Unwanted Favorites on Boot(Porn Site and Search site)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Yabber

Thread Starter
Joined
Dec 8, 2003
Messages
4
Unwanted Favorites on Boot(Porn Site and Search site)
Already ran Spybot.
Can any one help with clearing up this problem?
How can it be avoided in the future?
Here is my scan...

Logfile of HijackThis v1.97.7
Scan saved at 8:14:40 PM, on 12/8/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
D:\PROGRAM FILES\AVKSERVICE.EXE
D:\PROGRAM FILES\AVKWCTL9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\OAKTASK.EXE
D:\PROGRAM FILES\OAK SIMPLICD REWRITE\IWCTRL.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\HOMENETWORK\ICMMONITOR.EXE
D:\PROGRAM FILES\AVKPOP.EXE
D:\GREETINGS WORKSHOP\GWREMIND.EXE
D:\OFFICE\FINDFAST.EXE
D:\PROGRAM FILES\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETZERO\ZCAST.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\CHKRAS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\epspmgr4.exe
C:\WINDOWS\SYSTEM\epdsplr4.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://66.98.142.163/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://66.98.142.163
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://66.98.142.163/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.98.142.163/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://66.98.142.163/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://66.98.142.163/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://66.98.142.163/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://66.98.142.163/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.98.142.163/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZDNet
O2 - BHO: (no name) - {CBB0A6A0-8430-11D4-814D-0050047090B1} - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OAKSTART] D:\PROGRA~1\OAKSTART.EXE
O4 - HKLM\..\Run: [OAKTASK] D:\PROGRA~1\OAKTASK.EXE
O4 - HKLM\..\Run: [IW Controlcenter] D:\PROGRA~1\OAKSIM~1\IWCTRL.EXE
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\FONTS\msoffice.hta
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [ICMMonitor] C:\PROGRAM FILES\HOMENETWORK\ICMMonitor.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ICMEngine] C:\PROGRAM FILES\HOMENETWORK\ICM.EXE -9Xservice
O4 - HKLM\..\RunServices: [AVKService] D:\PROGRA~1\AVKSER~1.EXE
O4 - HKLM\..\RunServices: [AVKWCtl] D:\PROGRA~1\AVKWCTL9.EXE
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Startup: Greetings Workshop Reminders.lnk = D:\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Office\FINDFAST.EXE
O4 - Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1C1F0DCD-9910-11D3-A7DB-0060083317AA} (ReaderX Class) - http://12.33.160.35/jrx/readerx-1-0-0-63.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37763.8223842593
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Click on the link below to download CWshredder
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run the program and let it do it's thing.

Make sure you follow the advice about the security updates listed at the bottom of the page, in order to

prevent re-infection.


Next:

Download Spybot http://tomcoyote.org/SPYBOT/index1.php

Make sure to follow the instructions for updates prior to running the scan.

Click on "Search For updates" After the search has completed, the available Updates will be listed. Choose which Updates you would like to Download. Click "Download updates." The Updates will self install. The screen will change again.
Sometimes the Default Download Location will produce an Error. If that happens, look in the right panel. There you will find a small arrow next to the name of the current Download site. Click on it for a list of alternate sites. One of those should be able to retrieve the files you have selected.

Reboot and download AdAware http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the webupdate.

Reboot and post another HJT log and let's see what's left.
 

Yabber

Thread Starter
Joined
Dec 8, 2003
Messages
4
It seems that Shredder cleaned up a few things including the objectionable Items in the Favorites List and the redirected Home Page. I ran all programs and updates as advised. Her's my latest HJT scan. I see a reference to "Explorer\Main,Start Page= http://www.sex-true.com/search/
Because my isp is Net0, my set home page does not normally get opened. I did check the home page(Explorer,Properties)and reset it to Yahoo. That has remained after a reboot or two. I don't understand the sex-true thing...

Logfile of HijackThis v1.97.7
Scan saved at 6:30:30 PM, on 12/11/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
D:\PROGRAM FILES\AVKSERVICE.EXE
D:\PROGRAM FILES\AVKWCTL9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\OAKTASK.EXE
D:\PROGRAM FILES\OAK SIMPLICD REWRITE\IWCTRL.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\HOMENETWORK\ICMMONITOR.EXE
D:\GREETINGS WORKSHOP\GWREMIND.EXE
D:\OFFICE\FINDFAST.EXE
D:\PROGRAM FILES\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\1STSPYPROG\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sex-true.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZDNet
O2 - BHO: (no name) - {CBB0A6A0-8430-11D4-814D-0050047090B1} - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OAKSTART] D:\PROGRA~1\OAKSTART.EXE
O4 - HKLM\..\Run: [OAKTASK] D:\PROGRA~1\OAKTASK.EXE
O4 - HKLM\..\Run: [IW Controlcenter] D:\PROGRA~1\OAKSIM~1\IWCTRL.EXE
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [ICMMonitor] C:\PROGRAM FILES\HOMENETWORK\ICMMonitor.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ICMEngine] C:\PROGRAM FILES\HOMENETWORK\ICM.EXE -9Xservice
O4 - HKLM\..\RunServices: [AVKService] D:\PROGRA~1\AVKSER~1.EXE
O4 - HKLM\..\RunServices: [AVKWCtl] D:\PROGRA~1\AVKWCTL9.EXE
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Startup: Greetings Workshop Reminders.lnk = D:\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Office\FINDFAST.EXE
O4 - Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1C1F0DCD-9910-11D3-A7DB-0060083317AA} (ReaderX Class) - http://12.33.160.35/jrx/readerx-1-0-0-63.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37964.8046296296
 
