Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > topsearcher on desktop

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

topsearcher on desktop

Reply to Message Icon

Name: Sylvia Brown
Date: July 16, 2003 at 19:58:43 Pacific
OS: Windows 2000
CPU/Ram: HP/4.01 GB
Comment:

Somehow topsearcher.com has made its way to our desktop. It has created a rectangle icon about an inch long that either sits in the upper right-hand corner of our screen or in the left-hand corner, on top of our other icons. It says simply, "Search the Web!" and "Top Searches." When I do a search using this browser, I see topsearcher.com at the top of my screen. I've tried using spybot, ad-aware and Norton to get rid of it. Help!

For someone who has grappled with two such problems in the past month, what is the best way to protect our computer from these hackers?

Thanks.




Sponsored Link
Ads by Google

Response Number 1
Name: wawadave
Date: July 16, 2003 at 20:05:56 Pacific
Reply:

hello
spyware blaster works for most. and spybot search and destory. and theres a homepage hijacker preventer at same place as first two i dont rember the name prehapps capt. or some one can post it thx.


0

Response Number 2
Name: suzi
Date: July 16, 2003 at 20:22:25 Pacific
Reply:

Download and run the program called HijackThis per the instruction in the link:

http://www.tomcoyote.org/hjt/

Then copy and paste the log it generates into a post and someone will troubleshoot it for you. That will identify the source of the problem and how to get rid of it.

SpywareBlaster will prevent most browser hijackings and unwanted installations of junk.

See this page for more info and links to download SpywareBlaster and more tools to protect your computer:

http://www.spywareinfo.com/downloads.php


0

Response Number 3
Name: Sylvia Brown
Date: July 17, 2003 at 17:44:42 Pacific
Reply:

Here's what HijackThis turned up. We already deleted some jeetseeker and hunsyellowpages files.

Logfile of HijackThis v1.95.1
Scan saved at 7:43:21 PM, on 7/17/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\xl.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\qttask.exe
C:\winnt\system32\task32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\mshta.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WinZip\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nytimes.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://waldo.library.nashville.org:8080/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [Run32dll] c:\winnt\system32\task32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [system] C:\systemsearch.hta
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .vbs: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37808.5637037037
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

We also have mIRC on our computer and have read that can be dangerous, too. Any advice in getting rid of that?

Thanks again.


0

Response Number 4
Name: textus7
Date: July 18, 2003 at 06:27:27 Pacific
Reply:

Hi,

I have the same issue. I tried PestControl, McAfee quick clean, McAffee Virus Scan, SpyBot, Ad Aware, but no luck... Please help the newbie..


0

Response Number 5
Name: Abnormal
Date: July 18, 2003 at 19:42:06 Pacific
Reply:

Spyware and Hijackware Removal Support at
http://www.spywareinfo.com/forums/ can help
read your hijack this, log.


0

Related Posts

See More



Response Number 6
Name: Tom41
Date: July 19, 2003 at 01:56:25 Pacific
Reply:

Hi Sylvia, Run HT again and check the following item. Next, close all browser Windows, and have HT fix all checked.

You NEED to restart your computer when you're done.

O4 - HKLM\..\Run: [system] C:\systemsearch.hta

After rebooting delete the following file:

C:\systemsearch.hta



0

Response Number 7
Name: Sylvia Brown
Date: July 20, 2003 at 11:15:24 Pacific
Reply:

Thanks, Tom41! It worked! One more question. We have mIRC on our computer and have read that can be dangerous, too. We can't figure out how to remove it. Any advice?


0

Response Number 8
Name: Tom41
Date: July 21, 2003 at 10:43:35 Pacific
Reply:

Hi Sylvia, I just looked at your Hijack log again and you have an mIRC trojan:

O4 - HKLM\..\Run: [Run32dll] c:\winnt\system32\task32.exe

There is also two other suspicious entries running as processes:

C:\WINNT\System32\xl.exe
C:\WINNT\System32\mshta.exe

Do this, Go here and run an online virus scan: RAV Let me know the results.

Run HT again and check the following item. Next, close all browser Windows, and have HT fix checked.

You NEED to restart your computer when you're done.

O4 - HKLM\..\Run: [Run32dll] c:\winnt\system32\task32.exe

After restarting delete:
c:\winnt\system32\task32.exe

To remove mIRC, just delete the mIRC folder.


0

Response Number 9
Name: TooManyLateNights
Date: July 25, 2003 at 06:07:15 Pacific
Reply:

I'm pretty sure that the xl.exe file is associated with a downloaded version of Norton Antivirus as it's used with the Symantec Product Activation feature. The Product Activation, implemented through the Digital Rights Management (DRM) feature, is an anti-piracy technology designed to verify that Symantec's software products have been legitimately licensed.

Mshta.exe is a Microsoft HTML application and part of the operating system though it doesn't have one of those "cute" MS icons associated with it.


