Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

About:blank. I need help in removal.


  • Please log in to reply
3 replies to this topic

#1 Graceland

Graceland

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 07 July 2005 - 04:22 PM

I need assistance in the removal of about:blank. I started looking at multiple sources for the removal of this problem. I even entertained doing it my self. However, there were several steps that I had seen that didn't seem necessarily consistent with my problem. For instance, when I run Registrar Lite, I am unable to navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs" (the AppInit_DLLs portion is not available1?).

Here is my HiJackThis log. I realize there are several suspicious elements in R1, but also I didn't know how to handle some of the questionable elements in O4.

Thank you

_________________________

Logfile of HijackThis v1.99.1
Scan saved at 2:55:18 PM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\system32\winwn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Christine Fink\Desktop\Junk\Remove About Blank Buddy\RemoveAboutBlankBuddy.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bhhna.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bhhna.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bhhna.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bhhna.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bhhna.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bhhna.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2F698176-3020-6710-0AB8-CB9B1DEB7AEF} - C:\WINDOWS\sdkgq32.dll
O2 - BHO: Class - {DA2E1456-592A-59FB-D2A9-711A767623D9} - C:\WINDOWS\ipvp.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [sdkxn.exe] C:\WINDOWS\system32\sdkxn.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [winwn.exe] C:\WINDOWS\system32\winwn.exe
O4 - HKLM\..\RunOnce: [crlr32.exe] C:\WINDOWS\crlr32.exe
O4 - HKLM\..\RunOnce: [iera32.exe] C:\WINDOWS\iera32.exe
O4 - HKLM\..\RunOnce: [d3si.exe] C:\WINDOWS\system32\d3si.exe
O4 - HKLM\..\RunOnce: [mfckv.exe] C:\WINDOWS\mfckv.exe
O4 - HKLM\..\RunOnce: [apith32.exe] C:\WINDOWS\apith32.exe
O4 - HKLM\..\RunOnce: [netxu32.exe] C:\WINDOWS\netxu32.exe
O4 - HKLM\..\RunOnce: [javago32.exe] C:\WINDOWS\system32\javago32.exe
O4 - HKLM\..\RunOnce: [apilr.exe] C:\WINDOWS\system32\apilr.exe
O4 - HKLM\..\RunOnce: [msgc.exe] C:\WINDOWS\msgc.exe
O4 - HKLM\..\RunOnce: [iplw.exe] C:\WINDOWS\iplw.exe
O4 - HKLM\..\RunOnce: [cret32.exe] C:\WINDOWS\cret32.exe
O4 - HKLM\..\RunOnce: [appnz.exe] C:\WINDOWS\system32\appnz.exe
O4 - HKLM\..\RunOnce: [javala32.exe] C:\WINDOWS\system32\javala32.exe
O4 - HKLM\..\RunOnce: [addoj32.exe] C:\WINDOWS\system32\addoj32.exe
O4 - HKLM\..\RunOnce: [addif32.exe] C:\WINDOWS\addif32.exe
O4 - HKLM\..\RunOnce: [crnz.exe] C:\WINDOWS\system32\crnz.exe
O4 - HKLM\..\RunOnce: [d3nh.exe] C:\WINDOWS\d3nh.exe
O4 - HKLM\..\RunOnce: [syshg32.exe] C:\WINDOWS\system32\syshg32.exe
O4 - HKLM\..\RunOnce: [sdkui.exe] C:\WINDOWS\system32\sdkui.exe
O4 - HKLM\..\RunOnce: [mfcfz.exe] C:\WINDOWS\mfcfz.exe
O4 - HKLM\..\RunOnce: [winvr.exe] C:\WINDOWS\system32\winvr.exe
O4 - HKLM\..\RunOnce: [cril32.exe] C:\WINDOWS\system32\cril32.exe
O4 - HKLM\..\RunOnce: [adddw32.exe] C:\WINDOWS\system32\adddw32.exe
