• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Help with hijack this log

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
Krowa 02

Krowa 02

Member
Joined
Oct 3, 2002
Location
Long Island New York
Im trying to fix a spyware problem on this pc im working with, and im totally stumped now. Here is the hijack this log, if you can help me please do so.
Logfile of HijackThis v1.98.2
Scan saved at 7:22:45 PM, on 10/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\windows\system32\saie.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\SYSsfitb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll
O2 - BHO: (no name) - {CADA0FAE-3C46-CE59-5F81-B71A6C5E10AA} - C:\WINDOWS\system32\vlhrvbuw.dll
O2 - BHO: (no name) - {FECFBB05-52C8-838D-3D84-324FA9DA4496} - C:\WINDOWS\System32\iaulnlqi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<head>
O4 - HKLM\..\Run: [<title>the domain beneditutti.com is under construction</ti] c:\WINDOWS\System32\<title>the domain beneditutti.com is under construction</title>
O4 - HKLM\..\Run: [<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.c] c:\WINDOWS\System32\<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.com">
O4 - HKLM\..\Run: [<meta name="keywords" content="beneditutti.c] c:\WINDOWS\System32\<meta name="keywords" content="beneditutti.com">
O4 - HKLM\..\Run: [<meta http-equiv="imagetoolbar" CONTENT="] c:\WINDOWS\System32\<meta http-equiv="imagetoolbar" CONTENT="no">
O4 - HKLM\..\Run: [<meta name="resource-type" content="docume] c:\WINDOWS\System32\<meta name="resource-type" content="document">
O4 - HKLM\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKLM\..\Run: [<meta name="classification" content="Intern] c:\WINDOWS\System32\<meta name="classification" content="Internet">
O4 - HKLM\..\Run: [<meta name="robots" content="A] c:\WINDOWS\System32\<meta name="robots" content="ALL">
O4 - HKLM\..\Run: [<meta name="distribution" content="Glob] c:\WINDOWS\System32\<meta name="distribution" content="Global">
O4 - HKLM\..\Run: [<meta name="rating" content="A] c:\WINDOWS\System32\<meta name="rating" content="All">
O4 - HKLM\..\Run: [<meta name="doc-class" content="Complet] c:\WINDOWS\System32\<meta name="doc-class" content="Completed">
O4 - HKLM\..\Run: [<meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/c] c:\WINDOWS\System32\<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/css">
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKLM\..\Run: [<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#000] c:\WINDOWS\System32\<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#0000ff>
O4 - HKLM\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a><] c:\WINDOWS\System32\ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a></td>
O4 - HKLM\..\Run: [ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.<] c:\WINDOWS\System32\ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.</td>
O4 - HKLM\..\Run: [ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"><] c:\WINDOWS\System32\ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"><] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"></td>
O4 - HKLM\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> <] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> </td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"></td>
O4 - HKLM\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKLM\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKLM\..\Run: [ <form method=get action="http://parked.directnic.com/result.p] c:\WINDOWS\System32\ <form method=get action="http://parked.directnic.com/result.php">
O4 - HKLM\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKLM\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfie] c:\WINDOWS\System32\ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfield">
O4 - HKLM\..\Run: [ <input type="submit" name="Submit" value="Search" class="subm] c:\WINDOWS\System32\ <input type="submit" name="Submit" value="Search" class="submit">
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKLM\..\Run: [ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Sear] c:\WINDOWS\System32\ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Searches
O4 - HKLM\..\Run: [ by Category<] c:\WINDOWS\System32\ by Category</td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10></td>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td valign="top" width="3] c:\WINDOWS\System32\ <td valign="top" width="33%">
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a><] c:\WINDOWS\System32\ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKLM\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a><br>
O4 - HKLM\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a><br>
O4 - HKLM\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a><br>
O4 - HKLM\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a><br>
O4 - HKLM\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a><br>
O4 - HKLM\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br><] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br></td>
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe
O4 - HKLM\..\Run: [ydgz] C:\WINDOWS\ydgz.exe
O4 - HKLM\..\Run: [candy] candy.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\RunServices: [candy] candy.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<head>
O4 - HKCU\..\Run: [<title>the domain beneditutti.com is under construction</ti] c:\WINDOWS\System32\<title>the domain beneditutti.com is under construction</title>
O4 - HKCU\..\Run: [<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.c] c:\WINDOWS\System32\<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.com">
O4 - HKCU\..\Run: [<meta name="keywords" content="beneditutti.c] c:\WINDOWS\System32\<meta name="keywords" content="beneditutti.com">
O4 - HKCU\..\Run: [<meta http-equiv="imagetoolbar" CONTENT="] c:\WINDOWS\System32\<meta http-equiv="imagetoolbar" CONTENT="no">
O4 - HKCU\..\Run: [<meta name="resource-type" content="docume] c:\WINDOWS\System32\<meta name="resource-type" content="document">
O4 - HKCU\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKCU\..\Run: [<meta name="classification" content="Intern] c:\WINDOWS\System32\<meta name="classification" content="Internet">
O4 - HKCU\..\Run: [<meta name="robots" content="A] c:\WINDOWS\System32\<meta name="robots" content="ALL">
O4 - HKCU\..\Run: [<meta name="distribution" content="Glob] c:\WINDOWS\System32\<meta name="distribution" content="Global">
O4 - HKCU\..\Run: [<meta name="rating" content="A] c:\WINDOWS\System32\<meta name="rating" content="All">
O4 - HKCU\..\Run: [<meta name="doc-class" content="Complet] c:\WINDOWS\System32\<meta name="doc-class" content="Completed">
O4 - HKCU\..\Run: [<meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O4 - HKCU\..\Run: [<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/c] c:\WINDOWS\System32\<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/css">
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKCU\..\Run: [<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#000] c:\WINDOWS\System32\<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#0000ff>
O4 - HKCU\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a><] c:\WINDOWS\System32\ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a></td>
O4 - HKCU\..\Run: [ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.<] c:\WINDOWS\System32\ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.</td>
O4 - HKCU\..\Run: [ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"><] c:\WINDOWS\System32\ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"></td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"><] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"></td>
O4 - HKCU\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> <] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> </td>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"></td>
O4 - HKCU\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKCU\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKCU\..\Run: [ <form method=get action="http://parked.directnic.com/result.p] c:\WINDOWS\System32\ <form method=get action="http://parked.directnic.com/result.php">
O4 - HKCU\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKCU\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfie] c:\WINDOWS\System32\ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfield">
O4 - HKCU\..\Run: [ <input type="submit" name="Submit" value="Search" class="subm] c:\WINDOWS\System32\ <input type="submit" name="Submit" value="Search" class="submit">
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKCU\..\Run: [ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Sear] c:\WINDOWS\System32\ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Searches
O4 - HKCU\..\Run: [ by Category<] c:\WINDOWS\System32\ by Category</td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10></td>
O4 - HKCU\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td valign="top" width="3] c:\WINDOWS\System32\ <td valign="top" width="33%">
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a><] c:\WINDOWS\System32\ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a></td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKCU\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a><br>
O4 - HKCU\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a><br>
O4 - HKCU\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a><br>
O4 - HKCU\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a><br>
O4 - HKCU\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a>] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a><br>
O4 - HKCU\..\Run: [ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br><] c:\WINDOWS\System32\ **<b>·</b>*<a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br></td>
O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe
O4 - HKCU\..\Run: [Microsoft Update 32] explore32.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [SYSsfitb] C:\WINDOWS\SYSsfitb.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Local Disk Manager Network Services] dmntwrk.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,73/mcinsctl.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
 
You must log in or register to reply here.

Similar threads

C
Need help with Memory issues
Replies
1
Views
433
trents
trents
rebelwarlock
Something really fishy going on with firefox
Replies
7
Views
998
c627627
c627627
c627627
How to make a Windows 7 SP1 Convenience Rollup ISO with all updates up to 2016
18 19 20 21 22
Replies
427
Views
49K
c627627
c627627
N
Need experts help with extremely low XTU score.
Replies
1
Views
3K
ATMINSIDE
ATMINSIDE
M
SOLVED I think i have a virus (hijackthis log within)
Replies
7
Views
2K
SteveLord
SteveLord
Back