0

Response Number 10
Name: Nick Minglis
Date: July 29, 2003 at 19:04:19 Pacific
Reply:

I have topsearcher on my desktop also. This is the file HT generated.

Logfile of HijackThis v1.95.1
Scan saved at 9:57:57 PM, on 7/29/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\mshta.exe
C:\windows\winlogon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell Modem-On-Hold\MOH.exe
C:\Program Files\Bluelight\spinwin.exe
C:\Program Files\Bluelight\SpinHelp.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://approvedlinks.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/search.php?qq=%s (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\,HomeOldSP = http://approvedlinks.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\winshow.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - C:\WINDOWS\SYSTEM32\shdocvw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E789A4AC-49C1-4E17-A36D-564273ECB0BD}: NameServer = 209.244.0.3 209.244.0.4

Thanks - Nick


0

Response Number 11
Name: Setter
Date: August 9, 2003 at 00:00:21 Pacific
Reply:

Hi Nick Minglis,

Run an updated Spybot Search and Destroy ( http://security.kolla.de/ ) and fix all items in RED and reboot. Then after closing all browser windows, fix the items listed below that are remaining using HijackThis and then reboot again.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://approvedlinks.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/search.php?qq=%s (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\,HomeOldSP = http://approvedlinks.com/

O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\winshow.dll
Winshow/Searchv.com hijacker – See http://www.doxdesk.com/parasite/Winshow.html

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - C:\WINDOWS\SYSTEM32\shdocvw.dll
TinyBar – See http://www.doxdesk.com/parasite/TinyBar.html


--------------
For the future see: So how did I get infected in the first place? http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051 In addition to using SpywareBlaster (mentioned in the thread) I would also use SpywareGuard http://www.wilderssecurity.net/spywareguard.html

Four of the most recommended anti-spyware programs are SpywareBlaster and SpywareGuard and Spybot S&D and Ad-aware. If you install all four programs, keep them updated, and scan with Spybot S&D and Ad-aware periodically, you will be fairly well-protected from spyware.

Thought I would mention that SpywareGuard includes a browser hijack stopper (Javacool calls it Browser Hijack Blaster) that protects your system from browser hijackers and spyware that alters your Internet Explorer settings.

Good Luck!


0

Response Number 12
Name: jpers
Date: August 19, 2003 at 13:33:05 Pacific
Reply:

Recommend anyone reading this thread also review the below URL(long&nasty - watch the wrap!) as it contains info/explaination of MSHTA.exe-as-a-service - an exploit afflicting the original poster of this thread (Silvia Brown) and currently undetected by most of malware scanners mentioned here.

http://www.metaproducts.com/mp/mpSupport_User_Forums_Message.asp?id=3401&topic=22&topicname=Download%20Express


0

Response Number 13
Name: Aki Myyra
Date: August 30, 2003 at 04:19:46 Pacific
Reply:

Hi.
I have the same problem as Sylvia, but my Hijack This log didn't have the component she was advised to remove. Could someone help me and tell me what I should do? Here's the log file:

Logfile of HijackThis v1.96.2
Scan saved at 14:17:07, on 30.8.2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\OHJELMATIEDOSTOT\SYGATE\SPF\SMC.exe
C:\OHJELMATIEDOSTOT\ALWIL SOFTWARE\AVAST4\ASHSERV.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\OHJELMATIEDOSTOT\ALWIL SOFTWARE\AVAST4\ASHMAISV.exe
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.exe
C:\OHJELMATIEDOSTOT\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\OHJELMATIEDOSTOT\INTERNET EXPLORER\IEXPLORE.exe
C:\HIJACKTHIS\HIJACKTHIS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topsearcher.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kuokkalankotiseurakunta.net/info/cgi-bin/yabb/YaBB.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.topsearcher.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.topsearcher.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\OHJELMATIEDOSTOT\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\OHJELM~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SmcService] C:\OHJELM~1\SYGATE\SPF\SMC.exe -startgui
O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [ashMaiSv] C:\OHJELM~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [spp] regedit -s C:\spp.reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\OHJELMATIEDOSTOT\SYGATE\SPF\SMC.exe
O4 - HKLM\..\RunServices: [avast!] C:\Ohjelmatiedostot\Alwil Software\Avast4\ashserv.exe
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.exe
O4 - Startup: Microsoft Office.lnk = C:\Ohjelmatiedostot\Office10\OSA.exe
O8 - Extra context menu item: Search Using Copernic Agent - C:\Ohjelmatiedostot\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OHJELM~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37629.0938541667
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/uk/TemplateGallery/msotd.cab

THANKS A MILLION!


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: topsearcher on desktop
Topsearch on desktop www.computing.net/answers/security/topsearch-on-desktop/5816.html

Topsearch on desktop www.computing.net/answers/security/topsearch-on-desktop/5692.html

Hot teens incon on desktop www.computing.net/answers/security/hot-teens-incon-on-desktop/10797.html