modified : 07/05/2003 13:21:00

 

#:10 [hpconfig.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 05-07-2004 17:36:33

BasePriority : Normal

FileSize : 148 KB

FileVersion : 3, 0, 1, 8

ProductVersion : 3, 0, 1, 8

Copyright : Hewlett-Packard Copyright © 1999-2002

CompanyName : Hewlett-Packard

FileDescription : HPConfig Module

InternalName : HPConfig

OriginalFilename : HPConfig.EXE

ProductName : HPConfig Module

Created on : 23/09/2002 13:07:05

Last accessed : 05/07/2004 17:36:20

Last modified : 15/08/2002 17:11:00

 

#:11 [hpwirelessmgr.exe]

FilePath : C:\Program Files\HPQ\Notebook Utilities\

ThreadCreationTime : 05-07-2004 17:36:33

BasePriority : Normal

FileSize : 52 KB

FileVersion : 1, 0, 0, 7

ProductVersion : 1, 0, 0, 7

Copyright : Hewlett-Packard Copyright 2002

CompanyName : Hewlett-Packard Co.

FileDescription : HPWirelessMgr Module

InternalName : HPWirelessMgr

OriginalFilename : HPWirelessMgr.EXE

ProductName : HPWirelessMgr Module

Created on : 23/09/2002 13:07:16

Last accessed : 05/07/2004 17:36:20

Last modified : 14/01/2003 21:12:14

 

#:12 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\

ThreadCreationTime : 05-07-2004 17:36:34

BasePriority : Normal

FileSize : 264 KB

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

Copyright : Copyright © Microsoft Corp. 1997-2000

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

OriginalFilename : mdm.exe

ProductName : Microsoft Development Environment

Created on : 23/02/2001 10:07:30

Last accessed : 05/07/2004 17:36:20

Last modified : 23/02/2001 10:07:30

 

#:13 [ntrtscan.exe]

FilePath : C:\OfficeScan NT\

ThreadCreationTime : 05-07-2004 17:36:34

BasePriority : Normal

FileSize : 400 KB

FileVersion : 5.02.0.1010

ProductVersion : 5.02.0

Copyright : Copyright © 1998-2002 Trend Micro Inc. All rights reserved.

CompanyName : Trend Micro Inc.

ProductName : Trend OfficeScan 5.02

Created on : 02/05/2002 16:11:24

Last accessed : 05/07/2004 17:36:20

Last modified : 02/05/2002 16:11:24

 

#:14 [tmlisten.exe]

FilePath : C:\OfficeScan NT\

ThreadCreationTime : 05-07-2004 17:36:34

BasePriority : Normal

FileSize : 192 KB

Created on : 02/05/2002 15:50:38

Last accessed : 05/07/2004 17:36:20

Last modified : 02/05/2002 15:50:38

 

#:15 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 05-07-2004 17:36:39

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 29/08/2002 02:00:00

Last accessed : 05/07/2004 17:36:40

Last modified : 29/08/2002 02:00:00

 

#:16 [onetouch.exe]

FilePath : C:\Program Files\HPQ\One-Touch\

ThreadCreationTime : 05-07-2004 17:36:55

BasePriority : Normal

FileSize : 104 KB

FileVersion : 1.6.8.0

ProductVersion : 1.6.8.0

Copyright : Copyright

CompanyName : Dritek System Inc.

FileDescription : One-Touch

InternalName : OneTouch

OriginalFilename : OneTouch.exe

ProductName : Dritek System Inc. OneTouch 01.30.2003 ( VC60 )

Created on : 30/01/2003 22:53:10

Last accessed : 05/07/2004 17:36:20

Last modified : 30/01/2003 22:53:10

 

#:17 [carpserv.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 05-07-2004 17:36:55

BasePriority : Normal

FileSize : 4 KB

FileVersion : 5.03.09.00

ProductVersion : 5.03.09.00

Copyright : Copyright

CompanyName : Conexant Systems

FileDescription : carpserv

InternalName : carpserv

OriginalFilename : carpserv.exe

ProductName : Conexant carpserv

Created on : 23/09/2002 12:50:39

Last accessed : 05/07/2004 17:36:20

Last modified : 12/03/2003 01:00:00

 

#:18 [directcd.exe]

FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\

ThreadCreationTime : 05-07-2004 17:36:57

BasePriority : Normal

FileSize : 668 KB

FileVersion : 5.3.5.10

ProductVersion : 5.3.5.10

Copyright : Copyright © 2001-2003, Roxio, Inc.

CompanyName : Roxio

FileDescription : DirectCD Application

InternalName : DirectCD

OriginalFilename : Directcd.exe

ProductName : DirectCD

Created on : 26/03/2003 11:15:24

Last accessed : 05/07/2004 17:36:20

Last modified : 26/03/2003 11:15:24

 

#:19 [type32.exe]

FilePath : C:\Program Files\Microsoft IntelliType Pro\

ThreadCreationTime : 05-07-2004 17:36:57

BasePriority : Normal

FileSize : 112 KB

FileVersion : 5.00.174.0

ProductVersion : 5.0

CompanyName : Microsoft Corporation

FileDescription : Type32.exe

InternalName : Type32.exe

OriginalFilename : Type32.exe

ProductName : Microsoft IntelliType Pro

Created on : 15/05/2003 16:45:54

Last accessed : 05/07/2004 17:36:20

Last modified : 15/05/2003 16:45:54

 

#:20 [point32.exe]

FilePath : C:\Program Files\Microsoft IntelliPoint\

ThreadCreationTime : 05-07-2004 17:36:58

BasePriority : Normal

FileSize : 160 KB

FileVersion : 5.00.174.0

ProductVersion : 5.0

CompanyName : Microsoft Corporation

FileDescription : Point32.exe

InternalName : Point32.exe

OriginalFilename : Point32.exe

ProductName : Microsoft IntelliPoint

Created on : 15/05/2003 16:41:16

Last accessed : 05/07/2004 17:36:20

Last modified : 15/05/2003 16:41:16

 

#:21 [pccntmon.exe]

FilePath : C:\OfficeScan NT\

ThreadCreationTime : 05-07-2004 17:37:01

BasePriority : Normal

FileSize : 436 KB

FileVersion : 5.02.0.1010

ProductVersion : 5.02.0

Copyright : Copyright © 1998-2002 Trend Micro Inc. All rights reserved.

CompanyName : Trend Micro Inc.

FileDescription : I/O Monitor

InternalName : PCCNTMON

OriginalFilename : PCCNTMON.EXE

ProductName : Trend OfficeScan 5.02

Created on : 02/05/2002 16:11:26

Last accessed : 05/07/2004 17:36:22

Last modified : 02/05/2002 16:11:26

 

#:22 [hpztsb04.exe]

FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\

ThreadCreationTime : 05-07-2004 17:37:02

BasePriority : Normal

FileSize : 192 KB

FileVersion : 2,80,0,0

ProductVersion : 2,80,0,0

Copyright : Copyright © Hewlett-Packard Company 1999-2001

CompanyName : HP

ProductName : HP DeskJet

Created on : 21/06/2004 19:14:32

Last accessed : 05/07/2004 17:36:22

Last modified : 14/12/2001 16:17:59

 

#:23 [v8hzyx.exe]

FilePath : C:\documents and settings\richard cv\local settings\temp\

ThreadCreationTime : 05-07-2004 17:37:03

BasePriority : Normal

FileSize : 228 KB

Created on : 04/07/2004 14:28:27

Last accessed : 05/07/2004 17:36:22

Last modified : 04/07/2004 14:28:27

 

#:24 [8v.exe]

FilePath : C:\documents and settings\richard cv\local settings\temp\

ThreadCreationTime : 05-07-2004 17:37:04

BasePriority : Normal

FileSize : 228 KB

Created on : 04/07/2004 14:28:35

Last accessed : 05/07/2004 17:36:22

Last modified : 04/07/2004 14:28:35

 

#:25 [kbpkxl.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 05-07-2004 17:37:05

BasePriority : Normal

FileSize : 37 KB

Created on : 04/07/2004 16:55:34

Last accessed : 05/07/2004 17:36:22

Last modified : 21/05/2004 17:02:58

 

#:26 [wcescomm.exe]

FilePath : C:\Program Files\Microsoft ActiveSync\

ThreadCreationTime : 05-07-2004 17:37:07

BasePriority : Normal

FileSize : 368 KB

FileVersion : 3.7.1.3244

ProductVersion : 3.7.3244

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Connection Manager

InternalName : wcescomm

OriginalFilename : WCESCOMM.EXE

ProductName : Microsoft ActiveSync

Created on : 08/01/2004 11:40:51

Last accessed : 05/07/2004 17:36:22

Last modified : 01/09/2003 18:52:42

 

#:27 [ctfmon.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 05-07-2004 17:37:08

BasePriority : Normal

FileSize : 13 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

OriginalFilename : CTFMON.EXE

ProductName : Microsoft

Created on : 29/08/2002 02:00:00

Last accessed : 05/07/2004 17:36:22

Last modified : 29/08/2002 02:00:00

 

#:28 [mxalarm.exe]

FilePath : C:\Program Files\Maximizer\

ThreadCreationTime : 05-07-2004 17:37:31

BasePriority : Normal

FileSize : 120 KB

FileVersion : 7.0.1218.48

ProductVersion : 7.0.1218.48

Copyright : Copyright

CompanyName : Multiactive Software Inc.

FileDescription : MaxAlarm main executable

InternalName : MaxAlarm

OriginalFilename : MxAlarm.exe

ProductName : Maximizer

Created on : 01/03/2004 13:59:25

Last accessed : 05/07/2004 17:37:31

Last modified : 19/04/2002 12:18:00

 

#:29 [mxfinder.exe]

FilePath : C:\Program Files\Maximizer\

ThreadCreationTime : 05-07-2004 17:37:32

BasePriority : Normal

FileSize : 88 KB

FileVersion : 7.0.1218.50

ProductVersion : 7.0.1218.50

Copyright : Copyright

CompanyName : Multiactive Software Inc.