O4 - HKLM\..\RunOnce: [d3jz32.exe] C:\WINDOWS\system32\d3jz32.exe
O4 - HKLM\..\RunOnce: [addst32.exe] C:\WINDOWS\addst32.exe
O4 - HKLM\..\RunOnce: [crxn.exe] C:\WINDOWS\crxn.exe
O4 - HKLM\..\RunOnce: [atlrz.exe] C:\WINDOWS\system32\atlrz.exe
O4 - HKLM\..\RunOnce: [crrh32.exe] C:\WINDOWS\crrh32.exe
O4 - HKLM\..\RunOnce: [netfj32.exe] C:\WINDOWS\netfj32.exe
O4 - HKLM\..\RunOnce: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\RunOnce: [netzs32.exe] C:\WINDOWS\netzs32.exe
O4 - HKLM\..\RunOnce: [addyi.exe] C:\WINDOWS\addyi.exe
O4 - HKLM\..\RunOnce: [netto32.exe] C:\WINDOWS\system32\netto32.exe
O4 - HKLM\..\RunOnce: [javamn32.exe] C:\WINDOWS\system32\javamn32.exe
O4 - HKLM\..\RunOnce: [crxy32.exe] C:\WINDOWS\system32\crxy32.exe
O4 - HKLM\..\RunOnce: [netcu32.exe] C:\WINDOWS\netcu32.exe
O4 - HKLM\..\RunOnce: [ntdl32.exe] C:\WINDOWS\ntdl32.exe
O4 - HKLM\..\RunOnce: [d3fg.exe] C:\WINDOWS\system32\d3fg.exe
O4 - HKLM\..\RunOnce: [sdkbs32.exe] C:\WINDOWS\system32\sdkbs32.exe
O4 - HKLM\..\RunOnce: [apizh.exe] C:\WINDOWS\apizh.exe
O4 - HKLM\..\RunOnce: [sysyx32.exe] C:\WINDOWS\system32\sysyx32.exe
O4 - HKLM\..\RunOnce: [croe32.exe] C:\WINDOWS\system32\croe32.exe
O4 - HKLM\..\RunOnce: [d3wu.exe] C:\WINDOWS\d3wu.exe
O4 - HKLM\..\RunOnce: [apikp32.exe] C:\WINDOWS\apikp32.exe
O4 - HKLM\..\RunOnce: [ntpt32.exe] C:\WINDOWS\system32\ntpt32.exe
O4 - HKLM\..\RunOnce: [apiei32.exe] C:\WINDOWS\system32\apiei32.exe
O4 - HKLM\..\RunOnce: [crfd32.exe] C:\WINDOWS\system32\crfd32.exe
O4 - HKLM\..\RunOnce: [addpb.exe] C:\WINDOWS\addpb.exe
O4 - HKLM\..\RunOnce: [mstn.exe] C:\WINDOWS\system32\mstn.exe
O4 - HKLM\..\RunOnce: [atlic32.exe] C:\WINDOWS\atlic32.exe
O4 - HKLM\..\RunOnce: [netyk.exe] C:\WINDOWS\netyk.exe
O4 - HKLM\..\RunOnce: [javaco32.exe] C:\WINDOWS\system32\javaco32.exe
O4 - HKLM\..\RunOnce: [ntmo.exe] C:\WINDOWS\ntmo.exe
O4 - HKLM\..\RunOnce: [sdksl32.exe] C:\WINDOWS\system32\sdksl32.exe
O4 - HKLM\..\RunOnce: [ntgi32.exe] C:\WINDOWS\ntgi32.exe
O4 - HKLM\..\RunOnce: [apple32.exe] C:\WINDOWS\apple32.exe
O4 - HKLM\..\RunOnce: [sdkgq32.exe] C:\WINDOWS\sdkgq32.exe
O4 - HKLM\..\RunOnce: [d3lu.exe] C:\WINDOWS\system32\d3lu.exe
O4 - HKLM\..\RunOnce: [ntwq.exe] C:\WINDOWS\ntwq.exe
O4 - HKLM\..\RunOnce: [javatu32.exe] C:\WINDOWS\javatu32.exe
O4 - HKLM\..\RunOnce: [addij32.exe] C:\WINDOWS\addij32.exe
O4 - HKLM\..\RunOnce: [javair32.exe] C:\WINDOWS\system32\javair32.exe
O4 - HKLM\..\RunOnce: [d3ke32.exe] C:\WINDOWS\system32\d3ke32.exe
O4 - HKLM\..\RunOnce: [mfcno.exe] C:\WINDOWS\system32\mfcno.exe
O4 - HKLM\..\RunOnce: [appvi.exe] C:\WINDOWS\appvi.exe
O4 - HKLM\..\RunOnce: [crwu32.exe] C:\WINDOWS\system32\crwu32.exe
O4 - HKLM\..\RunOnce: [ieby32.exe] C:\WINDOWS\ieby32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)
O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {55DEC12D-3001-459A-871E-6165C0188A48} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Support - {B8E19FE4-E655-4DE0-8A08-6406B55D035B} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {F739823B-0532-4ED9-ABC2-1628008B9E9C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\grzjfxgo.exe
O16 - DPF: {1A6BB370-9DB8-44d8-A336-C8F707E80A70} (Toolbar WMButton Download) - http://digimoney.com/wmbutton.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\crlr32.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

BC AdBot (Login to Remove)

 


m

#2 Graceland

Graceland
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 07 July 2005 - 05:42 PM

Sorry: here's a new log after I ran both Spybot and Ad-Aware again.
Thanks for all help!

____________________

Logfile of HijackThis v1.99.1
Scan saved at 5:37:30 PM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\winwn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dtkir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dtkir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dtkir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dtkir.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dtkir.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dtkir.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {27244056-A7A0-0D52-E7EF-5AC1509FDFAA} - C:\WINDOWS\system32\apiod32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [sdkxn.exe] C:\WINDOWS\system32\sdkxn.exe
O4 - HKLM\..\Run: [winwn.exe] C:\WINDOWS\system32\winwn.exe
O4 - HKLM\..\RunOnce: [crlr32.exe] C:\WINDOWS\crlr32.exe
O4 - HKLM\..\RunOnce: [iera32.exe] C:\WINDOWS\iera32.exe
O4 - HKLM\..\RunOnce: [mfckv.exe] C:\WINDOWS\mfckv.exe
O4 - HKLM\..\RunOnce: [netzy32.exe] C:\WINDOWS\system32\netzy32.exe
O4 - HKLM\..\RunOnce: [javaiw.exe] C:\WINDOWS\system32\javaiw.exe
O4 - HKLM\..\RunOnce: [appea.exe] C:\WINDOWS\appea.exe
O4 - HKLM\..\RunOnce: [systk.exe] C:\WINDOWS\systk.exe
O4 - HKLM\..\RunOnce: [d3eo.exe] C:\WINDOWS\system32\d3eo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)
O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index_t.shtml?toolbar=yes (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {55DEC12D-3001-459A-871E-6165C0188A48} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Support - {B8E19FE4-E655-4DE0-8A08-6406B55D035B} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {F739823B-0532-4ED9-ABC2-1628008B9E9C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\grzjfxgo.exe
O16 - DPF: {1A6BB370-9DB8-44d8-A336-C8F707E80A70} (Toolbar WMButton Download) - http://digimoney.com/wmbutton.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:42 AM

Posted 09 July 2005 - 10:16 AM

If you still need help, could you post a fresh log please?

#4 Graceland

Graceland
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 09 July 2005 - 01:54 PM

Here's a new log with some after some selections have been "fixed"

Logfile of HijackThis v1.99.1
Scan saved at 1:47:47 PM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\winwn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Class - {013F1D00-32FB-D06B-1419-6480DD6E1239} - C:\WINDOWS\winqi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1F546F48-9AA0-41C6-7850-AD03A47588F8} - C:\WINDOWS\system32\d3ot32.dll
O2 - BHO: Class - {22B1F2F7-F173-BECD-F6C3-ED087F9541CA} - C:\WINDOWS\iecv32.dll
O2 - BHO: Class - {47AA49FE-6602-0901-F8F3-72B36FCAD9BA} - C:\WINDOWS\apiaw.dll
O2 - BHO: Class - {782EFECF-07F2-F82F-8EDE-F319601EAE66} - C:\WINDOWS\system32\d3tv.dll
O2 - BHO: Class - {91E64938-0901-C214-A538-2DCDF985DA68} - C:\WINDOWS\netlg32.dll
O2 - BHO: Class - {9B442A67-4BF8-9AC9-9912-E5D9A99FE86D} - C:\WINDOWS\system32\winst32.dll
O2 - BHO: Class - {DF69CD81-6A3B-4A3D-064D-824D55DE3A0A} - C:\WINDOWS\system32\addvl.dll
O2 - BHO: Class - {F1B9DA5C-979C-674E-BDC1-14B48E7FDF72} - C:\WINDOWS\system32\mssg32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [sdkxn.exe] C:\WINDOWS\system32\sdkxn.exe
O4 - HKLM\..\Run: [winwn.exe] C:\WINDOWS\system32\winwn.exe
O4 - HKLM\..\RunOnce: [crlr32.exe] C:\WINDOWS\crlr32.exe
O4 - HKLM\..\RunOnce: [iera32.exe] C:\WINDOWS\iera32.exe
O4 - HKLM\..\RunOnce: [windk32.exe] C:\WINDOWS\windk32.exe
O4 - HKLM\..\RunOnce: [mfcrd.exe] C:\WINDOWS\system32\mfcrd.exe
O4 - HKLM\..\RunOnce: [msju32.exe] C:\WINDOWS\msju32.exe
O4 - HKLM\..\RunOnce: [apizj.exe] C:\WINDOWS\system32\apizj.exe
O4 - HKLM\..\RunOnce: [sysbs32.exe] C:\WINDOWS\sysbs32.exe
O4 - HKLM\..\RunOnce: [atlds.exe] C:\WINDOWS\system32\atlds.exe
O4 - HKLM\..\RunOnce: [msus32.exe] C:\WINDOWS\system32\msus32.exe
O4 - HKLM\..\RunOnce: [ipzu.exe] C:\WINDOWS\ipzu.exe
O4 - HKLM\..\RunOnce: [mfcjp.exe] C:\WINDOWS\mfcjp.exe
O4 - HKLM\..\RunOnce: [javagk32.exe] C:\WINDOWS\javagk32.exe
O4 - HKLM\..\RunOnce: [apimm.exe] C:\WINDOWS\system32\apimm.exe
O4 - HKLM\..\RunOnce: [ntyi32.exe] C:\WINDOWS\system32\ntyi32.exe
O4 - HKLM\..\RunOnce: [apigx32.exe] C:\WINDOWS\apigx32.exe
O4 - HKLM\..\RunOnce: [winla.exe] C:\WINDOWS\system32\winla.exe
O4 - HKLM\..\RunOnce: [applf32.exe] C:\WINDOWS\applf32.exe
O4 - HKLM\..\RunOnce: [sysau32.exe] C:\WINDOWS\sysau32.exe
O4 - HKLM\..\RunOnce: [appnx.exe] C:\WINDOWS\system32\appnx.exe
O4 - HKLM\..\RunOnce: [netyx.exe] C:\WINDOWS\system32\netyx.exe
O4 - HKLM\..\RunOnce: [winls32.exe] C:\WINDOWS\system32\winls32.exe
O4 - HKLM\..\RunOnce: [ipsg.exe] C:\WINDOWS\system32\ipsg.exe
O4 - HKLM\..\RunOnce: [appxj32.exe] C:\WINDOWS\appxj32.exe
O4 - HKLM\..\RunOnce: [sdkrw.exe] C:\WINDOWS\sdkrw.exe
O4 - HKLM\..\RunOnce: [mfcwq32.exe] C:\WINDOWS\system32\mfcwq32.exe
O4 - HKLM\..\RunOnce: [crzq32.exe] C:\WINDOWS\crzq32.exe
O4 - HKLM\..\RunOnce: [netnk.exe] C:\WINDOWS\netnk.exe
O4 - HKLM\..\RunOnce: [wines32.exe] C:\WINDOWS\system32\wines32.exe
O4 - HKLM\..\RunOnce: [javarm.exe] C:\WINDOWS\system32\javarm.exe
O4 - HKLM\..\RunOnce: [mfcfz32.exe] C:\WINDOWS\mfcfz32.exe
O4 - HKLM\..\RunOnce: [syskt.exe] C:\WINDOWS\syskt.exe
O4 - HKLM\..\RunOnce: [mfctt.exe] C:\WINDOWS\system32\mfctt.exe
O4 - HKLM\..\RunOnce: [sdkji.exe] C:\WINDOWS\sdkji.exe
O4 - HKLM\..\RunOnce: [ipyy32.exe] C:\WINDOWS\ipyy32.exe
O4 - HKLM\..\RunOnce: [addes32.exe] C:\WINDOWS\system32\addes32.exe
O4 - HKLM\..\RunOnce: [mfcju32.exe] C:\WINDOWS\mfcju32.exe
O4 - HKLM\..\RunOnce: [iecv32.exe] C:\WINDOWS\iecv32.exe
O4 - HKLM\..\RunOnce: [sdkpp.exe] C:\WINDOWS\sdkpp.exe
O4 - HKLM\..\RunOnce: [syskd32.exe] C:\WINDOWS\system32\syskd32.exe
O4 - HKLM\..\RunOnce: [mfcon.exe] C:\WINDOWS\mfcon.exe
O4 - HKLM\..\RunOnce: [sdkyl32.exe] C:\WINDOWS\sdkyl32.exe
O4 - HKLM\..\RunOnce: [sysbx32.exe] C:\WINDOWS\sysbx32.exe
O4 - HKLM\..\RunOnce: [appgb.exe] C:\WINDOWS\system32\appgb.exe
O4 - HKLM\..\RunOnce: [atlbt32.exe] C:\WINDOWS\system32\atlbt32.exe
O4 - HKLM\..\RunOnce: [msgn.exe] C:\WINDOWS\system32\msgn.exe
O4 - HKLM\..\RunOnce: [atlgp.exe] C:\WINDOWS\system32\atlgp.exe
O4 - HKLM\..\RunOnce: [netus.exe] C:\WINDOWS\netus.exe
O4 - HKLM\..\RunOnce: [ipoj32.exe] C:\WINDOWS\ipoj32.exe
O4 - HKLM\..\RunOnce: [ntiu32.exe] C:\WINDOWS\ntiu32.exe
O4 - HKLM\..\RunOnce: [atlno32.exe] C:\WINDOWS\system32\atlno32.exe
O4 - HKLM\..\RunOnce: [appnq32.exe] C:\WINDOWS\system32\appnq32.exe
O4 - HKLM\..\RunOnce: [msss32.exe] C:\WINDOWS\system32\msss32.exe
O4 - HKLM\..\RunOnce: [atlve32.exe] C:\WINDOWS\system32\atlve32.exe
