Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
I've been hijacked also, read some of the posts below 2
- Thread starter muz
- Start date
-
1
- #2
I-lookup has quite a few variants as you can see here:
You'd be best served to download Hijack This! and scan your pc. Post your log results back here and we can help you clean things.
Get HT! here:
You'd be best served to download Hijack This! and scan your pc. Post your log results back here and we can help you clean things.
Get HT! here:
oldcomptrguy
Technical User
Just download and run AdAware, a great trojan/spyware search and removal tool.
Ad-Aware is a good tool, but I've seen far to many instances of it screwing up OS's when applied with a heavy hand. muz has already indicated some reluctance in dealing with registry changes, and Ad-Aware will flag registry keys with regularity. Delete the wrong thing and...hope you kept the Quaratine file.
oldcomptrguy
Technical User
I've used AdAware for years. I usually just run down the list and check everything. It will not force elimination of any key Window file. It is much safer than going into the registry on your own.
Do you know of anyone who has had a bad experience using AdAware?
Do you know of anyone who has had a bad experience using AdAware?
Yep, a few. That's why I mentioned it.
AdAware's only been around for the last two years, give or take, so you've probably been using about as long as I have.
I haven't fully trusted the product since they bailed on supporting their first effort while working up the current version, leaving thousands of users hanging for months without updates. Many, many tech pros were quite miffed at the issue.
No one said anything about going into the registry, quite the opposite. My goal is to keep the user out, especially when they're timid about it from the get-go.
In my experience, the product runs second to SpyBot as a detection and removal tool. I advocate it as a supplement, but personally seldom, if ever, use it anymore. I'd never advocate, however, "running down the list" and blowing away everything in ANY spyware/malware removal tool.
AdAware's only been around for the last two years, give or take, so you've probably been using about as long as I have.
I haven't fully trusted the product since they bailed on supporting their first effort while working up the current version, leaving thousands of users hanging for months without updates. Many, many tech pros were quite miffed at the issue.
No one said anything about going into the registry, quite the opposite. My goal is to keep the user out, especially when they're timid about it from the get-go.
In my experience, the product runs second to SpyBot as a detection and removal tool. I advocate it as a supplement, but personally seldom, if ever, use it anymore. I'd never advocate, however, "running down the list" and blowing away everything in ANY spyware/malware removal tool.
oldcomptrguy
Technical User
Spybot is great. I'm sorry, I did not see where you recommended it. I still prefer AdAware, but Spy Bot is great and will do the job. I think we can both recommend that one, so muz can get his comptr cleaned up.
Right on.
I've fallen heavily on Hijack This! logs lately as kind of a personal addiction, I suppose. It lets me see more of the "inner workings" of many of the latest pests.
Thus, I didn't recommend SpyBot out of the chute.
If muz can rectify the hijack with AdAware or SpyBot, then good finish. If not, bring on the scan log...
SpyBot download here, by the way:
Be sure to update before scanning. Once clean, be sure and activate the IMMUNIZE function for future protection.
I've fallen heavily on Hijack This! logs lately as kind of a personal addiction, I suppose. It lets me see more of the "inner workings" of many of the latest pests.
Thus, I didn't recommend SpyBot out of the chute.
If muz can rectify the hijack with AdAware or SpyBot, then good finish. If not, bring on the scan log...
SpyBot download here, by the way:
Be sure to update before scanning. Once clean, be sure and activate the IMMUNIZE function for future protection.
- Thread starter
- #9
thanks for everyone's help as usual. I've tried to delete many of the items already and most reloaded. Also, there's allot of programs that are running, i've kept these to a minumum and notron has stopped several viruses
Logfile of HijackThis v1.97.7
Scan saved at 5:46:39 PM, on 19-Dec-03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\MSBB.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
C:\WINDOWS\ADGJNQ.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINDOWS\SYSTEM\WINDEC32.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\QABAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL (file missing)
O3 - Toolbar: I-Lookup.com Bar - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - C:\WINDOWS\SYSTEM\WINDEC32.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\SYSTEM\syscpy.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [ADGJNQ] C:\WINDOWS\ADGJNQ.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {1AFD05F4-F26D-11D2-AAC8-00C04FB173C9} (ScPeopleNet Favorites) - O16 - DPF: {FFFF0017-0001-101A-A3C9-08002B2F49FB} - O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: ConferenceRoom Java Client - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - O16 - DPF: DigiChat Applet - O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - O16 - DPF: {965E6B07-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} (iiittt Class) - O18 - Protocol: wavetop - {2828353E-8B60-11D1-821D-00609720131C} - C:\Program Files\WaveTop\Bin\WaveProt.dll
thanks again
Logfile of HijackThis v1.97.7
Scan saved at 5:46:39 PM, on 19-Dec-03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\MSBB.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
C:\WINDOWS\ADGJNQ.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINDOWS\SYSTEM\WINDEC32.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\QABAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL (file missing)
O3 - Toolbar: I-Lookup.com Bar - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - C:\WINDOWS\SYSTEM\WINDEC32.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\SYSTEM\syscpy.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [ADGJNQ] C:\WINDOWS\ADGJNQ.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {1AFD05F4-F26D-11D2-AAC8-00C04FB173C9} (ScPeopleNet Favorites) - O16 - DPF: {FFFF0017-0001-101A-A3C9-08002B2F49FB} - O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: ConferenceRoom Java Client - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - O16 - DPF: DigiChat Applet - O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - O16 - DPF: {965E6B07-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} (iiittt Class) - O18 - Protocol: wavetop - {2828353E-8B60-11D1-821D-00609720131C} - C:\Program Files\WaveTop\Bin\WaveProt.dll
thanks again
-
1
- #10
First go here and kill ISTbar:
Then go here and kill Ilookup:
Do this and repost your log and we'll check it again.
Then go here and kill Ilookup:
Do this and repost your log and we'll check it again.
- Thread starter
- #11
read the instructions and I have questions based on what I found:
thanks
under step one for ISTbar.html
current version / run
I have 3 (runs)
Run
Default
clocksync programfiles\clocksync\sync.exe /q
contentservice windows\system\winservn.exe
Eaas windows\application data\aupt.exe
Run-
Default
Forbes program files\forbes\forbesalerts.exe
MrkWhols program files\startbarticker\market.exe /s
startbarticker program files\startbarticker\startbarticker/startbarticker.exe
weathercast programfiles\weathercast\weather.exe /q
yahoo pager program files\ yahoo\messenger\ypager.exe -quiet
Runonce
default
eZstub c:\ezstub.exe
thanks
not sure which one(s) to delete
thanks
under step one for ISTbar.html
current version / run
I have 3 (runs)
Run
Default
clocksync programfiles\clocksync\sync.exe /q
contentservice windows\system\winservn.exe
Eaas windows\application data\aupt.exe
Run-
Default
Forbes program files\forbes\forbesalerts.exe
MrkWhols program files\startbarticker\market.exe /s
startbarticker program files\startbarticker\startbarticker/startbarticker.exe
weathercast programfiles\weathercast\weather.exe /q
yahoo pager program files\ yahoo\messenger\ypager.exe -quiet
Runonce
default
eZstub c:\ezstub.exe
thanks
not sure which one(s) to delete
Kill these:
contentservice windows\system\winservn.exe is referenced here:
startbarticker program files\startbarticker\startbarticker/startbarticker.exe
eZstub c:\ezstub.exe
Anyone know what this is?
Eaas windows\application data\aupt.exe
contentservice windows\system\winservn.exe is referenced here:
startbarticker program files\startbarticker\startbarticker/startbarticker.exe
eZstub c:\ezstub.exe
Anyone know what this is?
Eaas windows\application data\aupt.exe
- Thread starter
- #13
I'm deleting the runonce key
with
default (value not set)
eZstub c:\ezstub.exe
the Run-
with
Default
Forbes program files\forbes\forbesalerts.exe
MrkWhols program files\startbarticker\market.exe /s
startbarticker program files\startbarticker\startbarticker/startbarticker.exe
weathercast programfiles\weathercast\weather.exe /q
yahoo pager program files\ yahoo\messenger\ypager.exe -quiet
can I delte that also?
with
default (value not set)
eZstub c:\ezstub.exe
the Run-
with
Default
Forbes program files\forbes\forbesalerts.exe
MrkWhols program files\startbarticker\market.exe /s
startbarticker program files\startbarticker\startbarticker/startbarticker.exe
weathercast programfiles\weathercast\weather.exe /q
yahoo pager program files\ yahoo\messenger\ypager.exe -quiet
can I delte that also?
- Thread starter
- #14
under the explorer bars
2CFOB992-5EEB-4143-99C0-52977EF71F444
bar size c8 00 00 00
4528BBE0-4E08-11D5-AD55-0010333DOAD
bar size a7 00 00 00 00
4D5C8C25-DO75-11dO-B416-OOCO4FB90376
BAR SIZE 41 00 00 00 00 00 00 00
6F48OF82-C3A6-4D35-96F7-B297AD49FBE8
BAR SIZE FA 00 00 00 00 00 00 00
on right side of TOOLBARS
DEFAULT red icon (ab)
014DA6C9-189F red icon (ab)
2CFOB992-5EEB red icon (ab)
42CDD1BF-3FFB norton antirus red icon (ab)
5F1ABCDB-A875 zero-length binary value BLUE ICON (ouo?)
6EF3AE25-5A7D zero-length binary value BLUE ICON (ouo?)
8E718888-423F-1 00
thanks for your help
2CFOB992-5EEB-4143-99C0-52977EF71F444
bar size c8 00 00 00
4528BBE0-4E08-11D5-AD55-0010333DOAD
bar size a7 00 00 00 00
4D5C8C25-DO75-11dO-B416-OOCO4FB90376
BAR SIZE 41 00 00 00 00 00 00 00
6F48OF82-C3A6-4D35-96F7-B297AD49FBE8
BAR SIZE FA 00 00 00 00 00 00 00
on right side of TOOLBARS
DEFAULT red icon (ab)
014DA6C9-189F red icon (ab)
2CFOB992-5EEB red icon (ab)
42CDD1BF-3FFB norton antirus red icon (ab)
5F1ABCDB-A875 zero-length binary value BLUE ICON (ouo?)
6EF3AE25-5A7D zero-length binary value BLUE ICON (ouo?)
8E718888-423F-1 00
thanks for your help
TekTippy4U
Technical User
muz;
A somewhat easier method is to let HijackThis! remove them
Take away these
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
The Run- key are already Disabled REG startups
any Run-, RunOnceServices-, RunOnceEx-....with a hyphen at the end are
D/l and run CWS after to clean it more
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
A somewhat easier method is to let HijackThis! remove them
Take away these
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
The Run- key are already Disabled REG startups
any Run-, RunOnceServices-, RunOnceEx-....with a hyphen at the end are
D/l and run CWS after to clean it more
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
TekTippy4U
Technical User
Xemus;
Very informative links, especially the docxdesk....
Everyone should know how activeX and DCOM blatantly rape your machine by being allowed to d/l and run.....
I can't believe all the 016's that people have....
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
Very informative links, especially the docxdesk....
Everyone should know how activeX and DCOM blatantly rape your machine by being allowed to d/l and run.....
I can't believe all the 016's that people have....
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
- Thread starter
- #17
thanks for your thoughts and help
these are additional loaded into startup I found through system config utility
Eaas windows\appliication data\aupt.exe
contentservice windows\system\winservn.exe
clocksync program files\clock sync.exe /q
msbb program files\n-cas\msbb.exe
IST serice program files\ISTsvc\istsvc.exe
Updatestats program files\media\media\updatestats.exe
Bargains program files\bargain buddy\bin\bargains.exe
ADGJNQ windows/ADGJNQ.exe
(2CFoB992-5EEB-4143-99cO-5297EF71F444) rundll32.exe C:\windows\system\stlbdist.dll.dllrunmain
autoloaderaproposclient \apropos_client_loader.exe/hideUninstall/PC="AM.WILD"
IEDriver windows\system\IEDriver\IEDRiver.exe
EbatesMoeMoneyMaker wjview /cp
C:\program files\EbatesMoeMoneyMaker\System\Code"Main lP: "C:\Program files\EbatesMoeMoneyMaker"
thanks for everyone's thoughts and help
these are additional loaded into startup I found through system config utility
Eaas windows\appliication data\aupt.exe
contentservice windows\system\winservn.exe
clocksync program files\clock sync.exe /q
msbb program files\n-cas\msbb.exe
IST serice program files\ISTsvc\istsvc.exe
Updatestats program files\media\media\updatestats.exe
Bargains program files\bargain buddy\bin\bargains.exe
ADGJNQ windows/ADGJNQ.exe
(2CFoB992-5EEB-4143-99cO-5297EF71F444) rundll32.exe C:\windows\system\stlbdist.dll.dllrunmain
autoloaderaproposclient \apropos_client_loader.exe/hideUninstall/PC="AM.WILD"
IEDriver windows\system\IEDriver\IEDRiver.exe
EbatesMoeMoneyMaker wjview /cp
C:\program files\EbatesMoeMoneyMaker\System\Code"Main lP: "C:\Program files\EbatesMoeMoneyMaker"thanks for everyone's thoughts and help
- Thread starter
- #18
Also,
I know a company that's looking for contractors now and seem to have requirements routinely. Here's some of the opportunities they had last week
· Product Development: Requirements to Deployment
· Developers:
· J2EE, Websphere, DB2, Caliber, UML
· GUI Development, Web Design, Websphere
· DB2 Architect; DB2 Developer
· Business Systems Analysts: Rational, UML, SDLC, Requirements skills
· ERP: Hands-on types
· JD Edwards Manufacturing – shop floor management, inventory, reporting
· SAP configurator: HR
· SAP configurators: MM, SD, FI.
· Systems Integration
· OS/390 (z-os) RACF, plus LDAP. Great multiple, continuing opportunities
Do you know where I can find people that may be interetsed? Is there a board or forum? thanks
I know a company that's looking for contractors now and seem to have requirements routinely. Here's some of the opportunities they had last week
· Product Development: Requirements to Deployment
· Developers:
· J2EE, Websphere, DB2, Caliber, UML
· GUI Development, Web Design, Websphere
· DB2 Architect; DB2 Developer
· Business Systems Analysts: Rational, UML, SDLC, Requirements skills
· ERP: Hands-on types
· JD Edwards Manufacturing – shop floor management, inventory, reporting
· SAP configurator: HR
· SAP configurators: MM, SD, FI.
· Systems Integration
· OS/390 (z-os) RACF, plus LDAP. Great multiple, continuing opportunities
Do you know where I can find people that may be interetsed? Is there a board or forum? thanks
- Thread starter
- #19
Glad to hear you got it cleared up.
Regarding the job posting. Is there a local job search in your area? The big tech job sites are
I haven't posted a job opening, but you might want to check into those.
Good luck.
Regarding the job posting. Is there a local job search in your area? The big tech job sites are
I haven't posted a job opening, but you might want to check into those.
Good luck.
- Status
Similar threads
- Locked
- Question