Joined
Jul 26, 2002
Messages
46,331
Run Hijack This again and put a check by these. Close all windows except HijackThis and "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sex-true.com/search/

O2 - BHO: (no name) - {CBB0A6A0-8430-11D4-814D-0050047090B1} - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL__SpybotSDDisabled (file missing)

Restart.
 

Yabber

Thread Starter
Joined
Dec 8, 2003
Messages
4
Every thing is running well, no unwanted favorites,home pages.
Here is my latest scan:
Logfile of HijackThis v1.97.7
Scan saved at 8:33:34 PM, on 12/16/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
D:\PROGRAM FILES\AVKSERVICE.EXE
D:\PROGRAM FILES\AVKWCTL9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\OAKTASK.EXE
D:\PROGRAM FILES\OAK SIMPLICD REWRITE\IWCTRL.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\HOMENETWORK\ICMMONITOR.EXE
D:\GREETINGS WORKSHOP\GWREMIND.EXE
D:\OFFICE\FINDFAST.EXE
D:\PROGRAM FILES\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETZERO\ZCAST.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\CHKRAS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\READER\ACRORD32.EXE
C:\WINDOWS\DESKTOP\1STSPYPROG\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZDNet
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OAKSTART] D:\PROGRA~1\OAKSTART.EXE
O4 - HKLM\..\Run: [OAKTASK] D:\PROGRA~1\OAKTASK.EXE
O4 - HKLM\..\Run: [IW Controlcenter] D:\PROGRA~1\OAKSIM~1\IWCTRL.EXE
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [ICMMonitor] C:\PROGRAM FILES\HOMENETWORK\ICMMonitor.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ICMEngine] C:\PROGRAM FILES\HOMENETWORK\ICM.EXE -9Xservice
O4 - HKLM\..\RunServices: [AVKService] D:\PROGRA~1\AVKSER~1.EXE
O4 - HKLM\..\RunServices: [AVKWCtl] D:\PROGRA~1\AVKWCTL9.EXE
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Startup: Greetings Workshop Reminders.lnk = D:\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Office\FINDFAST.EXE
O4 - Startup: Exif Launcher.lnk = D:\Program Files\QuickDCF.exe
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1C1F0DCD-9910-11D3-A7DB-0060083317AA} (ReaderX Class) - http://12.33.160.35/jrx/readerx-1-0-0-63.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37964.8046296296

If this looks good do I go through the same process on my second networked pc? (HomeFree phoneline type)98/2nd
I have Zone alarm on that one but but I have to use that pc exclusively or turn off Zone alarm to use the network.
Is it safe to have sharing between Cdrives?
Will the MS updates protect both pcs from hacker crap?
 
Joined
Jul 26, 2002
Messages
46,331
This one is clean.

Yes you need to clean up both PC's and apply the updates.

Post a Hijack This log from the other machine.
 

Yabber

Thread Starter
Joined
Dec 8, 2003
Messages
4
Yikes!!
Shortly after my last post, the weirdest thing happened.
I was going to burn some jpgs to a CD and all of a sudden the PC went black, although not that unusual with windows, this time it would not start back up. To make the story short, the "c" partition w/OS is not being recognized. I stuck in another drive as master,got that running, slaved the first drive. I can see the partition but can't access the contents. The other partition is ok. There is some info I wouldn't mind getting back. What can I do?

Here is the post of my latest scan of my "new" drive. Is it clean?
Logfile of HijackThis v1.97.7
Scan saved at 10:23:57 PM, on 1/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EXTENDIA ANTIVIRUS AVK\AVKSERVICE.EXE
C:\PROGRAM FILES\EXTENDIA ANTIVIRUS AVK\AVKWCTL9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETZERO\QS\EXEC.EXE
C:\PROGRAM FILES\NETZERO\QS\EXEC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.netzero.net/s/sp?r=al&cf=...000&D=0&I=6.0B5&L=g#6&M=920275200000&N=PL&O=A
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AVKService] C:\PROGRA~1\EXTEND~1\AVKSER~1.EXE
O4 - HKLM\..\RunServices: [AVKWCtl] C:\PROGRA~1\EXTEND~1\AVKWCTL9.EXE
O4 - Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free Zip Wizard\ThirtyDayTimer.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37988.2840162037
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top