O4 - HKLM\..\RunOnce: [ieay.exe] C:\WINDOWS\system32\ieay.exe
O4 - HKLM\..\RunOnce: [netai.exe] C:\WINDOWS\netai.exe
O4 - HKLM\..\RunOnce: [apiaj32.exe] C:\WINDOWS\system32\apiaj32.exe
O4 - HKLM\..\RunOnce: [mfcpg32.exe] C:\WINDOWS\mfcpg32.exe
O4 - HKLM\..\RunOnce: [sysuc.exe] C:\WINDOWS\sysuc.exe
O4 - HKLM\..\RunOnce: [cryo.exe] C:\WINDOWS\cryo.exe
O4 - HKLM\..\RunOnce: [addnd32.exe] C:\WINDOWS\system32\addnd32.exe
O4 - HKLM\..\RunOnce: [apidl32.exe] C:\WINDOWS\system32\apidl32.exe
O4 - HKLM\..\RunOnce: [atlyo.exe] C:\WINDOWS\system32\atlyo.exe
O4 - HKLM\..\RunOnce: [msxe32.exe] C:\WINDOWS\system32\msxe32.exe
O4 - HKLM\..\RunOnce: [sdkvt32.exe] C:\WINDOWS\sdkvt32.exe
O4 - HKLM\..\RunOnce: [javavb.exe] C:\WINDOWS\javavb.exe
O4 - HKLM\..\RunOnce: [sdkek.exe] C:\WINDOWS\system32\sdkek.exe
O4 - HKLM\..\RunOnce: [ietz32.exe] C:\WINDOWS\ietz32.exe
O4 - HKLM\..\RunOnce: [appkg32.exe] C:\WINDOWS\appkg32.exe
O4 - HKLM\..\RunOnce: [winnk.exe] C:\WINDOWS\system32\winnk.exe
O4 - HKLM\..\RunOnce: [javama32.exe] C:\WINDOWS\javama32.exe
O4 - HKLM\..\RunOnce: [netcp.exe] C:\WINDOWS\system32\netcp.exe
O4 - HKLM\..\RunOnce: [mfcgz.exe] C:\WINDOWS\mfcgz.exe
O4 - HKLM\..\RunOnce: [ntcv32.exe] C:\WINDOWS\ntcv32.exe
O4 - HKLM\..\RunOnce: [netld.exe] C:\WINDOWS\netld.exe
O4 - HKLM\..\RunOnce: [netzs32.exe] C:\WINDOWS\netzs32.exe
O4 - HKLM\..\RunOnce: [netnp32.exe] C:\WINDOWS\system32\netnp32.exe
O4 - HKLM\..\RunOnce: [winkt32.exe] C:\WINDOWS\winkt32.exe
O4 - HKLM\..\RunOnce: [ipnf32.exe] C:\WINDOWS\system32\ipnf32.exe
O4 - HKLM\..\RunOnce: [javasj.exe] C:\WINDOWS\system32\javasj.exe
O4 - HKLM\..\RunOnce: [ntbj32.exe] C:\WINDOWS\system32\ntbj32.exe
O4 - HKLM\..\RunOnce: [nthg32.exe] C:\WINDOWS\system32\nthg32.exe
O4 - HKLM\..\RunOnce: [appmc32.exe] C:\WINDOWS\system32\appmc32.exe
O4 - HKLM\..\RunOnce: [ntpo32.exe] C:\WINDOWS\ntpo32.exe
O4 - HKLM\..\RunOnce: [crut.exe] C:\WINDOWS\crut.exe
O4 - HKLM\..\RunOnce: [javavt32.exe] C:\WINDOWS\javavt32.exe
O4 - HKLM\..\RunOnce: [sdkjq.exe] C:\WINDOWS\sdkjq.exe
O4 - HKLM\..\RunOnce: [apicg32.exe] C:\WINDOWS\apicg32.exe
O4 - HKLM\..\RunOnce: [crxs32.exe] C:\WINDOWS\crxs32.exe
O4 - HKLM\..\RunOnce: [iecw32.exe] C:\WINDOWS\system32\iecw32.exe
O4 - HKLM\..\RunOnce: [netke.exe] C:\WINDOWS\netke.exe
