Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Amazing Auto Search Hijack [CLOSED]


  • This topic is locked This topic is locked

#1
smoffo

smoffo

    New Member

  • Member
  • Pip
  • 8 posts
I know what I got, and pretty much what to get rid of, but I'm curious as to if there is anything else and if I have to enter Safe Mode for future reference.

Logfile of HijackThis v1.97.7
Scan saved at 8:55:09 PM, on 4/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RRIM\aim.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
C:\WINDOWS\System32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...cfm?division=41
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R3 - Default URLSearchHook is missing
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0911CF4A-5E5D-B654-318C-06239F6265A6} - C:\PROGRA~1\CREATI~1\the user.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: anti clock - {EF3C0B73-CD70-9807-953E-58FD9FB4794E} - C:\PROGRA~1\CREATI~1\the user.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Great web] C:\PROGRA~1\2LOGO~1\DARTDOWNLOAD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IM] C:\Program Files\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TimeLeft] C:\Program Files\TimeLeft\timeleft.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - Global Startup: IAMAPP.lnk = C:\Program Files\Norton Internet Security\IAMAPP.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt2_x.cab
O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C2D6C46-6602-11D4-A5E3-444553540000} (Alice Control) - http://www.skotos.ne...ame/Alice44.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7657.6161458333
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...wave/wtinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://media.toontow...7.12/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...290/mcfscan.cab
  • 0

Advertisements


#2
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.

Let's start with a couple of free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run Spybot Search & Destroy.

Next, download Ad-Aware. Using Ad-aware: Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. <_<

CLICK HERE to download Ad-aware
  • 0

#3
smoffo

smoffo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I've got Ad-aware, updated, and scanned right before. I've even deleted some programs, but failed to remove them from the registry. EX. wupdater/SAHAgent
  • 0

#4
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
We need to remove the pepper trojan. Download this file, run, and let terminate (it won't appear to have done much <_< ):
http://mjc1.com/file...page/uninst.exe
  • 0

#5
smoffo

smoffo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Removed. Curious, as it did not display much, what process did that eliminate?
  • 0

#6
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Please post a new hijackthis log and admin will take a look at it. This guy is the best, he'll be able to tell you which ones you need to fix <_<!
  • 0

#7
smoffo

smoffo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.97.7
Scan saved at 10:59:51 AM, on 4/15/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...cfm?division=41
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html

R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0911CF4A-5E5D-B654-318C-06239F6265A6} - C:\PROGRA~1\CREATI~1\the user.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: anti clock - {EF3C0B73-CD70-9807-953E-58FD9FB4794E} - C:\PROGRA~1\CREATI~1\the user.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Great web] C:\PROGRA~1\2LOGO~1\DARTDOWNLOAD.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IM] C:\Program Files\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TimeLeft] C:\Program Files\TimeLeft\timeleft.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - Global Startup: IAMAPP.lnk = C:\Program Files\Norton Internet Security\IAMAPP.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt2_x.cab
O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C2D6C46-6602-11D4-A5E3-444553540000} (Alice Control) - http://www.skotos.ne...ame/Alice44.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7657.6161458333
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...wave/wtinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://media.toontow...7.12/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...290/mcfscan.cab

In bold is the stuff that I know of. Anything else?
  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautoss...cfm?division=41
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautoss.../searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautoss.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautoss.../searchbar.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0911CF4A-5E5D-B654-318C-06239F6265A6} - C:\PROGRA~1\CREATI~1\the user.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: anti clock - {EF3C0B73-CD70-9807-953E-58FD9FB4794E} - C:\PROGRA~1\CREATI~1\the user.dll
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Great web] C:\PROGRA~1\2LOGO~1\DARTDOWNLOAD.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log. <_<
  • 0

#9
smoffo

smoffo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.97.7
Scan saved at 8:32:43 PM, on 4/15/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IM] C:\Program Files\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TimeLeft] C:\Program Files\TimeLeft\timeleft.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - Global Startup: IAMAPP.lnk = C:\Program Files\Norton Internet Security\IAMAPP.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt2_x.cab
O16 - DPF: Yahoo! Reversi - http://download.game...nts/y/rt0_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {4C2D6C46-6602-11D4-A5E3-444553540000} (Alice Control) - http://www.skotos.ne...ame/Alice44.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7657.6161458333
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...wave/wtinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://media.toontow...7.12/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...290/mcfscan.cab

All clean!
  • 0

#10
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Congratulations! Your system is CLEAN <_<

If everything seems to be working okay you can delete the Hijack This folder.

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.javacools...areblaster.html

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.
  • 0

#11
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP