Jump to content


Photo

Search results turns ups ads, starting page change


  • Please log in to reply
3 replies to this topic

#1 arivas

arivas

    Member

  • New Member
  • Pip
  • 3 posts

Posted 11 June 2004 - 05:03 PM

I keep my homepage as google, whenever i enter a search in google i get results talking about ads, buy this, buy that. I had had the same problem before and it was intersitial ad delivery but that's nowhere to be found. i already removed it from my registrykeys and everything. ran a scan with the program. here are the results.
I have already read the FAQ's page and followed the directions to teh best of my ability. I just want my computer *my baby* back

Logfile of HijackThis v1.97.7
Scan saved at 3:55:38 PM, on 6/11/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sstray.exe
C:\WINNT\System32\TCAUDIAG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINNT\System32\mskceo.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\4.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINNT\System32\mskhhe.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINNT\System32\msglji.gif
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINNT\System32\mseggo.gif
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINNT\System32\msjfbl.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINNT\System32\msedah.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINNT\System32\msnkmi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\4.bin\MYBAR.DLL
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [oginl] C:\WINNT\System32\oginl.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINNT\System32\dxdllreg.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msmc] C:\WINNT\System32\msgked.exe
O4 - HKLM\..\RunOnce: [MSPCLOCK] RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
O4 - HKLM\..\RunOnce: [MSPQM] RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
O4 - HKLM\..\RunOnce: [MSKSSRV] RUNDLL32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
O4 - HKLM\..\RunOnce: [MPE0] rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINNT\INF\mpe.inf,BDAcodec
O4 - HKLM\..\RunOnce: [STREAMIP0] rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINNT\INF\streamip.inf,BDAcodec
O4 - HKLM\..\RunOnce: [SLIP0] rundll32.exe streamci,StreamingDeviceSetup {03884CB6-E89A-4deb-B69E-8DC621686E6A},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINNT\INF\slip.inf,VBIcodec
O4 - HKLM\..\RunOnce: [CCDECODE0] rundll32.exe streamci,StreamingDeviceSetup {562370a8-f8dd-11d2-bc64-00a0c95ec22e},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINNT\INF\CCDECODE.inf,CCDECODE.Interface.Install
O4 - HKLM\..\RunOnce: [NABTSFEC0] rundll32.exe streamci,StreamingDeviceSetup {07DAD662-22F1-11d1-A9F4-00C04FBBDE8F},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINNT\INF\NABTSFEC.inf,NABTSFEC.Interface.Install
O4 - HKLM\..\RunOnce: [WSTCODEC0] rundll32.exe streamci,StreamingDeviceSetup {70BC06E0-5666-11d3-A184-00105AEF9F33},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINNT\INF\WSTCODEC.inf,WSTCODEC.Interface.Install
O4 - HKLM\..\RunOnce: [DXDLLREG_0] rundll32.exe C:\WINNT\System32\advpack.dll,LaunchINFSection C:\WINNT\inf\dxdllreg.inf,DirectShow,1,N
O4 - HKLM\..\RunOnce: [DXDLLREG_1] rundll32.exe C:\WINNT\System32\advpack.dll,LaunchINFSection C:\WINNT\inf\dxdllreg.inf,DirectSound,1,N
O4 - HKLM\..\RunOnce: [DXDLLREG_2] rundll32.exe C:\WINNT\System32\advpack.dll,LaunchINFSection C:\WINNT\inf\dxdllreg.inf,DirectPlay,1,N
O4 - HKLM\..\RunOnce: [DXDLLREG_3] rundll32.exe C:\WINNT\System32\advpack.dll,LaunchINFSection C:\WINNT\inf\dxdllreg.inf,DirectInput,1,N
O4 - HKLM\..\RunOnce: [DXDLLREG_4] rundll32.exe C:\WINNT\System32\advpack.dll,LaunchINFSection C:\WINNT\inf\dxdllreg.inf,DX8RetailDLLs,1,N
O4 - HKLM\..\RunOnce: [DXBDAREG] rundll32.exe C:\WINNT\System32\advpack.dll,LaunchINFSection C:\WINNT\inf\dxbda.inf,BDADllRegister,1,N
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINNT\Temp\BullGuard\bulldownload.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: 3Com Connection Assistant.lnk = C:\Program Files\3com\Connection Assistant\bin\matcli.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{042FF40E-8D9D-4235-A7EF-DE8850B93C6A}: NameServer = 198.81.16.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{8317B771-F148-4273-815D-99972C0AC605}: NameServer = 129.138.250.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{042FF40E-8D9D-4235-A7EF-DE8850B93C6A}: NameServer = 198.81.16.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{042FF40E-8D9D-4235-A7EF-DE8850B93C6A}: NameServer = 198.81.18.4