FileDescription : MaxFinder main executable

InternalName : MaxFinder

OriginalFilename : Mxfinder.exe

ProductName : Maximizer

Created on : 01/03/2004 13:59:25

Last accessed : 05/07/2004 17:37:32

Last modified : 19/04/2002 12:18:00

 

#:30 [nkvmon.exe]

FilePath : C:\Program Files\Nikon\NkView6\

ThreadCreationTime : 05-07-2004 17:37:32

BasePriority : Normal

FileSize : 236 KB

FileVersion : 6, 1, 0, 3002

ProductVersion : 6, 1

Copyright : Copyright © Nikon Corporation. 1998 - 2003

CompanyName : Nikon Corporation

FileDescription : Nikon Monitor

InternalName : NkvMon

OriginalFilename : NkvMon.exe

ProductName : Nikon Monitor

Created on : 01/03/2004 20:21:20

Last accessed : 05/07/2004 17:37:32

Last modified : 11/07/2003 20:45:02

 

#:31 [hotsync.exe]

FilePath : C:\Program Files\Palm\

ThreadCreationTime : 05-07-2004 17:37:33

BasePriority : Normal

FileSize : 292 KB

FileVersion : 4.0.4

ProductVersion : 4.1.0

Copyright : Copyright

CompanyName : Palm, Inc.

FileDescription : HotSync

InternalName : HotSync

OriginalFilename : Hotsync.exe

ProductName : HotSync

Created on : 18/07/2002 11:58:46

Last accessed : 05/07/2004 17:37:33

Last modified : 18/07/2002 11:58:46

 

#:32 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 05-07-2004 17:37:42

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 29/08/2002 02:00:00

Last accessed : 05/07/2004 17:36:20

Last modified : 29/08/2002 02:00:00

 

#:33 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ThreadCreationTime : 05-07-2004 17:57:30

BasePriority : Normal

FileSize : 1476 KB

FileVersion : 4.7.0041

ProductVersion : Version 4.7

Copyright : Copyright © Microsoft Corporation 1997-2001

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

OriginalFilename : msmsgs.exe

ProductName : Messenger

Created on : 20/08/2002 17:08:38

Last accessed : 05/07/2004 17:57:30

Last modified : 20/08/2002 17:08:38

 

#:34 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ThreadCreationTime : 05-07-2004 18:10:08

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 04/07/2004 14:34:38

Last accessed : 05/07/2004 17:36:20

Last modified : 12/07/2003 20:00:20

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

StopPop Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}

 

 

VX2 Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{0000607d-d204-42c7-8e46-216055bf9918}

 

 

VX2 Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : mxtargetdll.mxtargetdllobj.1

 

 

VX2 Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}

 

 

VX2 Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : vx2.vx2obj

 

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 5

Objects found so far: 5

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 6

 

 

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

VX2 Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\MxTarget

 

 

VX2 Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}

 

 

VX2 Object recognized!

Type : File

Data : dummy.htm

Object : c:\docume~1\richar~1\locals~1\temp\

 

Created on : 05/07/2004 07:54:47

Last accessed : 05/07/2004 18:14:00

Last modified : 05/07/2004 07:54:47

 

 

 

VX2 Object recognized!

Type : File

Data : polmx3.inf

Object : c:\windows\inf\

 

Created on : 05/07/2004 08:03:12

Last accessed : 05/07/2004 18:14:00

Last modified : 17/06/2004 12:15:44

 

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 4

Objects found so far: 10

 

 

19:14:19 Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:03:26:296

Objects scanned :49769

Objects identified :10

Objects ignored :0

New objects :10

Share this post


Link to post
Share on other sites

Aplogies, this is the correct log. The search bar has now gone but the internet explorer now opens up with MSN.com which it wasn't set with.

 

Thanks,

 

Richard

 

Logfile of HijackThis v1.97.7

Scan saved at 19:25:06, on 05/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\OfficeScan NT\ntrtscan.exe

C:\OfficeScan NT\tmlisten.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\OfficeScan NT\pccntmon.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\documents and settings\richard cv\local settings\temp\v8hzyx.exe

C:\documents and settings\richard cv\local settings\temp\8v.exe

C:\WINDOWS\System32\kbpkxl.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Maximizer\Mxalarm.exe

C:\Program Files\Maximizer\Mxfinder.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Data RCV\1. RCV Mngt\Tools\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [v8hzyx.exe] C:\documents and settings\richard cv\local settings\temp\v8hzyx.exe

O4 - HKLM\..\Run: [8v.exe] C:\documents and settings\richard cv\local settings\temp\8v.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [zbctww] C:\WINDOWS\System32\kbpkxl.exe

O4 - HKLM\..\Run: [t64U3mO] linetobj.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe

O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - file://C:\install.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bridgethorne.com

O17 - HKLM\Software\..\Telephony: DomainName = bridgethorne.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bridgethorne.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bridgethorne.com

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0