|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
May 27th, 2004, 01:59 PM
|
|||
|
|||
Help: "Search-findall" "Searchmeup" Hijack Problem
Hi Everyone!
I need help because my browser has been hijacked. My startup is fine, since the homepage opens where I want, at "Google". However, when I open a new browser window, or click on "Home", the page opens at "Search-Findall", which links to www.searchmeup.com. I have tried running AdAware, Spybot Search & Destroy, CWShredder, Norton Anti-Virus, and HijackThis. AdAware seemed to lock-up, so I uninstalled it. I found some references to "search-findall" in HijackThis, but only deleted the R1 and R0 items. That did not work, and the references to "search-findall" returned immediately. I also tried to delete these references in regedit, but, again, I could not delete or modify them. Here is a copy of my HijackThis log: Logfile of HijackThis v1.97.7 Scan saved at 1:58:12 PM, on 5/27/04 Platform: Windows 98 Gold (Win9x 4.10.199  MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSJVXD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\DOWNLOADED PROGRAM FILES\2.EXE C:\PROGRAM FILES\SUPERCLEANER\SUPERCLEANER.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS1977[1]\HIJACKTHIS.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-findall.com/findall.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-findall.com/index.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-findall.com/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-findall.com/findall.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search-findall.com/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search-findall.com/findall.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-findall.com/findall.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-findall.com/findall.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\SYMPAT~1\ACCESS~1\APP\ENTERNET.EXE -AutoStart O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [PopUpKiller] C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [applc] C:\WINDOWS\DOWNLOADED PROGRAM FILES\2.EXE O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE O4 - HKCU\..\Run: [SuperCleaner] "C:\PROGRAM FILES\SUPERCLEANER\SUPERCLEANER.EXE" /h/b O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/12c84df14f8c1e9...tzip/RdxIE.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7910.952349537 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16efcbb0659add1...p/RdxIE601.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab I would appreciate any help you can provide. Thanks. |
|
#2
May 27th, 2004, 02:03 PM
|
||||
|
||||
|
Re: Help: "Search-findall" "Searchmeup" Hijack Problem
Hi starshine,
Have only HijackThis running and fix : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-findall.com/findall.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-findall.com/index.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-findall.com/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-findall.com/findall.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search-findall.com/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search-findall.com/findall.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-findall.com/findall.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-findall.com/findall.html O4 - HKLM\..\Run: [applc] C:\WINDOWS\DOWNLOADED PROGRAM FILES\2.EXE O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/12c84df14f8c1e...etzip/RdxIE.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16efcbb0659add...ip/RdxIE601.cab Restart PC afterdoing so in Safe Mode : Here's How and remove : C:\WINDOWS\DOWNLOADED PROGRAM FILES\2.EXE <- this file (if still present) C:\Program Files\Internet Explorer\IEengine.exe <- this file Clean temp internet files Restart again in normal mode Update IE to the latest patches at windowsupdate.com Hope this helps Cheers,
__________________
TonyKlein's "How can I be better protected?" |
|
#3
May 27th, 2004, 02:54 PM
|
|||
|
|||
|
Re: Help: "Search-findall" "Searchmeup" Hijack Problem
Hi Unzy, and thank you very much for your quick reply.
I tried your suggestions, but the problem remains. Perhaps it is my fault but, in safe-mode, I could not remove the files you mentioned. When I tried to delete C:\WINDOWS\DOWNLOADED PROGRAM FILES\2.EXE I got a message saying the file could not be deleted because the file path was being used by Windows. I could not locate the other file, C:\Program Files\Internet Explorer\IEengine.exe. I get the feeling I should be making changes to the registry because I do see quite a few references to "search-findall" there. The problem is, the registry won't let me make the changes. Any suggestions? |
|
#4
May 27th, 2004, 02:59 PM
|
|||
|
|||
|
Re: Help: "Search-findall" "Searchmeup" Hijack Problem
Sorry, I should have pasted a copy of the udated HijackThis log, so you can see that the "search-findall" files are still on my computer.
Logfile of HijackThis v1.97.7 Scan saved at 2:59:36 PM, on 5/27/04 Platform: Windows 98 Gold (Win9x 4.10.199 MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSJVXD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\DOWNLOADED PROGRAM FILES\2.EXE C:\PROGRAM FILES\SUPERCLEANER\SUPERCLEANER.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS1977[1]\HIJACKTHIS.EXE C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS1977[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-findall.com/findall.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-findall.com/index.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-findall.com/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-findall.com/findall.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search-findall.com/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search-findall.com/findall.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-findall.com/findall.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-findall.com/findall.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\SYMPAT~1\ACCESS~1\APP\ENTERNET.EXE -AutoStart O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [PopUpKiller] C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [applc] C:\WINDOWS\DOWNLOADED PROGRAM FILES\2.EXE O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE O4 - HKCU\..\Run: [SuperCleaner] "C:\PROGRAM FILES\SUPERCLEANER\SUPERCLEANER.EXE" /h/b O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7910.952349537 O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab Any help is appreciated. Thank you. |
|
#5
May 27th, 2004, 07:46 PM
|
|||
|
|||
|
Re: Help: "Search-findall" "Searchmeup" Hijack Problem
Hello Everyone:
I repeated the steps suggested by Unzy to fix/remove the selected items in HijackThis (i.e. ran it a second and third time). I also tried something else, which may, or may not, have helped: I went into Tools, Internet Options, Home Page and entered "Use Blank". I then restarted my computer and changed the home page. I don't know what exactly I did right this time, but so far so good. I ran HijackThis again, and all traces of "search-findall" have disappeared. I'm sure Unzy's advice was really the solution, not my "tinkering" around. Thank you Unzy. I will let everyone know if the problem returns. Here is the latest log file: Logfile of HijackThis v1.97.7 Scan saved at 7:36:00 PM, on 5/27/04 Platform: Windows 98 Gold (Win9x 4.10.199 MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSJVXD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\SUPERCLEANER\SUPERCLEANER.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS1977[1]\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\SYMPAT~1\ACCESS~1\APP\ENTERNET.EXE -AutoStart O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [PopUpKiller] C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE O4 - HKCU\..\Run: [SuperCleaner] "C:\PROGRAM FILES\SUPERCLEANER\SUPERCLEANER.EXE" /h/b O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7910.952349537 O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab |
|
#6
May 28th, 2004, 06:41 AM
|
||||
|
||||
|
Re: Help: "Search-findall" "Searchmeup" Hijack Problem
It looks good now, but you really should get your Windows and IE updated.
Please read: Why did I get infected in the first place Regards, Pieter
__________________
Regards, Pieter It´s nice to be important, but it´s more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