O4 - HKLM\..\RunOnce: [atlgi32.exe] C:\WINDOWS\system32\atlgi32.exe
O4 - HKLM\..\RunOnce: [sysey.exe] C:\WINDOWS\sysey.exe
O4 - HKLM\..\RunOnce: [sdkdo32.exe] C:\WINDOWS\sdkdo32.exe
O4 - HKLM\..\RunOnce: [apitd32.exe] C:\WINDOWS\system32\apitd32.exe
O4 - HKLM\..\RunOnce: [netbl.exe] C:\WINDOWS\system32\netbl.exe
O4 - HKLM\..\RunOnce: [apicl.exe] C:\WINDOWS\apicl.exe
O4 - HKLM\..\RunOnce: [crri.exe] C:\WINDOWS\system32\crri.exe
O4 - HKLM\..\RunOnce: [ntgq.exe] C:\WINDOWS\system32\ntgq.exe
O4 - HKLM\..\RunOnce: [atlzi32.exe] C:\WINDOWS\atlzi32.exe
O4 - HKLM\..\RunOnce: [mfckc32.exe] C:\WINDOWS\mfckc32.exe
O4 - HKLM\..\RunOnce: [syspy32.exe] C:\WINDOWS\system32\syspy32.exe
O4 - HKLM\..\RunOnce: [apisk.exe] C:\WINDOWS\apisk.exe
O4 - HKLM\..\RunOnce: [appow32.exe] C:\WINDOWS\system32\appow32.exe
O4 - HKLM\..\RunOnce: [sysgu.exe] C:\WINDOWS\system32\sysgu.exe
O4 - HKLM\..\RunOnce: [iehu.exe] C:\WINDOWS\iehu.exe
O4 - HKLM\..\RunOnce: [mfcwk32.exe] C:\WINDOWS\system32\mfcwk32.exe
O4 - HKLM\..\RunOnce: [ipuz32.exe] C:\WINDOWS\system32\ipuz32.exe
O4 - HKLM\..\RunOnce: [apipd.exe] C:\WINDOWS\apipd.exe
O4 - HKLM\..\RunOnce: [winos32.exe] C:\WINDOWS\winos32.exe
O4 - HKLM\..\RunOnce: [d3ni.exe] C:\WINDOWS\system32\d3ni.exe
O4 - HKLM\..\RunOnce: [netmy32.exe] C:\WINDOWS\netmy32.exe
O4 - HKLM\..\RunOnce: [appcf32.exe] C:\WINDOWS\system32\appcf32.exe
O4 - HKLM\..\RunOnce: [atlcv32.exe] C:\WINDOWS\system32\atlcv32.exe
O4 - HKLM\..\RunOnce: [javaqk.exe] C:\WINDOWS\javaqk.exe
O4 - HKLM\..\RunOnce: [d3ps.exe] C:\WINDOWS\d3ps.exe
O4 - HKLM\..\RunOnce: [winas.exe] C:\WINDOWS\winas.exe
O4 - HKLM\..\RunOnce: [sdkzs32.exe] C:\WINDOWS\sdkzs32.exe
O4 - HKLM\..\RunOnce: [winnh.exe] C:\WINDOWS\winnh.exe
O4 - HKLM\..\RunOnce: [atlex32.exe] C:\WINDOWS\system32\atlex32.exe
O4 - HKLM\..\RunOnce: [iesh32.exe] C:\WINDOWS\iesh32.exe
O4 - HKLM\..\RunOnce: [atlba32.exe] C:\WINDOWS\atlba32.exe
O4 - HKLM\..\RunOnce: [crbi.exe] C:\WINDOWS\system32\crbi.exe
O4 - HKLM\..\RunOnce: [ntfm.exe] C:\WINDOWS\system32\ntfm.exe
O4 - HKLM\..\RunOnce: [ieuj32.exe] C:\WINDOWS\ieuj32.exe
O4 - HKLM\..\RunOnce: [addlq.exe] C:\WINDOWS\addlq.exe
O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\apipu32.exe
O4 - HKLM\..\RunOnce: [atlyv.exe] C:\WINDOWS\atlyv.exe