Thank you,
arivas

#2 maui_3

maui_3

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 11 June 2004 - 06:16 PM

Hey Arivas,
You need to go to windows update and get the critical updates (especially IE6,...Sp1).
You also have too many programs running at startup.
I'm not an expert at hijack logs, but I do see some problems. Please wait for an expert to check your log.
Good luck

#3 arivas

arivas

    Member

  • New Member
  • Pip
  • 3 posts

Posted 13 June 2004 - 07:49 PM

Out of curiousity, do you know how long it will take for "an expert" to review my log file?

#4 arivas

arivas

    Member

  • New Member
  • Pip
  • 3 posts

Posted 14 June 2004 - 05:17 PM

I scanned my machine with spybot s&d and sweeper and quarantined what i thought was wrong,but im still unsure of what else could be causing the problems.
Also, I know that there are a lot of programs at startup I ran that list too.
But I don't know what some of them are and such, so I don't want to touch anything.

StartupList report, 6/13/2004, 6:53:14 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.EXE
Detected: Windows 2000 SP2 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\System32\sstray.exe
C:\WINNT\System32\TCAUDIAG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Microsoft Office\Office\POWERPNT.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
PowerReg SchedulerV2.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup]
3Com Connection Assistant.lnk = C:\Program Files\3com\Connection Assistant\bin\matcli.exe
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nForce Tray Options = sstray.exe /r
TCASUTIEXE = TCAUDIAG.exe -on
NvCplDaemon = RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
Advanced Tools Check = C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
McRegWiz = C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
NAV CfgWiz = C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
Pop-Up Stopper = "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Synchronization Manager = mobsync.exe /logon
P2P Networking = C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
oginl = C:\WINNT\System32\oginl.exe
WinTools = C:\Program Files\Common files\WinTools\WToolsA.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

SpySweeper_BT01 = "C:\Program Files\Webroot\Spy Sweeper\Bt01.exe" /SpySweeper_BT01

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NvMediaCenter = RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
ctfmon.exe = ctfmon.exe
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\System32\ss3dfo.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

myBar BHO - C:\Program Files\MyWay\myBar\4.bin\MYBAR.DLL - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINNT\System32\mskhhe.dll - {0982868C-47F0-4EFB-A664-C7B0B1015808}
(no name) - C:\WINNT\System32\msglji.gif - {0BA1C6EB-D062-4E37-9DB5-B07743276324}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINNT\System32\msjfbl.dll - {94927A13-4AAA-476A-989D-392456427688}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\WINNT\System32\msedah.dll - {CC916B4B-BE44-4026-A19D-8C74BBD23361}

--------------------------------------------------

Enumerating Task Scheduler jobs:

dfrg.job
McAfee.com Update Check (NMT-VEURIAS-Administrator).job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.micros...tes/ieawsdc.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...ector/swdir.cab

[Web P2P Installer]
InProcServer32 = C:\WINNT\Downloaded Program Files\WebP2PInstaller.dll

[YInstStarter Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yaho...s/yinst0401.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[Live365Player Class]
InProcServer32 = C:\WINNT\DOWNLO~1\Play365.dll
CODEBASE = http://www.live365.c...ers/play365.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINNT\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/p...t/msnchat45.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~768594.tmp||C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~90030.tmp|||\

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 8,734 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button