Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have been trying to recover from a find4u hijack, and have found many postings here very helpful, I have followed much of the advise and have deleted the bogus winlogon along with lines hijackthis found pointing to find4u, and I finally got find4u to stop popping up. I still see some things in my log that I am not sure of like khooker.exe or AGRSMMSG.exe, here is both my latest hijackthis log and my recent spybot log, could you please tell me if anything still looks buggy, thanks in advance, Robert
Logfile of HijackThis v1.97.7
Scan saved at 11:19:18 PM, on 12/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\Program Files\Sony\giga pocket\ReserveModule.exe
C:\Program Files\SSC\NSCTOP.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\****** Silva\Desktop\AntiSpyware\new hijack\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://clinic.mcafee.com/clinic/vso/en-us/vso4/setexp.asp?register=yes&oemid=1794-656
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [VAIOSURVEY] C:\Program Files\Sony\VAIO Survey\SurveySA.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,71/mcinsctl.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.4526041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabSPYBOT LOG:
--- Report generated: 2003-12-15 01:42 ---
Alexa Related: What's related link (Replace file, fixed)
C:\WINDOWS\Web\related.htmAUpdate: Autorun settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SAUpdateAvenue A, Inc.: Tracking cookie or cookie of tracking site (File, fixed)
C:\Documents and Settings\Robert Silva\Cookies\robert silva@atdmt[1].txtBackWeb lite: File extension link (Registry key, fixed)
HKEY_CLASSES_ROOT\.bwpBackWeb lite: File extension link (Registry key, fixed)
HKEY_CLASSES_ROOT\bwpfileBackWeb lite: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\BackWebBackWeb lite: Interface ( (IBackWebChannel4_2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{025632A0-BCEC-11D1-8B35-00609761C47A}BackWeb lite: Interface ( (IBackWebDirectoryEntry)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0C6E0440-0B50-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebGeneralSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC3-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebSetup)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC7-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebInfoPakDownloadServices)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2DE07D90-DC04-11D0-A875-0000B43699FC}BackWeb lite: Interface ( (IBackWebSetup4)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3667E7B0-4F28-11D1-8ADB-00609761C47A}BackWeb lite: Interface ( (IBackWebChannelTableNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2F523082-5A0B-11D0-9B9C-444553540000}BackWeb lite: Interface ( (IBackWebSetupNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2F099AF0-6329-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWeb2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{23F43240-F78D-11D0-9A50-00AA004812C2}BackWeb lite: Interface ( (IBackWebStoryFieldCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{1D91D9E0-004B-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebDirectory)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{15030BC0-0B52-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebDisplaySettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC6-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebCommSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC5-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebDialerSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC4-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebExtension)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0F4FE440-983F-11D0-9B9C-444553540000}BackWeb lite: Interface ( (IBackWebDownloadTimeConstraintCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0D1F7C84-8123-11D0-B5CA-0000B43698D6}BackWeb lite: Interface ( (IBackWebDownloadTimeConstraint)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0D1F7C83-8123-11D0-B5CA-0000B43698D6}BackWeb lite: Interface ( (IBackWebFileAccess)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3AF78A6E-6F14-11D1-A884-0000B43699FC}BackWeb lite: Interface ( (IBackWebInfoPakFile)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3AF78A74-6F14-11D1-A884-0000B43699FC}BackWeb lite: Interface ( (IBackWebDirectoryNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{41CEBDC0-32C1-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebInfoPakNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{4A3666F3-5F2D-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebChannelCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{53FCF35A-5323-11D0-A864-0000B43699FC}BackWeb lite: Interface ( (IBackWebStoryField)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5B1E13A0-004B-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebFileAccessViaDir)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{608FE360-6FB2-11D1-A885-0000B43699FC}BackWeb lite: Interface ( (IBackWebAlertSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{72B62B40-17D1-11D1-96A7-F8E906C10000}BackWeb lite: Interface ( (IBackWebPlayer)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8028B940-4932-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebChannelDownloadServices)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9132E380-DC21-11D0-A875-0000B43699FC}BackWeb lite: Interface ( (IBackWebChannel2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9647FB70-DC0F-11D0-A875-0000B43699FC}BackWeb lite: Interface ( (IBackWebAllStoryCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9DB46423-FF61-11D0-9951-444553540000}BackWeb lite: Interface ( (IBackWebChannelVariableCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{A4BC67F0-6C90-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebCommunications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{BAD37BC0-2231-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebFilterSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{C8CEEEE0-17D6-11D1-96A7-F8E906C10000}BackWeb lite: Interface ( (IBackWebGeneralSettings2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{E01AD640-F87D-11D0-9A50-00AA004812C2}BackWeb lite: Interface ( (IBackWebInfoPak)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{EB1FFFC2-5688-11D0-A865-0000B43699FC}BackWeb lite: Interface ( (IBackWebChannelVariable)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{FEFCA7F0-6C8E-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebInfoPakCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{EB1FFFC1-5688-11D0-A865-0000B43699FC}BackWeb lite: Interface ( (IBackWebApplicationNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{D0894D60-6C6C-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebChannelCollection4)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{BCD0C200-69C1-11D1-8AF8-00609761C47A}BackWeb lite: Interface ( (IBackWebChannel4)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{AEE96320-2131-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebStory)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9DB46424-FF61-11D0-9951-444553540000}BackWeb lite: Interface ( (IBackWebStoryCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9DB46422-FF61-11D0-9951-444553540000}BackWeb lite: Interface ( (IBackWebItemDownloadServices)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{93BF8F00-DBE8-11D0-A875-0000B43699FC}BackWeb lite: Interface ( (IBackWebAllInfoPakCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8131F530-649E-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWeb4)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{740904E0-0BFB-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebInfoPak4_2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{610141C2-7701-11D1-B042-004095903824}BackWeb lite: Interface ( (IBackWebDirectoryEntryCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5DF6CE40-0B50-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebChannel)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{53FCF35B-5323-11D0-A864-0000B43699FC}BackWeb lite: Interface ( (IBackWeb)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{53FCF355-5323-11D0-A864-0000B43699FC}BackWeb lite: Interface ( (IBackWebStoryTableNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{44230BC0-3105-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebOpenInfoPakFile)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3AF78A77-6F14-11D1-A884-0000B43699FC}BackWeb lite: Interface ( (IBackWebInfoPakFilesCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3AF78A71-6F14-11D1-A884-0000B43699FC}BackWeb lite: Interface ( (IBackWebDisplaySettings4_2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{001B3F20-D866-11D1-8B4C-00609761C47A}BackWeb lite: Main executable (File, fixed)
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exeBackWeb lite: Netscape viewer (Registry value, fixed)
HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Netscape\Netscape Navigator\Viewers\application/x-iadBackWeb lite: Netscape viewer (Registry value, fixed)
HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreviewComet Cursors: Typelib ( (ComUtil 1.0 Type Library)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Typelib\{FA6F74E5-0277-11D3-9B19-00104B279EC4}Download Accelerator Plus: Default ad server (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultServer=http://127.0.0.1Download Accelerator Plus ads: Ad category (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSSecondMediaDownload Accelerator Plus ads: Banner (Replace file, nothing done)
C:\PROGRA~1\DAP\dap.gifDownload Accelerator Plus ads: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}Download Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer.1Download Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand.1Download Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBandDownload Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventerDownload Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}Download Accelerator Plus ads: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{235D7A27-DE65-49F0-BFCF-D5C3BC3B2E67}Download Accelerator Plus ads: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{62999427-33FC-4baf-9C9C-BCE6BD127F08}Download Accelerator Plus ads: Default ad category (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=DefaultDownload Accelerator Plus ads: IE extension (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C}Download Accelerator Plus ads: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{79516451-3E3E-453a-8968-37942F7979F3}Download Accelerator Plus ads: Typelib ( (DAPBHO 1.0 Type Library)) (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{095006D5-6DA6-4CDC-864E-7498015816BC}Download Accelerator Plus ads: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{72920511-E300-44c1-8565-2FD66D7A7246}DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
--- Spybot-S&D version: 1.2 ---
2003-11-05 Includes\Cookies.sbi
2003-11-05 Includes\Dialer.sbi
2003-11-24 Includes\Hijackers.sbi
2003-11-11 Includes\Keyloggers.sbi
2003-11-20 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2003-11-12 Includes\QA Tests.sbi
2003-11-05 Includes\Security.sbi
2003-11-24 Includes\Spybots.sbi
2003-11-21 Includes\Temporary.sbi
2003-11-05 Includes\Tracks.uti
2003-11-21 Includes\Trojans.sbi
Robert, if you don't post your HJT log in the Security and Virus forum, and state you've run Spybot and AdAware, you run the risk of having the moderator remove the post. These logs are not supposed to be posted in the XP forum.
0 
 |
 Harddisk light stays on i...
|
network cable freezes mac...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