O4 - HKLM\..\RunOnce: [atler32.exe] C:\WINDOWS\atler32.exe
O4 - HKLM\..\RunOnce: [sysek32.exe] C:\WINDOWS\sysek32.exe
O4 - HKLM\..\RunOnce: [sdkft32.exe] C:\WINDOWS\system32\sdkft32.exe
O4 - HKLM\..\RunOnce: [msxk32.exe] C:\WINDOWS\msxk32.exe
O4 - HKLM\..\RunOnce: [mfcaw32.exe] C:\WINDOWS\system32\mfcaw32.exe
O4 - HKLM\..\RunOnce: [netfa.exe] C:\WINDOWS\netfa.exe
O4 - HKLM\..\RunOnce: [apigb32.exe] C:\WINDOWS\system32\apigb32.exe
O4 - HKLM\..\RunOnce: [apiuy32.exe] C:\WINDOWS\apiuy32.exe
O4 - HKLM\..\RunOnce: [syszu32.exe] C:\WINDOWS\system32\syszu32.exe
O4 - HKLM\..\RunOnce: [apiug32.exe] C:\WINDOWS\apiug32.exe
O4 - HKLM\..\RunOnce: [winct.exe] C:\WINDOWS\winct.exe
O4 - HKLM\..\RunOnce: [mfcmu.exe] C:\WINDOWS\mfcmu.exe
O4 - HKLM\..\RunOnce: [mslu32.exe] C:\WINDOWS\mslu32.exe
O4 - HKLM\..\RunOnce: [mfcar32.exe] C:\WINDOWS\mfcar32.exe
O4 - HKLM\..\RunOnce: [msar.exe] C:\WINDOWS\system32\msar.exe
O4 - HKLM\..\RunOnce: [sdkwd.exe] C:\WINDOWS\sdkwd.exe
O4 - HKLM\..\RunOnce: [systs32.exe] C:\WINDOWS\system32\systs32.exe
O4 - HKLM\..\RunOnce: [atljz32.exe] C:\WINDOWS\system32\atljz32.exe
O4 - HKLM\..\RunOnce: [addel.exe] C:\WINDOWS\addel.exe
O4 - HKLM\..\RunOnce: [crdt32.exe] C:\WINDOWS\crdt32.exe
O4 - HKLM\..\RunOnce: [ipbi32.exe] C:\WINDOWS\system32\ipbi32.exe
O4 - HKLM\..\RunOnce: [ntby.exe] C:\WINDOWS\system32\ntby.exe
O4 - HKLM\..\RunOnce: [ipky.exe] C:\WINDOWS\system32\ipky.exe
O4 - HKLM\..\RunOnce: [ietf32.exe] C:\WINDOWS\system32\ietf32.exe
O4 - HKLM\..\RunOnce: [crjm32.exe] C:\WINDOWS\system32\crjm32.exe
O4 - HKLM\..\RunOnce: [winti.exe] C:\WINDOWS\winti.exe
O4 - HKLM\..\RunOnce: [javajm.exe] C:\WINDOWS\javajm.exe
O4 - HKLM\..\RunOnce: [winoh.exe] C:\WINDOWS\winoh.exe
O4 - HKLM\..\RunOnce: [cruj.exe] C:\WINDOWS\system32\cruj.exe
O4 - HKLM\..\RunOnce: [mfcic32.exe] C:\WINDOWS\mfcic32.exe
O4 - HKLM\..\RunOnce: [winhr32.exe] C:\WINDOWS\system32\winhr32.exe
O4 - HKLM\..\RunOnce: [addgh.exe] C:\WINDOWS\system32\addgh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {1A6BB370-9DB8-44d8-A336-C8F707E80A70} (Toolbar WMButton Download) - http://digimoney.com/wmbutton.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\crlr32.exe" /s (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users