MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » 

Re: HijackThisLog Analysis - Deluxe

Reference:

Here is what you should do.

End the below suspicious process :

C: \ Documents and Settings \ Ray Rivas \ Application Data \ amee.exe
C: \ WINDOWS \ System32 \ ??plorer.exe

Remove these search keys:

R1 - HKCU \ Software \ Microsoft \ Internet Explorer,SearchURL = website: begin2search.com / sidesearch.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: begin2search.com / sidesearch.html
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: coolsearch.biz
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Default_Page_URL = website: ie.redirect.hp.com / svs / rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,CustomizeSearch = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant =
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard,Shellnext = website: ie.redirect.hp.com / svs / rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - Default URLSearchHook is missing

Remove these Hosts file redirection (O1):

O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com

Remove these additional browser plug-in keys (O2...O4):

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C: \ Program Files \ CxtPls \ plg0 \ CxtPls.dll
O2 - BHO: (no name) - {15AB115F-C111-5FB3-D106-125505F12846} - C: \ WINDOWS \ System32 \ psbz.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C: \ Documents and Settings \ All Users \ Application Data \ RDSA \ rdsa.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C: \ WINDOWS \ System32 \ dsktrf.dll
O2 - BHO: (no name) - {CBEFB350-ED5B-4115-B846-C1041676B388} - C: \ WINDOWS \ System32 \ MyIE32.dll
O2 - BHO: (no name) - {CE7EF827-47CC-48EB-B570-C367F1E1277E} - C: \ Documents and Settings \ All Users \ Application Data \ x1ff \ x1ff.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM \ .. \ Run: [oF8] C: \ documents and settings \ ray rivas \ local settings \ temp \ oF8.exe
O4 - HKLM \ .. \ Run: [5TNFqgc] C: \ documents and settings \ ray rivas \ local settings \ temp \ 5TNFqgc.exe
O4 - HKLM \ .. \ Run: [4S2NSLA3QS#366] C: \ WINDOWS \ System32 \ FmsCj.exe
O4 - HKCU \ .. \ Run: [Tsa] C: \ PROGRA~1 \ COMMON~1 \ tsa \ tsm.exe
O4 - HKCU \ .. \ Run: [Aaou] C: \ Documents and Settings \ Ray Rivas \ Application Data \ amee.exe
O4 - HKCU \ .. \ Run: [Amdvlp] C: \ WINDOWS \ System32 \ ??plorer.exe

Remove these extra items in Trusted Zone (O15):

O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com

Reboot the computer and put it to safe mode.  Then delete these files from your C: drive.

C: \ Documents and Settings \ Ray Rivas \ Application Data \ amee.exe
C: \ WINDOWS \ System32 \ ??plorer.exe

Original log but with private information removed.

Logfile of HijackThis v1.97.7
Scan saved at 3:18:26 PM, on 11 / 20 / 2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA~1 \ COMMON~1 \ AOL \ ACS \ acsd.exe
c: \ PROGRA~1 \ mcafee.com \ vso \ mcvsrte.exe
C: \ Program Files \ Analog Devices \ SoundMAX \ SMAgent.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
C: \ Program Files \ HP \ HP Share-to-Web \ hpgs2wnd.exe
C: \ Program Files \ HPQ \ Quick Launch Buttons \ EabServr.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ Program Files \ Hewlett-Packard \ HP Software Update \ HPWuSchd.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ PROGRA~1 \ COMMON~1 \ AOL \ AOLSPY~1 \ AOLSP Scheduler.exe
C: \ Program Files \ HP \ HP Share-to-Web \ hpgs2wnf.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb10.exe
C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ PROGRA~1 \ mcafee.com \ vso \ mcvsshld.exe
C: \ PROGRA~1 \ mcafee.com \ agent \ mcagent.exe
c: \ progra~1 \ mcafee.com \ vso \ mcvsescn.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Documents and Settings \ Ray Rivas \ Application Data \ amee.exe
C: \ WINDOWS \ System32 \ ??plorer.exe
C: \ Program Files \ America Online 9.0 \ aoltray.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
c: \ progra~1 \ mcafee.com \ vso \ mcvsftsn.exe
C: \ WINDOWS \ System32 \ wuauclt.exe
c: \ PROGRA~1 \ mcafee.com \ vso \ mcshield.exe
C: \ Program Files \ America Online 9.0 \ waol.exe
C: \ Program Files \ America Online 9.0 \ shellmon.exe
C: \ Program Files \ America Online 9.0 \ aolwbspd.exe
C: \ WINDOWS \ explorer.exe
C: \ Documents and Settings \ Ray Rivas \ My Documents \ Ray´s Folder \ hijackthis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer,SearchURL = website: begin2search.com / sidesearch.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: begin2search.com / sidesearch.html
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: coolsearch.biz
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Default_Page_URL = website: ie.redirect.hp.com / svs / rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,CustomizeSearch = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant =
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard,Shellnext = website: ie.redirect.hp.com / svs / rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O1 - Hosts: 216.130.185. 143 websearch.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 adwave.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 xzoomy.com
O1 - Hosts: 216.130.185. 143 advnt01.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C: \ Program Files \ CxtPls \ plg0 \ CxtPls.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - {15AB115F-C111-5FB3-D106-125505F12846} - C: \ WINDOWS \ System32 \ psbz.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C: \ PROGRA~1 \ SPYBOT~1 \ SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C: \ Documents and Settings \ All Users \ Application Data \ RDSA \ rdsa.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C: \ WINDOWS \ System32 \ dsktrf.dll
O2 - BHO: (no name) - {CBEFB350-ED5B-4115-B846-C1041676B388} - C: \ WINDOWS \ System32 \ MyIE32.dll
O2 - BHO: (no name) - {CE7EF827-47CC-48EB-B570-C367F1E1277E} - C: \ Documents and Settings \ All Users \ Application Data \ x1ff \ x1ff.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [Cpqset] C: \ Program Files \ HPQ \ Default Settings \ cpqset.exe
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [Share-to-Web Namespace Daemon] C: \ Program Files \ HP \ HP Share-to-Web \ hpgs2wnd.exe
O4 - HKLM \ .. \ Run: [eabconfg.cpl] C: \ Program Files \ HPQ \ Quick Launch Buttons \ EabServr.exe / Start
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [HPHUPD05] c: \ Program Files \ HP \ {45B6180B-DCAB-4093-8EE8-6164457517F0} \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [HP Software Update] "C: \ Program Files \ Hewlett-Packard \ HP Software Update \ HPWuSchd.exe"
O4 - HKLM \ .. \ Run: [RealTray] C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe" -atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] C: \ Program Files \ iTunes \ iTunesHelper.exe
O4 - HKLM \ .. \ Run: [AOL Spyware Protection] "C: \ PROGRA~1 \ COMMON~1 \ AOL \ AOLSPY~1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb10.exe
O4 - HKLM \ .. \ Run: [HP Component Manager] "C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe"
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [oF8] C: \ documents and settings \ ray rivas \ local settings \ temp \ oF8.exe
O4 - HKLM \ .. \ Run: [5TNFqgc] C: \ documents and settings \ ray rivas \ local settings \ temp \ 5TNFqgc.exe
O4 - HKLM \ .. \ Run: [4S2NSLA3QS#366] C: \ WINDOWS \ System32 \ FmsCj.exe
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA~1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [VirusScan Online] "c: \ PROGRA~1 \ mcafee.com \ vso \ mcvsshld.exe"
O4 - HKLM \ .. \ Run: [MCAgentExe] c: \ PROGRA~1 \ mcafee.com \ agent \ mcagent.exe
O4 - HKLM \ .. \ Run: [MCUpdateExe] C: \ PROGRA~1 \ McAfee.com \ Agent \ mcupdate.exe
O4 - HKLM \ .. \ Run: [Zone Labs Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [MoneyAgent] "c: \ Program Files \ Microsoft Money \ System \ mnyexpr.exe"
O4 - HKCU \ .. \ Run: [Tsa] C: \ PROGRA~1 \ COMMON~1 \ tsa \ tsm.exe
O4 - HKCU \ .. \ Run: [Aaou] C: \ Documents and Settings \ Ray Rivas \ Application Data \ amee.exe
O4 - HKCU \ .. \ Run: [Amdvlp] C: \ WINDOWS \ System32 \ ??plorer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C: \ Program Files \ Quicken \ bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res: / / C: \ PROGRA~1 \ MICROS~4 \ OFFICE11 \ EXCEL.EXE / 3000
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra ´Tools´ menuitem: AOL Toolbar (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O14 - IERESET.INF: START_PAGE_URL=website: ie.redirect.hp.com / svs / rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {DEBA51D7-2D8E-4873-A9AC-A5BACD80528B}: NameServer = 205.188.146.146

amee.exe 22-Nov-2004

??plorer.exe 22-Nov-2004


commentPost your comment 
Mail this pageMail this page


© 2004-2008. All Rights Reserved.