Home Page Hijinks

L

LMV

I clicked on my home page but instead it went to some
unknown address. The screen showed a message that said
something about checkers. I used hijack this! and this is
my logfile. Is there anything wrong here?
Logfile of HijackThis v1.97.7
Scan saved at 11:00:20 AM, on 4/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\Leonardo\Local
Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://comcast.net/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft Internet Explorer
provided by Comcast
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchAssistant = ,
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - C:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32
\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32
\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check]
C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunV
alue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program
Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program
Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program
Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\navapw32.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program
Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C80 Series]
C:\WINNT\System32\spool\DRIVERS\W32X86\3
\E_A10IC2.EXE /P23 "EPSON Stylus C80
Series" /O6 "USB001" /M "Stylus C80"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\WebshotsTray.exe
O4 - Global Startup: TFTP4060
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys
Class) -
https://support.gateway.com/support/contact/formassist.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director
/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.inf
o.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/08517b101b2620214f18/netzip/RdxIE2.ca
b
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.inf
o.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35}
(RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecal
l.antivirus.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1}
(StartFirstControl.CheckFirst) -
hcp://system/StartFirstControl.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid
Class) -
https://support.gateway.com/support/serialharvest/gwCID.CA
B
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} -
http://64.157.10.150/diallerfiles/024920.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
glou1.nj.home.com
O17 - HKLM\Software\..\Telephony: DomainName =
glou1.nj.home.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
glou1.nj.home.com
 
M

Martin C

There are many Forums that offer Free "Hijack This" log review.
http://www.spywareinfo.com/forums/
http://www.dslreports.com/forum/security,1
http://www.computercops.biz/forums.html
http://www.cybertechhelp.com/forums/index.php
http://boards.cexx.org/
http://forums.net-integration.net/
http://forum.mvps.org/
http://www.wilderssecurity.com/index.php
http://www.lavasoftsupport.com

Take your pick - they all offer excellent support -

Martin



LMV said:
I clicked on my home page but instead it went to some
unknown address. The screen showed a message that said
something about checkers. I used hijack this! and this is
my logfile. Is there anything wrong here?
Logfile of HijackThis v1.97.7
Scan saved at 11:00:20 AM, on 4/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\Leonardo\Local
Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://comcast.net/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft Internet Explorer
provided by Comcast
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchAssistant = ,
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - C:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32
\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32
\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check]
C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunV
alue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program
Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program
Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program
Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\navapw32.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program
Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C80 Series]
C:\WINNT\System32\spool\DRIVERS\W32X86\3
\E_A10IC2.EXE /P23 "EPSON Stylus C80
Series" /O6 "USB001" /M "Stylus C80"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\WebshotsTray.exe
O4 - Global Startup: TFTP4060
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys
Class) -
https://support.gateway.com/support/contact/formassist.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director
/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.inf
o.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/08517b101b2620214f18/netzip/RdxIE2.ca
b
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.inf
o.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35}
(RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecal
l.antivirus.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1}
(StartFirstControl.CheckFirst) -
hcp://system/StartFirstControl.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid
Class) -
https://support.gateway.com/support/serialharvest/gwCID.CA
B
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} -
http://64.157.10.150/diallerfiles/024920.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
glou1.nj.home.com
O17 - HKLM\Software\..\Telephony: DomainName =
glou1.nj.home.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
glou1.nj.home.com
Click to expand...
 
H

H Leboeuf

MyBar.dll from this parasite.
MySearch http://www.doxdesk.com/parasite/MySearch.html
--

There may be others, first run these tools.

Get AdAware and SpyBot and run them both. Keep them up to date.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm


Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
** NOTE NEW ADDRESS **
Pages at generation.net will no longer be updated.
===
LMV said:
I clicked on my home page but instead it went to some
unknown address. The screen showed a message that said
something about checkers. I used hijack this! and this is
my logfile. Is there anything wrong here?
Logfile of HijackThis v1.97.7
Scan saved at 11:00:20 AM, on 4/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\Leonardo\Local
Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://comcast.net/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft Internet Explorer
provided by Comcast
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchAssistant = ,
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - C:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-
14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32
\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32
\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check]
C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunV
alue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program
Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program
Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program
Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\navapw32.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program
Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C80 Series]
C:\WINNT\System32\spool\DRIVERS\W32X86\3
\E_A10IC2.EXE /P23 "EPSON Stylus C80
Series" /O6 "USB001" /M "Stylus C80"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\WebshotsTray.exe
O4 - Global Startup: TFTP4060
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys
Class) -
https://support.gateway.com/support/contact/formassist.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director
/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.inf
o.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/08517b101b2620214f18/netzip/RdxIE2.ca
b
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.inf
o.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35}
(RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecal
l.antivirus.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1}
(StartFirstControl.CheckFirst) -
hcp://system/StartFirstControl.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid
Class) -
https://support.gateway.com/support/serialharvest/gwCID.CA
B
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} -
http://64.157.10.150/diallerfiles/024920.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
glou1.nj.home.com
O17 - HKLM\Software\..\Telephony: DomainName =
glou1.nj.home.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
glou1.nj.home.com
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HijackThis Log vs. i-lookup.com 9
hiJackthis Help 2
Home Page Problems - Tried Everything? 2
IE Shuts down regularly 12
Not able to open multiple IE windows 4
IE searches re directed to Morwill 1
Search Engine Question 1
Problem searching on google and other sites 1

Top