Jump to content


Photo

My Hijack log.... :(


  • This topic is locked This topic is locked
9 replies to this topic

#1 Annie

Annie

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 August 2004 - 10:12 PM

Thanks Rosso for the advice and the help. :love:
Here's my Hijack log and below is the problem. :weep:

"My qttask error" other thread.....


Logfile of HijackThis v1.98.2
Scan saved at 10:38:11 PM, on 8/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INOCULATEIT PE\VETTRAY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\VETMSG9X.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\EI3V58BN\HIJACKTHIS19802[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchassistance.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.searchassistance.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.searchassi...m/ie/custom.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...i?searchterm=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...i?searchterm=%s
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\INOCUL~1\VETTRAY.EXE
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: SearchBar - {1FBA04EE-1969-11d2-8F1F-0000F87ABD16} - shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: Search the Web - {1FBA04EE-1969-11d2-8F1F-0000F87ABD16} - shdocvw.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-c.mhi.ao...s/custappx2.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = address.com

#2 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 17 August 2004 - 08:49 AM

Annie, I am now looking at your log. :)

There are quite a few baddies that need taking care of... Hang in there while I ask for expert confirmation of my findings, and I'll be back to you as soon as possible.

In the meanwhile, it will be a good idea to move HijackThis from the Temp folder to another, permanent one, so it's easier to locate the backups it makes of the items you'll have it fix. Otherwise the backups (and HijackThis itself) may be deleted by mistake if you ever empty the Temp folder.

Best,
R. :wave:
I am the iron anchor.

#3 Annie

Annie

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 18 August 2004 - 07:29 PM

Annie, I am now looking at your log. :)

There are quite a few baddies that need taking care of... Hang in there while I ask for expert confirmation of my findings, and I'll be back to you as soon as possible.

In the meanwhile, it will be a good idea to move HijackThis from the Temp folder to another, permanent one, so it's easier to locate the backups it makes of the items you'll have it fix. Otherwise the backups (and HijackThis itself) may be deleted by mistake if you ever empty the Temp folder.

Best,
R. :wave:

Hi Rosso.... :wave:

Please don't forget about me...

Thanks,
Annie

#4 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 18 August 2004 - 08:06 PM

No, I haven't forgotten you... :)

I've already submitted a possible fix and I'm still waiting for feedback from the experts... :scratchhead:

Best,
R. :wave:
I am the iron anchor.

#5 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 19 August 2004 - 12:50 AM

Help's on the way. Just a little more patience and we're getting there. :thumbsup:

Best,
R. :wave:
I am the iron anchor.

#6 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 19 August 2004 - 11:30 PM

Annie, hi again. :)

You haven't given any details about the smilies programme you installed. Try looking for this programme's name in Control Panel --> Add/Remove and see if you can uninstall it from there. Reboot and delete any folder related to this programme that may still be there in your Program Files.

To get rid of the qttask you will need to download the full free QuickTime player from here: http://www.apple.com...oad/standalone/ and install it, so that you will be able to uninstall it properly later (even if you decide to keep it, you will be able to get rid of its system tray icon by following the directions I gave you in my previous post).

Please remember to move HijackThis in its own folder, so that the backups it makes of the items you fix won't get deleted by mistake and you can easily restore them in case you need to do so.

Now run HijackThis again, check the boxes beside ALL of the following entries and hit Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchassistance.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.searchassistance.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.searchassi...m/ie/custom.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...i?searchterm=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...i?searchterm=%s
O9 - Extra button: SearchBar - {1FBA04EE-1969-11d2-8F1F-0000F87ABD16} - shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: Search the Web - {1FBA04EE-1969-11d2-8F1F-0000F87ABD16} - shdocvw.dll (file missing)


If you have knowingly installed the Webshots programme, leave the below entry alone:
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
Otherwise, you can have it fixed in HijackThis too.

Run HijackThis again and post a fresh log.

Best,
R. :wave:
I am the iron anchor.

#7 Annie

Annie

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 21 August 2004 - 02:19 PM

Annie, hi again. :)

You haven't given any details about the smilies programme you installed. Try looking for this programme's name in Control Panel --> Add/Remove and see if you can uninstall it from there. Reboot and delete any folder related to this programme that may still be there in your Program Files.

To get rid of the qttask you will need to download the full free QuickTime player from here: http://www.apple.com...oad/standalone/ and install it, so that you will be able to uninstall it properly later (even if you decide to keep it, you will be able to get rid of its system tray icon by following the directions I gave you in my previous post).

Please remember to move HijackThis in its own folder, so that the backups it makes of the items you fix won't get deleted by mistake and you can easily restore them in case you need to do so.

Now run HijackThis again, check the boxes beside ALL of the following entries and hit Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchassistance.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.searchassistance.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.searchassi...m/ie/custom.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...i?searchterm=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...i?searchterm=%s
O9 - Extra button: SearchBar - {1FBA04EE-1969-11d2-8F1F-0000F87ABD16} - shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: Search the Web - {1FBA04EE-1969-11d2-8F1F-0000F87ABD16} - shdocvw.dll (file missing)


If you have knowingly installed the Webshots programme, leave the below entry alone:
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
Otherwise, you can have it fixed in HijackThis too.

