Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Search Result Hijack

Started by Mel Irwin , Mar 30 2009 03:47 PM

  • Please log in to reply

#1
Mel Irwin
Posted 30 March 2009 - 03:47 PM

Mel Irwin

    New Member

  • Member
  • Pip
  • 1 posts
first time poster with a problem that seems to be troubling a few users. After doing a Google search I click on one of my results and get hijacked to a seemingly random site. Using the "Back" button gets me to the originally selected site (from the search results.) I've run Malwarebytes (from our 'X' drive since I can't seem to update defs on the copy I have on my machine) and Norton AV Corp Ed.

Below is the log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:46 PM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\defwatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Norton AntiVirus\rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office 2000\Office\OUTLOOK.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A98439D7-9FEB-4608-9F4B-144E456C319C} - C:\WINDOWS\system32\vtUmNDTM.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EFI Job Monitor] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.dll,run
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03A89EFD-E023-A100-A22D-45F77558EB4C} (ILINCInstall101 Class) - https://content10.il...XCltInstall.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...w.viewpoint.com
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmai..._downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (NOXLATE) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/...ersion=1,0,0,10
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileop...nt/FileOpen.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{842B4C07-2F0D-4FAE-BBDC-6F80CFA23FE3}: NameServer = 68.64.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{842B4C07-2F0D-4FAE-BBDC-6F80CFA23FE3}: NameServer = 68.64.156.1,68.94.157.1
O18 - Protocol: pm - {A479F961-CC9E-11D0-A220-000000000000} - C:\PROGRA~1\buzzsaw.com\common\PMPROT~2.DLL
O20 - AppInit_DLLs: etkmjo.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton AntiVirus\defwatch.exe
O23 - Service: Google Update Service (gupdate1c9938960b8a108) (gupdate1c9938960b8a108) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton AntiVirus\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9072 bytes


AND my startup log:

StartupList report, 3/30/2009, 2:56:26 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16762)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\defwatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Norton AntiVirus\rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office 2000\Office\OUTLOOK.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

vptray = C:\Program Files\Norton AntiVirus\vptray.exe
Synchronization Manager = %SystemRoot%\system32\mobsync.exe /logon
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
SigmatelSysTrayApp = stsystra.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
EFI Job Monitor = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.dll,run
MalwareRemovalBot = C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=etkmjo.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - AutorunsDisabled
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\WINDOWS\system32\vtUmNDTM.dll (file missing) - {A98439D7-9FEB-4608-9F4B-144E456C319C}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Google Software Updater.job
GoogleUpdateTaskMachine.job
hwgayhvl.job
MalwareRemovalBot Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.micros...tes/ieawsdc.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[ILINCInstall101 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AXCltInstall.dll
CODEBASE = https://content10.il...XCltInstall.dll

[{03F998B2-0E00-11D3-A498-00104B6EB52E}]

[AlternaTIFF ActiveX]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\alttiff.ocx
CODEBASE = http://www.alternati.../00/alttiff.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab

[LinkedIn ContactFinderControl]
InProcServer32 = C:\WINDOWS\DOWNLO~1\LINKED~1.DLL
CODEBASE = http://www.linkedin....nderControl.cab

[PopCapLoaderCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll
CODEBASE = http://zone.msn.com/...pcaploader1.cab

[AtlAtomadersCtlAttrib Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Atomaders.dll
CODEBASE = http://zone.msn.com/...t/atomaders.cab

[AcDcToday Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX
CODEBASE = file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx

[MJLauncherCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\mjolauncher.dll
CODEBASE = http://zone.msn.com/...mjolauncher.cab

[Closet Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CMAIDCTL.OCX
CODEBASE = http://vsp.closetmai..._downloader.cab

[MSN Games - Installer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://cdn2.zone.msn...ro.cab56649.cab

[NOXLATE]
InProcServer32 = C:\WINDOWS\DOWNLO~1\InstFred.ocx
CODEBASE = file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx

[AstoundLauncher Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ASTOUN~1.OCX
CODEBASE = http://zone.msn.com/...ersion=1,0,0,10

[FoInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FileOpenInstall.dll
CODEBASE = http://plugin.fileop...nt/FileOpen.CAB
OSD = C:\WINDOWS\Downloaded Program Files\FileOpenInstall.OSD

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[AcPreview Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX
CODEBASE = file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx

[CPlayFirstSweetopiaControl Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.46.dll
CODEBASE = http://zone.msn.com/...ia.1.0.0.46.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\system32\setup_u.exex||C:\_.t||C:\WINDOWS\system32\setup_u.exex||C:\_.t||C:\_.t||C:\_.t||c:\windows\system32\OLD1A05.tmp|||.

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 10,961 bytes
Report generated in 0.079 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Please help - I can't stand it when I get resolve these things myself but I'm stuck - Thanks!!!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP