Your Ad Here Your Ad Here
Results 1 to 7 of 7

Thread: Browser Hijack

  1. #1
    Hi all,

    I'm having real problems fixing a mate's computer and it's driving me mad. He seems to have a variant of CoolWebSearch but it isn't recognised by CWShredder. I've tried repeated scans with Ad-Aware but the next time I run explorer all the files return. The homepage of the browser is being redirected to res://C:\WINDOWS\system32\yyubk.dll/sp.html#37049. I tried deleting the contents of the dll file and saving it, but it just created a new dll file in its place next time I ran explorer!

    Any help would be much appreciated.

    Here's the HijackThis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 17:58:12, on 29/10/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    E:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    D:\Program Files\NoAds\NoAds.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINDOWS\atlst.exe
    C:\WINDOWS\system32\ieyw.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\John A Dickson\Local Settings\Temp\Temporary Directory 2 for hjt.zip\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\roqsj.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\roqsj.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://roqsj.dll/index.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\roqsj.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://roqsj.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\roqsj.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\roqsj.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://roqsj.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\roqsj.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\roqsj.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {C0AB6C34-D1BC-32E6-9A1B-1F47822FD32E} - C:\WINDOWS\system32\mfcuh.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [atlus32.exe] C:\WINDOWS\system32\atlus32.exe
    O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
    O4 - HKLM\..\Run: [winan.exe] C:\WINDOWS\system32\winan.exe
    O4 - HKLM\..\Run: [ieyw.exe] C:\WINDOWS\system32\ieyw.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [TaskTray] D:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [Taskbar] D:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    O4 - HKCU\..\Run: [NoAds] "d:\Program Files\NoAds\NoAds.exe"
    O4 - HKCU\..\Run: [Trod] C:\Documents and Settings\John A Dickson\Application Data\darb.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKLM\..\RunOnce: [atlst.exe] C:\WINDOWS\atlst.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/b...ll/xscan53.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.es/activescan/as/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...166.3713888889
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8CC19F6-A7AF-4B76-86B9-CD829EF70413}: NameServer = 207.44.140.102 64.191.22.247
    We can't stop here... this is bat country

  2. Software & Hardware   -   #2
    Poster
    Join Date
    Oct 2003
    Location
    fucking smurfland y'idjit
    Posts
    760
    Well, I'd gotten almost all the way through that shit and accidentally hit the 'back' button on my mouse, so my edit was completely lost. Fuck it, I can't be arsed!

    Get a virus check.
    Download this useful tool LINK
    if your font size is this small i'll add you to my ignore list because you're wasting my time, OK?

  3. Software & Hardware   -   #3
    Mullyman's Avatar Poster
    Join Date
    Jan 2004
    Location
    Canada
    Posts
    233
    You are using an older version of HJT..download new version from here..http://www.majorgeeks.com/download3155.html the first entries must be removed in safe-mode(reboot and tap f8)..locate the file and delet manually...the following entries run HJT then place a check mark beside them and hit the fix button..post a fresh log when completed.

    Manually Remove:
    C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    C:\WINDOWS\atlst.exe

    C:\WINDOWS\system32\ieyw.exe

    Remove With HJT:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\roqsj.dll/sp.html#37049

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\roqsj.dll/sp.html#37049

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://roqsj.dll/index.html#37049

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\roqsj.dll/sp.html#37049

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://roqsj.dll/index.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\roqsj.dll/sp.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\roqsj.dll/sp.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://roqsj.dll/index.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\roqsj.dll/sp.html#37049

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\roqsj.dll/sp.html#37049

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    O2 - BHO: (no name) - {C0AB6C34-D1BC-32E6-9A1B-1F47822FD32E} - C:\WINDOWS\system32\mfcuh.dll

    O4 - HKLM\..\Run: [atlus32.exe] C:\WINDOWS\system32\atlus32.exe

    O4 - HKLM\..\Run: [winan.exe] C:\WINDOWS\system32\winan.exe

    O4 - HKLM\..\Run: [ieyw.exe] C:\WINDOWS\system32\ieyw.exe

    O4 - HKLM\..\RunOnce: [atlst.exe] C:\WINDOWS\atlst.exe

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

    Do you know the IP or Domain '207.44.140.102 64.191.22.247'? If not, fix this entry.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8CC19F6-A7AF-4B76-86B9-CD829EF70413}: NameServer = 207.44.140.102 64.191.22.247
    DEMO'S WORLD
    Knowledge And Wisdom Are Gained By Listening And Observing And Knowing When To Keep Your Fucking Mouth Shut!!!!

  4. Software & Hardware   -   #4
    Filliz's Avatar ______________
    Join Date
    Apr 2004
    Age
    37
    Posts
    1,577
    Isn't backweb used by Logitech?
    I think it is.
    Logitech uses it to check for updates for their hardware.

    backweb-8876480.exe is a process that comes with the Logitech products software. It manages the automatic update check as well as providing you with new for the latest offers and products from Logitech. This is a non-essential process. Disabling or enabling this is down to user preference.
    Source
    Last edited by Filliz; 10-29-2004 at 06:25 PM. Reason: info

    hmm...asspie

  5. Software & Hardware   -   #5
    Mullyman's Avatar Poster
    Join Date
    Jan 2004
    Location
    Canada
    Posts
    233
    Yes it is used by logitech...it just leaves your PC open to vulnerabilities and for the amount of updates that logitech has..it is safer just to go to their site the same applies for new products and offers..backweb serves no useful purpose...basically it is ad-aware.
    DEMO'S WORLD
    Knowledge And Wisdom Are Gained By Listening And Observing And Knowing When To Keep Your Fucking Mouth Shut!!!!

  6. Software & Hardware   -   #6
    Thanks very much for the help, Mullyman. It seems to be working properly for now! :beerchug:

    Got rid of the Logitech thing in the end. I heard there were a few variants of it and I didn't like what I was reading.


    Here's my new log:

    Logfile of HijackThis v1.98.2
    Scan saved at 20:11:48, on 29/10/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    E:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    D:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    D:\Program Files\NoAds\NoAds.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    D:\Webroot\Washer\wwDisp.exe
    C:\Documents and Settings\John A Dickson\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [TaskTray] D:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [Taskbar] D:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    O4 - HKCU\..\Run: [NoAds] "d:\Program Files\NoAds\NoAds.exe"
    O4 - HKCU\..\Run: [Trod] C:\Documents and Settings\John A Dickson\Application Data\darb.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [Window Washer] D:\Webroot\Washer\wwDisp.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.es/activescan/as/asinst.cab

    Thanks again, it's very much appreciated!
    We can't stop here... this is bat country

  7. Software & Hardware   -   #7
    Mullyman's Avatar Poster
    Join Date
    Jan 2004
    Location
    Canada
    Posts
    233
    You have couple more left ...run HJT and fix them
    .
    R3 - Default URLSearchHook is missing

    O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
    Last edited by Mullyman; 10-29-2004 at 07:31 PM.
    DEMO'S WORLD
    Knowledge And Wisdom Are Gained By Listening And Observing And Knowing When To Keep Your Fucking Mouth Shut!!!!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •