‎Hijack help | DELL Technologies

Responses(50)
Solutions(0)

markamus

435 Posts

July 31st, 2008 13:00

Always_Hijacked,

Welcome to DCF.

Please include a description of the problems you are currently experiencing with this PC and we will go from there.

markamus

435 Posts

July 31st, 2008 14:00

Please download Malwarebytes Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

Always_Hijacked

37 Posts

July 31st, 2008 14:00

I am getting Chinese ????? popup ads everytime I open my browser. I have tried Adaware, Malwarbytes,Spybot with no success. Also I am having issues with windows security updates not working.

Always_Hijacked

37 Posts

July 31st, 2008 14:00

This is my most current Hijack This report Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:00 AM, on 31/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEZHHK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216317658660&h=58b55e838b237950068aa4afca36f018/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVSS - Unknown owner - C:\WINDOWS\system32\c296a.exe (file missing)
O23 - Service: Indexing Data (BUZOR) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\4ED05\svchost.exe (file missing)

--
End of file - 9883 bytes

Always_Hijacked

37 Posts

July 31st, 2008 15:00

I have Malwarebytes on this PC and ran an update on it this morning and used it (full scan) again. It continues to find things and remove them, even prompts when a reboot is nessesary. But I still have this one popup over-riding my browser. I found a great program at cnet downloads called CCleaner and had some success with Registry problems. Also I use Antivira personal (luke filewalker). I have access to Mcafee's latest version (through my provider), but have not tried it on this PC yet. I am currently running another full scan with Malwarebytes and will post the results later (slow proccess 1+ hrs)

Always_Hijacked

37 Posts

July 31st, 2008 15:00

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 3

9:48:59 AM 31/07/2008
mbam-log-7-31-2008 (09-48-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102938
Time elapsed: 49 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Always_Hijacked

37 Posts

July 31st, 2008 16:00

Now I'm getting an error from Forums Post. The log is too large to post (more than 20,000 charactors) am i doing somthing wrong?

Always_Hijacked

37 Posts

July 31st, 2008 16:00

One web address that just popped on http://www.i6666.cn/gm_05.html My wife often visits websites in China.

markamus

435 Posts

July 31st, 2008 16:00

Go HERE and download File Lister.

Save it to your Desktop

Rt Click ->> Extract all ->> And extract it to your Desktop

Additional help on extracting zip files can be found HERE

Open the File Lister Folder.

Rt Click FileLister.vbe ->>Select Open Then Open to confirm.

As the program runs, it will appear that nothing is happening.

When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

Always_Hijacked

37 Posts

July 31st, 2008 17:00

=== Files under "\User\Local Settings\Temp" Last 30 Days======

7/9/2008 5:07:14 PM    107    32    C:\Documents and Settings\Jan\Local Settings\Temp\689211B7.TMP
7/6/2008 9:47:46 PM    49458    32    C:\Documents and Settings\Jan\Local Settings\Temp\9b07_appcompat.txt
7/10/2008 9:40:17 AM    5158    32    C:\Documents and Settings\Jan\Local Settings\Temp\ASPNETSetup_00000.log
7/10/2008 10:56:05 AM    5158    32    C:\Documents and Settings\Jan\Local Settings\Temp\ASPNETSetup_00001.log
7/10/2008 10:59:46 AM    5158    32    C:\Documents and Settings\Jan\Local Settings\Temp\ASPNETSetup_00002.log
7/9/2008 7:44:36 PM    21176    32    C:\Documents and Settings\Jan\Local Settings\Temp\atisketch.bmp
7/11/2008 9:39:16 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml10.tmp
7/28/2008 9:45:12 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml105.tmp
7/30/2008 1:03:38 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml11.tmp
7/19/2008 4:54:12 PM    864256    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml13.tmp
7/31/2008 11:17:28 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml13F.tmp
7/24/2008 4:24:58 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml15.tmp
7/13/2008 11:59:35 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml17.tmp
7/19/2008 4:02:12 PM    864256    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml18.tmp
6/30/2008 7:35:27 PM    191260    32    C:\Documents and Settings\Jan\Local Settings\Temp\cml19.tmp
7/30/2008 1:10:30 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml1A.tmp
7/11/2008 10:08:05 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml1C.tmp
7/11/2008 2:01:50 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml1E.tmp
7/27/2008 2:09:12 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml2.tmp
7/25/2008 5:22:19 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml20.tmp
7/23/2008 5:29:19 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml21.tmp
7/5/2008 5:30:28 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml22.tmp
7/24/2008 4:32:13 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml23.tmp
7/23/2008 5:38:37 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml24.tmp
7/18/2008 2:16:33 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml26.tmp
7/30/2008 2:15:37 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml27.tmp
7/26/2008 3:21:09 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml29.tmp
7/23/2008 5:43:56 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml2A.tmp
7/24/2008 5:02:53 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml2B.tmp
7/23/2008 5:55:37 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml2C.tmp
7/27/2008 6:59:38 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml2D.tmp
7/10/2008 11:32:08 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml2F.tmp
7/30/2008 12:13:58 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml3.tmp
7/11/2008 2:28:54 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml30.tmp
7/30/2008 2:21:06 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml32.tmp
7/5/2008 5:35:41 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml34.tmp
7/10/2008 1:39:15 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml35.tmp
7/30/2008 3:09:48 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml36.tmp
7/11/2008 2:47:52 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml37.tmp
7/5/2008 5:43:46 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml38.tmp
7/15/2008 4:52:41 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml39.tmp
7/30/2008 3:15:26 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml3B.tmp
7/20/2008 11:09:04 AM    864256    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml3C.tmp
7/13/2008 8:44:40 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml3D.tmp
7/30/2008 8:33:28 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml4.tmp
7/5/2008 5:49:28 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml40.tmp
7/15/2008 5:00:30 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml43.tmp
7/18/2008 3:26:13 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml44.tmp

Always_Hijacked

37 Posts

July 31st, 2008 17:00

7/6/2008 12:24:35 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlB4.tmp
7/6/2008 1:06:03 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlB7.tmp
7/11/2008 10:49:58 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlC.tmp
7/28/2008 7:36:39 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlC8.tmp
7/6/2008 7:19:50 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlE0.tmp
7/28/2008 8:10:29 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlE1.tmp
7/13/2008 11:50:13 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlF.tmp
7/31/2008 10:01:57 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlF2.tmp
7/28/2008 9:28:54 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlF7.tmp
7/10/2008 9:35:38 AM    558797    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_depcheck_NETFX_EXP_35.txt
7/10/2008 9:35:20 AM    2    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_dotnetfx35error.txt
7/10/2008 9:35:20 AM    810006    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_dotnetfx35install.txt
7/10/2008 9:36:26 AM    3190920    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_NET_Framework20_Setup3DEE.txt
7/10/2008 9:38:52 AM    6528352    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_NET_Framework20_Setup3FCB.txt
7/10/2008 10:58:27 AM    6529544    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_NET_Framework20_Setup7CB4.txt
7/10/2008 9:41:04 AM    2372906    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_NET_Framework30_Setup417A.txt
7/10/2008 11:00:35 AM    2373584    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_NET_Framework30_Setup7E56.txt
7/10/2008 9:41:22 AM    779844    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_NET_Framework35_MSI41B5.txt
7/10/2008 1:42:46 PM    6964380    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_NET_Framework35_MSI7A77.txt
7/10/2008 11:00:53 AM    780134    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_NET_Framework35_MSI7E91.txt
7/10/2008 10:56:49 AM    3885    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_wcf_retCA34AB.txt
7/10/2008 9:34:43 AM    3885    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_wcf_retCA4844.txt
7/10/2008 11:00:42 AM    3885    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_wcf_retCA5C08.txt
7/10/2008 9:41:10 AM    3885    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_wcf_retCA6884.txt
7/10/2008 2:08:29 PM    3364    32    C:\Documents and Settings\Jan\Local Settings\Temp\dd_wcf_retCA77F8.txt
7/1/2008 11:07:54 AM    14600    32    C:\Documents and Settings\Jan\Local Settings\Temp\fvq10.tmp
7/7/2008 7:09:46 PM    21176    32    C:\Documents and Settings\Jan\Local Settings\Temp\gardasil2.bmp
7/10/2008 9:51:08 AM    139    32    C:\Documents and Settings\Jan\Local Settings\Temp\GLCFA.tmp
7/10/2008 9:51:54 AM    139    32    C:\Documents and Settings\Jan\Local Settings\Temp\GLCFB.tmp
7/10/2008 11:16:51 AM    1930    32    C:\Documents and Settings\Jan\Local Settings\Temp\IMT25A.xml
7/17/2008 11:00:25 AM    1163    32    C:\Documents and Settings\Jan\Local Settings\Temp\java_install_sp.log
7/17/2008 10:59:07 AM    9594    32    C:\Documents and Settings\Jan\Local Settings\Temp\jinstall.cfg
7/13/2008 6:50:16 PM    6158    32    C:\Documents and Settings\Jan\Local Settings\Temp\jusched.log
7/10/2008 11:05:00 AM    320    32    C:\Documents and Settings\Jan\Local Settings\Temp\MSI174de.LOG
7/10/2008 2:13:14 PM    1050    32    C:\Documents and Settings\Jan\Local Settings\Temp\MSI3e553.LOG
7/20/2008 10:07:26 AM    474    32    C:\Documents and Settings\Jan\Local Settings\Temp\MSI3e764.LOG
7/15/2008 9:19:57 AM    369718    32    C:\Documents and Settings\Jan\Local Settings\Temp\MSI4ff30.LOG
7/23/2008 4:36:35 PM    150335488    32    C:\Documents and Settings\Jan\Local Settings\Temp\Photoshop Temp7005211
7/17/2008 4:10:56 PM    1262    32    C:\Documents and Settings\Jan\Local Settings\Temp\QTInstallCode.log
7/17/2008 4:12:08 PM    3544    32    C:\Documents and Settings\Jan\Local Settings\Temp\qtplugin.log
7/4/2008 9:52:13 PM    3203    32    C:\Documents and Settings\Jan\Local Settings\Temp\r2h2C.tmp
7/8/2008 7:57:36 PM    22585    32    C:\Documents and Settings\Jan\Local Settings\Temp\r2h4C.tmp
6/30/2008 9:17:08 PM    5536    32    C:\Documents and Settings\Jan\Local Settings\Temp\r2h60.tmp
7/10/2008 6:33:38 PM    3452    32    C:\Documents and Settings\Jan\Local Settings\Temp\r2h62.tmp
7/27/2008 11:00:21 PM    3908    32    C:\Documents and Settings\Jan\Local Settings\Temp\r2hA9.tmp
7/3/2008 10:22:43 PM    2061    32    C:\Documents and Settings\Jan\Local Settings\Temp\r2hC3.tmp
7/3/2008 10:23:05 PM    8020    32    C:\Documents and Settings\Jan\Local Settings\Temp\r2hC6.tmp
7/13/2008 8:52:13 PM    107512    32    C:\Documents and Settings\Jan\Local Settings\Temp\Set49.tmp
7/13/2008 8:52:53 PM    107512    32    C:\Documents and Settings\Jan\Local Settings\Temp\Set4B.tmp
7/10/2008 1:44:50 PM    2584    32    C:\Documents and Settings\Jan\Local Settings\Temp\setup.log
7/23/2008 9:20:03 AM    61440    32    C:\Documents and Settings\Jan\Local Settings\Temp\vmpremov.exe
7/10/2008 11:02:49 AM    4984    32    C:\Documents and Settings\Jan\Local Settings\Temp\VWL242.tmp
7/10/2008 9:37:19 AM    1436    32    C:\Documents and Settings\Jan\Local Settings\Temp\VWL3C.tmp
7/10/2008 1:46:17 PM    5366    32    C:\Documents and Settings\Jan\Local Settings\Temp\VWL69.tmp
7/10/2008 9:44:51 AM    10202    32    C:\Documents and Settings\Jan\Local Settings\Temp\VWLE9.tmp
7/17/2008 11:32:34 AM    1340    32    C:\Documents and Settings\Jan\Local Settings\Temp\wmplog00.sqm
7/17/2008 11:22:23 AM    248    32    C:\Documents and Settings\Jan\Local Settings\Temp\wmpnsslog00.sqm
7/17/2008 11:22:23 AM    224    32    C:\Documents and Settings\Jan\Local Settings\Temp\wmpnsslog01.sqm
7/17/2008 11:23:27 AM    248    32    C:\Documents and Settings\Jan\Local Settings\Temp\wmpnsslog02.sqm
7/17/2008 11:23:27 AM    224    32    C:\Documents and Settings\Jan\Local Settings\Temp\wmpnsslog03.sqm
7/17/2008 11:23:37 AM    248    32    C:\Documents and Settings\Jan\Local Settings\Temp\wmpnsslog04.sqm
7/17/2008 11:23:37 AM    224    32    C:\Documents and Settings\Jan\Local Settings\Temp\wmpnsslog05.sqm
7/10/2008 11:01:02 AM    25283    32    C:\Documents and Settings\Jan\Local Settings\Temp\WSF23C.tmp
7/10/2008 11:01:02 AM    28092    32    C:\Documents and Settings\Jan\Local Settings\Temp\WSF23D.tmp
7/10/2008 1:43:13 PM    22391    32    C:\Documents and Settings\Jan\Local Settings\Temp\WSF62.tmp
7/10/2008 1:43:13 PM    27563    32    C:\Documents and Settings\Jan\Local Settings\Temp\WSF63.tmp
7/10/2008 9:41:34 AM    25283    32    C:\Documents and Settings\Jan\Local Settings\Temp\WSFE3.tmp
7/10/2008 9:41:34 AM    28092    32    C:\Documents and Settings\Jan\Local Settings\Temp\WSFE4.tmp
7/10/2008 11:03:20 AM    9624    32    C:\Documents and Settings\Jan\Local Settings\Temp\wux248.tmp
7/10/2008 1:46:44 PM    5990    32    C:\Documents and Settings\Jan\Local Settings\Temp\wux6F.tmp
7/31/2008 6:35:04 AM    0    32    C:\Documents and Settings\Jan\Local Settings\Temp\xx2
7/31/2008 6:35:04 AM    0    32    C:\Documents and Settings\Jan\Local Settings\Temp\xx3
7/31/2008 6:35:04 AM    0    32    C:\Documents and Settings\Jan\Local Settings\Temp\xx4
7/31/2008 6:35:04 AM    0    32    C:\Documents and Settings\Jan\Local Settings\Temp\xx5
7/31/2008 6:35:04 AM    0    32    C:\Documents and Settings\Jan\Local Settings\Temp\xx6
7/13/2008 8:53:11 PM    793    32    C:\Documents and Settings\Jan\Local Settings\Temp\_isdelet.ini
7/21/2008 10:00:01 AM    49152    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DF21E0.tmp
7/24/2008 10:48:41 AM    311296    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DF31BE.tmp
7/19/2008 3:16:01 PM    311296    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DFA5ED.tmp
7/31/2008 11:43:46 AM    16384    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DFB270.tmp
7/31/2008 11:43:46 AM    512    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DFB282.tmp
7/30/2008 12:05:55 PM    114688    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DFCECD.tmp
7/27/2008 1:13:05 PM    16384    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DFDB09.tmp
7/27/2008 1:13:05 PM    512    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DFDB1B.tmp
7/30/2008 8:38:21 PM    311296    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DFE724.tmp
7/21/2008 8:12:26 AM    311296    32    C:\Documents and Settings\Jan\Local Settings\Temp\~DFF222.tmp

markamus

435 Posts

July 31st, 2008 17:00

If your reply is too large, please split it up into 2 or more posts so that the entire log is posted.

Always_Hijacked

37 Posts

July 31st, 2008 17:00

7/30/2008 3:26:56 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml46.tmp
7/30/2008 3:43:12 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml4A.tmp
7/30/2008 9:32:11 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml4B.tmp
7/5/2008 5:55:27 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml4C.tmp
7/24/2008 5:11:46 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml4E.tmp
7/23/2008 6:43:08 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml4F.tmp
7/27/2008 12:45:06 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml50.tmp
7/28/2008 3:31:44 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml51.tmp
7/21/2008 7:52:14 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml52.tmp
7/11/2008 5:20:42 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml53.tmp
7/18/2008 7:16:30 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml54.tmp
7/25/2008 5:47:15 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml55.tmp
7/21/2008 7:57:21 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml56.tmp
7/10/2008 3:39:00 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml56C.tmp
7/23/2008 7:31:14 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml57.tmp
7/26/2008 4:58:41 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml58.tmp
7/29/2008 6:51:24 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml59.tmp
7/25/2008 5:54:45 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml5A.tmp
7/23/2008 7:46:22 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml5B.tmp
7/28/2008 3:42:14 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml5C.tmp
7/23/2008 8:16:54 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml5D.tmp
7/26/2008 5:13:28 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml5E.tmp
7/25/2008 6:11:21 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml5F.tmp
7/30/2008 4:59:20 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml6.tmp
7/30/2008 3:48:18 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml60.tmp
7/27/2008 1:10:22 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml61.tmp
7/29/2008 6:57:01 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml62.tmp
7/21/2008 9:28:42 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml63.tmp
7/27/2008 7:45:46 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml64.tmp
7/26/2008 5:24:37 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml65.tmp
7/5/2008 6:04:57 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml66.tmp
7/11/2008 5:33:56 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml67.tmp
7/26/2008 5:33:25 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml6A.tmp
7/15/2008 5:37:59 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml6B.tmp
7/9/2008 7:15:28 PM    864256    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml6C.tmp
7/29/2008 7:03:16 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml6D.tmp
7/23/2008 7:32:34 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml6E.tmp
7/27/2008 9:09:04 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml6F.tmp
7/26/2008 8:32:37 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml70.tmp
7/27/2008 1:16:14 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml71.tmp
7/31/2008 6:40:48 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml72.tmp
7/28/2008 4:02:40 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml73.tmp
7/29/2008 7:08:57 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml74.tmp
7/15/2008 8:19:10 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml76.tmp
7/23/2008 3:18:03 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml77.tmp
7/26/2008 8:54:06 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml78.tmp
7/5/2008 6:19:26 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml79.tmp
7/23/2008 3:25:24 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml7A.tmp
7/25/2008 9:20:31 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml7B.tmp
7/23/2008 3:32:15 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml7C.tmp
7/24/2008 9:43:56 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml7D.tmp
7/23/2008 3:49:14 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml7E.tmp
7/28/2008 4:10:37 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml7F.tmp
7/30/2008 12:23:44 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml8.tmp
7/24/2008 9:49:35 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml80.tmp
7/23/2008 3:56:52 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml81.tmp
7/11/2008 10:57:05 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml82.tmp
7/30/2008 11:57:07 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml83.tmp
7/23/2008 4:02:27 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml84.tmp
7/27/2008 9:21:09 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml85.tmp
7/19/2008 3:47:30 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml86.tmp
7/23/2008 4:16:23 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml87.tmp
7/29/2008 9:15:12 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml88.tmp
7/15/2008 10:23:40 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml8A.tmp
7/24/2008 9:54:59 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml8B.tmp
7/3/2008 9:19:41 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml8C.tmp
7/23/2008 4:21:52 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml8F.tmp
7/6/2008 11:47:04 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml90.tmp
7/29/2008 9:27:08 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml91.tmp
7/6/2008 11:52:37 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml92.tmp
7/23/2008 4:30:40 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml93.tmp
7/29/2008 9:32:29 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml95.tmp
7/31/2008 7:57:48 AM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml97.tmp
7/29/2008 9:47:56 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml98.tmp
7/6/2008 12:01:19 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml9B.tmp
7/6/2008 12:06:33 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cml9D.tmp
7/30/2008 12:30:53 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlA.tmp
7/29/2008 9:57:22 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlA1.tmp
7/27/2008 10:09:21 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlA5.tmp
7/5/2008 5:22:48 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlB.tmp
7/28/2008 6:54:06 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlB0.tmp
7/28/2008 7:00:52 PM    880640    33    C:\Documents and Settings\Jan\Local Settings\Temp\cmlB3.tmp

Always_Hijacked

37 Posts

July 31st, 2008 17:00

+
+ Version 1.0.3
+
+ By bamajim@bamajim.com
+
+++++++++++++++++++++++++++++++++

Report ran on --->>> 7/31/2008 11:44:30 AM

=== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dvd43"="C:\\Program Files\\dvd43\\dvd43_tray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

=== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

Always_Hijacked

37 Posts

July 31st, 2008 17:00

Most recent popup http://www.3q1.com.cn/web_new/xbgc_1.aspx?SubjectID=283

View All

No Events found!

Virus & Spyware

Was this post helpful?