• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Silphion

Recurring MyWebSearch Hijack

13 posts in this topic

I've been hit by a pretty strong Hijack. Since yesterday, I've been battling with various programs (see the list below), and have been running AdAware or Spybot S&D every 3 hours (with updates before hand), and I'm still getting some pretty bad attacks.

 

So far, I've gone so far as to restrict I.E., and download and install Mozilla as my default browser. It's done nothing to stop the current downloads.

 

I'm reaching the end of my limits in ideas. I've personally killed or let Ad-Aware and SpyBot kill many of these things, but they keep coming back. Please help when you can.

 

The following programs have been noticed, and in some cases, killed.

CoolWebSearch - Toolband Affiliate - Killed by CWShredder

MyWebSearch - Recurring (Killed 7 times so far)

Iconz.exe - Deleted

Stop Sign Virus Scan (bundlewr_bndl.exe) - Stopped

AdWatch - PopUp

"loading..." - IE Screen that comes up every hour.

AdDesteroyer - Killed 2 times

Virtual Bouncer - Uninstalled/Killed 2 times

eAccelleration - Killed

VX2.BetterInternet - Killed 3 times

fxssvc.exe - ??? (noticed briefly during startup)

 

 

HijackThis Log - Run after last Ad-Aware/Spybot Scans & Reboot

Logfile of HijackThis v1.97.7

Scan saved at 12:36:36 AM, on 6/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\NuonSoft\WallpaperCycler\wallpapercycler.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Motherboard Monitor 5\MBM5.EXE

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\PROGRA~1\ICQ\ICQ.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\program files\mcafee.com\agent\mcagent.exe

C:\Documents and Settings\All Users\Documents\Tools\HijackThis.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\JGsoft\EditPadPro5\EditPadPro.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLDial.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\WINDOWS\System32\taskmgr.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomshardware.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.webcrawler.com/info.wbcrwl.toolbar/

O1 - Hosts: 207.36.196.189 ieautosearch

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Webcrawler Toolbar - {9677F3F1-E994-451F-805F-7148CC8AE040} - C:\Program Files\WebcrawlerToolbar\ultrabar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler StartupHelper] C:\Program Files\NuonSoft\WallpaperCycler\StartupHelper.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Webcrawler Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\WebcrawlerToolbar\contextsearch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O15 - Trusted Zone: http://www.dslreports.com

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{256CA830-94CA-484A-9633-DB6C6AA6F1EC}: NameServer = 205.188.146.146

O17 - HKLM\System\CCS\Services\Tcpip\..\{C67B2768-1CB6-4B34-AAB8-8438B01ACD88}: NameServer = 68.62.160.6,68.62.160.5

O17 - HKLM\System\CS1\Services\Tcpip\..\{256CA830-94CA-484A-9633-DB6C6AA6F1EC}: NameServer = 205.188.146.146

Edited by Silphion

Share this post


Link to post
Share on other sites

New information found (and slight bump)

Looking at my Outgoing Traffic log, I've noticed that the "loading..." screen was the following address:

 

donotclick://69.20.62.53/yyy2.html

 

Also, the following item constantly appears around the same time, and other times:

 

www.look2me.com

 

Both of these sites were immediatly added to the restricted zones list, and seemed to have stopped the random downloading. However, the window keeps appearing--now it just won't go away.

Edited by Silphion

Share this post


Link to post
Share on other sites

hi silphion,

before you run adaware6 and spybot-sd and HJT and CWS, turn off system restore by right-clicking MyComputer and going to System Restore tab. check turn off system restore and apply and Ok to close. boot into safe mode. run your anti-virus program for a complete scan. after that run adaware (make sure that you have the latest updates installed for all the programs) click on start go to customize and check depp scan within archives. also check (= green ) scan my hosts file. after that do a scan and let adaware do the rest. after that restart your system again into safe mode and now run spybot-sd. restart again (into safe mode) and then run CWSShredder and click on Fix It. after that boot again into safe mode and then run HijackThis and get a log file and post it here for further instructions. this is to ensure that no malicious objects are left on your computer. OK :)

Share this post


Link to post
Share on other sites

Instructions carried out, but to sadly no effect. I'm still infected with whatever it is.

 

Update

Virus Scan: Nothing Detected

Ad-Aware: Detected VX2.BetterInternet - Killed

Spybot: Detected 5 DSO Exploits it was unable to fix.

CWShredder: Nothing Detected

 

New Invasive Popup - SpyBloc (comes on during startup and random times)

 

Looking at below, I'm beginning to think that this thing doesn't leave a trace in HijackThis...

 

HijackThis Log

Logfile of HijackThis v1.97.7

Scan saved at 9:11:08 AM, on 6/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wpabaln.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Documents and Settings\All Users\Documents\Tools\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomshardware.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.webcrawler.com/info.wbcrwl.toolbar/

O1 - Hosts: 207.36.196.189 ieautosearch

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Webcrawler Toolbar - {9677F3F1-E994-451F-805F-7148CC8AE040} - C:\Program Files\WebcrawlerToolbar\ultrabar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler StartupHelper] C:\Program Files\NuonSoft\WallpaperCycler\StartupHelper.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Webcrawler Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\WebcrawlerToolbar\contextsearch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O15 - Trusted Zone: http://www.dslreports.com

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C67B2768-1CB6-4B34-AAB8-8438B01ACD88}: NameServer = 68.62.160.6,68.62.160.5

Edited by Silphion

Share this post


Link to post
Share on other sites

More information & Bump:

 

I'm thoroughly convince the culprit is running through the rundll32.exe task. Every time I end that process, the popups leave me alone for a good while. But when the popups DO come back, so does the rundll32.exe task. Lately, it seems to come back whenever the computers boot up (normal mode OR safe mode), and when it resumes from standby/screen saver

 

And this is truelly frightening folks.

 

While booted in safe mode, the hijack did its things and tried to make the popups yet again... Yes, safe mode. Again, rundll32.exe was a running process, and it came back whenever the popups did.

Edited by Silphion

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.webcrawler.com/info.wbcrwl.toolbar/

O1 - Hosts: 207.36.196.189 ieautosearch

O3 - Toolbar: Webcrawler Toolbar - {9677F3F1-E994-451F-805F-7148CC8AE040} - C:\Program Files\WebcrawlerToolbar\ultrabar.dll

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O8 - Extra context menu item: Webcrawler Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\WebcrawlerToolbar\contextsearch.htm

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

 

Make sure adaware and Cwshredder is updated.. then reboot in safe mode and run both.

 

Reboot once more in regular mode....

 

Go to start >Run and paste this in:

%Userprofile%\Local Settings\Temp folder

 

It will open your temp folder.

 

Go to the toolbar>Edit>Select All

Then go back to File>Delete

 

Then get an online virus scan here: http://housecall.trendmicro.com/ Please select the Autoclean option when prompted.

or here: http://www.pandasoftware.com/activescan/

 

 

Download VX2Finder from this link:

http://www.downloads.subratam.org/VX2Finder.exe

 

 

Run Vx2Finder click on the *click to find VX2.BetterInternet* button. Then click *make log*.

 

Copy and paste the contents of the log into your next reply here.

--------------------------------

Edited by irelynnmisses

Share this post


Link to post
Share on other sites

Delete files found on Hijack this: Done

Update AdAware, Spybot, and CWS: Done

Reboot to Safemode and run above programs: Done

Reboot to normal mode & Delete temp files: Done, with popup

The following popup appeared during deletion (but was foiled by my blocking of www.look2me.com)

http://www.look2me.com/cgi-bin/PopupV2?ID=...5A7B}&AD=CyDoor

 

Run Virus Scan: McAffee - No Results / TrendMicro Housecall - No Results

Download & Run VX2Finder: Done - VX2 Found!

 

VX2 Log:

Log for VX2.BetterInternet File Finder

 

Files Found---

C:\WINDOWS\System32\6zo4svc.dll

C:\WINDOWS\System32\amaamon.dll

C:\WINDOWS\System32\aqphelp.dll

C:\WINDOWS\System32\arctres.dll

C:\WINDOWS\System32\azctres.dll

 

 

Guardian Key--- is called: GuardianAYPCM

Asynchronous 000

DllName C:\WINDOWS\system32\6zo4svc.dll

Impersonate 000

Logon WinLogon

Logoff WinLogoff

Version 124

ID {AB35FE1F-F630-444D-AF8B-B1BC75815A7B}

IDex DS3

 

User Agent String---

{AB35FE1F-F630-444D-AF8B-B1BC75815A7B}

 

 

Notes:

www.Look2me.com (and the annoying yyy2.htm and yyy3.htm) Popups will appear anytime Internet Explorer is running (such as McAffee virus scan). Sorry, but I cannot dump McAffee at this time.

 

Stopping the Rundll32.exe, as noted above, helps slow the onslaught, but does nothing to prevent it. If VX2 is the culprit, then I'll be glad to be rid of it.

 

Also, popups appeared during the entire time I was doing virus scan, so deleting those files from HijackThis did not stop it--probably only crippled it a little.

Share this post


Link to post
Share on other sites

I went through VX2Finder's documentation, and effectively erased VX2 and all it's guardians and traces from my computer. So far, there have been no pop ups since that time. If I don't make another comment within the next three days, consider the issue resolved. :)

 

In the meantime, any helper who wants to add some advice (in case it's not resolved), feel free.

Share this post


Link to post
Share on other sites

Sorry I didn't get back sooner,,, posts get buried at times.. good for you! can you post a log to be checked,, there is still mre to go :)

Share this post


Link to post
Share on other sites

Sure thing:

 

Logfile of HijackThis v1.97.7

Scan saved at 6:43:12 AM, on 6/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\NuonSoft\WallpaperCycler\wallpapercycler.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\Motherboard Monitor 5\MBM5.EXE

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\System32\MsPMSPSv.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Messenger\msmsgs.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\All Users\Documents\Tools\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomshardware.com/

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler StartupHelper] C:\Program Files\NuonSoft\WallpaperCycler\StartupHelper.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O15 - Trusted Zone: http://www.dslreports.com

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298...all/xscan53.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C67B2768-1CB6-4B34-AAB8-8438B01ACD88}: NameServer = 68.62.160.6,68.62.160.5

 

 

 

VX2Finder says... Clean!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0