Run HijackThis again and post a fresh log.

Best,
R. :wave:

Thanks for not forgetting about me Rosso:D

I'm not sure how to do this::weee:

"Please remember to move HijackThis in its own folder, so that the backups it makes of the items you fix won't get deleted by mistake and you can easily restore them in case you need to do so."

The Quicktime I can do ...Thanks so much

The smilie program Smilie-fabrik was never listed in the Add/Remove panel. I deleted it, so the application & etc is sitting in my garbage can. Not sure what to do with that :wtf:

Now that you mention it, when I started to download Webshotz, my system crashed. So no, I don't want it at all on my system....

thanks so mUCH for your help Rosso :love:

#8 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 21 August 2004 - 03:05 PM

Hi Annie... you're most welcome. :)

To move HijackThis in its own folder, just create a new folder in a convenient location (your desktop, for instance). To create a new folder, right-click on an empty area of your desktop, select New and then Folder. Name this folder HJT or HijackThis (this is just an example - you can give it any name you like as long as it helps you remember what's in the folder :p).

Go to the location HijackThis is at the moment (C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\EI3V58BN\HIJACKTHIS19802[1].EXE) and copy the HijackThis executable (HIJACKTHIS19802[1].EXE) by right-clicking on it and selecting Copy. Then open the new folder you have created on your desktop, right-click anywhere inside it and select Paste. HijackThis will now be in its own permanent home. :p

For the other problem you encountered with the smilies prog I will have to ask for expert advice on what to do... I'll be back to you very soon.

R. :wave:

Edited by rosso_acido, 21 August 2004 - 07:22 PM.

I am the iron anchor.

#9 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 21 August 2004 - 06:15 PM

Well... now let's get started. :)

Just deleting the folder that contains this programme will not erase its entries in the registry. Open the Recycle bin and select Restore All. This will put the items you deleted back in their original place, so we can deal with them properly.

Before doing anything else, go here: http://www.lavasoftu...pport/download/ and download Ad-Aware SE Personal. Install it following the instructions in the dialogue boxes and uncheck ALL the squares in the final screen that will give you the options of running a check, updating the definitions etc. It is better to do this manually later. Restart your PC, connect to the Internet and open Ad-Aware SE by double-clicking its icon on the desktop. Click on "Check for updates" in the lower right corner or on the blue earth globe in the upper right corner. Follow the prompts to update the programme's definitions. Once the update reaches 100%, disconnect from the Internet and close the programme.

Now run HijackThis again and fix the items I suggested. Reboot, open Ad-Aware SE and press the Start button to begin the scan. Check the "Full system scan" option and press "Next". When the scan is finished, you will be notified of the malicious items it found. Click "Next" and "OK" when it asks you if you're sure you want to remove them. This will hopefully take care of most of the infection. Restart your PC again.

Now go to the location you had found the Smilie-fabrik folder and if it's still there, delete it. Don't empty the recycle bin yet.

Then run HijackThis again and post a fresh log.

R. :)
I am the iron anchor.

#10 Annie

Annie

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 10 October 2004 - 11:26 PM

Well... now let's get started. :)

Just deleting the folder that contains this programme will not erase its entries in the registry. Open the Recycle bin and select Restore All. This will put the items you deleted back in their original place, so we can deal with them properly.
OK I did this...

Before doing anything else, go here: http://www.lavasoftu...pport/download/ and download Ad-Aware SE Personal. Install it following the instructions in the dialogue boxes and uncheck ALL the squares in the final screen that will give you the options of running a check, updating the definitions etc. It is better to do this manually later. Restart your PC, connect to the Internet and open Ad-Aware SE by double-clicking its icon on the desktop. Click on "Check for updates" in the lower right corner or on the blue earth globe in the upper right corner. Follow the prompts to update the programme's definitions. Once the update reaches 100%, disconnect from the Internet and close the programme.
I already have Ad-aware6.0 on my PC.

Now run HijackThis again and fix the items I suggested.
I did this and fixed all the things you suggested.

Reboot, open Ad-Aware SE and press the Start button to begin the scan. Check the "Full system scan" option and press "Next". When the scan is finished, you will be notified of the malicious items it found. Click "Next" and "OK" when it asks you if you're sure you want to remove them. This will hopefully take care of most of the infection. Restart your PC again.
I ran it and removed some items.

Now go to the location you had found the Smilie-fabrik folder and if it's still there, delete it. Don't empty the recycle bin yet.
The Smilie_fabrik is an application and it didn't appear on the Ad-Aware scan. So I'll go delete it again now...

Then run HijackThis again and post a fresh log.R. :)

View Post



I know I'm really late but here's my new log Rosso. I hope you still are here and can help me. Thanks so much..


Logfile of HijackThis v1.98.2
Scan saved at 11:48:32 PM, on 10/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\INOCULATEIT PE\VETTRAY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\VETMSG9X.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLWBSPD.EXE
C:\PROGRAM FILES\ACD SYSTEMS\ACDSEE\ACDSEE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\INOCUL~1\VETTRAY.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\REFRESH.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-c.mhi.ao...s/custappx2.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button