desi4usa

Slow computer - HijackThis Log - Malware suspected

Recommended Posts

Can someone please check my logfile as my computer has slowed down. I suspected it being infected by malware.

Desi

Logfile of HijackThis v1.99.1

Scan saved at 5:55:36 AM, on 1/27/2006

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\llssrv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\Software Downloads\NetZero\exec.exe

C:\WINNT\SYSTEM32\Winzip.exe

C:\WINNT\SYSTEM32\Update.exe

D:\Software Downloads\NetZero\exec.exe

C:\WINNT\system32\mmc.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.hindustantimes.com"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\software downloads\adobe\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - D:\Software Downloads\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe

O4 - HKLM\..\Run: [scanRegistry] scanregw.exe /scan

O4 - HKCU\..\Run: [ccleaner] "D:\Software Downloads\CC Cleaner\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DD553EF8-3429-4CF2-AB73-83F244D57750}: NameServer = 64.136.28.120 64.136.20.120

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Share this post


Link to post
Share on other sites

Hi,

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti malware it is a free version of the program.

  1. Install ewido anti malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

[*]Launch ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update.
  • Then click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Once the updates are installed do the following:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti malware.

Reboot and post a new HijackThis log as well as the Ewido log.

Danny :D

Share this post


Link to post
Share on other sites

Here are my logs please.

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 9:58:04 AM, 1/28/2006

+ Report-Checksum: 53BF99CD

+ Scan result:

HKLM\SOFTWARE\saap -> Spyware.180Solutions : Cleaned with backup

HKU\S-1-5-21-1715567821-706699826-839522115-500\Software\saap -> Spyware.180Solutions : Cleaned with backup

[1152] C:\WINNT\SYSTEM32\Winzip.exe -> Worm.VB.bi : Cleaned with backup

C:\WINNT\system32\scanregw.exe -> Worm.VB.bi : Cleaned with backup

C:\WINNT\system32\Winzip.exe -> Worm.VB.bi : Cleaned with backup

C:\WINNT\system32\Update.exe -> Worm.VB.bi : Cleaned with backup

C:\WINNT\Rundll16.exe -> Worm.VB.bi : Cleaned with backup

C:\WINNT\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup

C:\Documents and Settings\Administrator\Start Menu\Programs\WinZip_Tmp.exe -> Worm.VB.bi : Cleaned with backup

:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

C:\unzipped\Original_Message\ATT01.zip .sCR -> Worm.VB.bi : Cleaned with backup

C:\unzipped\Original_Message\WinZip_Tmp.exe -> Worm.VB.bi : Cleaned with backup

C:\unzipped\AboutBuster\WinZip_Tmp.exe -> Worm.VB.bi : Cleaned with backup

D:\Software Downloads\WinZip_Tmp.exe -> Worm.VB.bi : Cleaned with backup

D:\Amachi\Papa's Papers\WinZip_Tmp.exe -> Worm.VB.bi : Cleaned with backup

D:\NURSING\NCLEX\WinZip_Tmp.exe -> Worm.VB.bi : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1

Scan saved at 1:12:51 PM, on 1/28/2006

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINNT\System32\llssrv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\Explorer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINNT\System32\svchost.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwarebytes.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.malwarebytes.org"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\software downloads\adobe\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - D:\Software Downloads\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe

O4 - HKCU\..\Run: [ccleaner] "D:\Software Downloads\CC Cleaner\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Please advice

Thanks

Desi

Share this post


Link to post
Share on other sites

Hi,

  • Please Download FixBmalE from here.
  • Save the file to a convenient location, such as your Windows desktop.
  • Please boot into Safe Mode. To do this:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.

    [*]When in Safe Mode, double-click FixBmalE.exe to start the removal tool.

    [*]Read the EULA, and click the "Accept" button.

    [*]Click Start to begin the process, and then allow the tool to run.

    [*]Restart your computer.

    [*]Run the removal tool again.

    [*]Reboot, and post a new HijackThis log.

Danny :D

Share this post


Link to post
Share on other sites

Dear Danny:

Here's my new log. Does it look clean? Please advice.

Desi

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINNT\System32\llssrv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

C:\WINNT\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwarebytes.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.malwarebytes.org"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\software downloads\adobe\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - D:\Software Downloads\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe

O4 - HKCU\..\Run: [ccleaner] "D:\Software Downloads\CC Cleaner\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Share this post


Link to post
Share on other sites

Hi,

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Danny :thumbsup:

Share this post


Link to post
Share on other sites

Hi Danny:

Here's the active scan report:

Incident Status Location

Potentially unwanted tool:application/myway Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH

Desi

Share this post


Link to post
Share on other sites

Hi,

Next, please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH]

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".

Then go to the desktop and double-click on fix.reg, and click "Yes to merge it with the registry."

Reboot and tell me how your computer is doing.

Danny :D

Share this post


Link to post
Share on other sites

Hi Danny:

Thanks much for your help. My computer is back to normal. What should I do to protect my computer from all this we had to go through? Any software that combines most of what we did?

Thanks again.

Desi

Share this post


Link to post
Share on other sites

Hi there:

My computer is now slow again. Here's the latest log file from HijackThis.

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINNT\System32\llssrv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\Explorer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINNT\System32\svchost.exe

D:\Software Downloads\NetZero\exec.exe

D:\Software Downloads\NetZero\exec.exe

C:\WINNT\system32\mmc.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwarebytes.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.bbcnews.com"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\fvy2blxj.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\software downloads\adobe\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - D:\Software Downloads\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ccleaner] "D:\Software Downloads\CC Cleaner\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DD553EF8-3429-4CF2-AB73-83F244D57750}: NameServer = 64.136.28.120 64.136.20.120

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.