Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Logfile

Started by tofu5 , May 11 2005 06:03 PM

  • Please log in to reply

#1
tofu5
Posted 11 May 2005 - 06:03 PM

tofu5

    Member

  • Member
  • PipPipPip
  • 175 posts
Hello. My homepage is being usrped by searchforfree.info and they are also adding unwanted bookmarks. I have no idea what else. Thanks. Nancy

Logfile of HijackThis v1.99.1
Scan saved at 7:58:07 PM, on 05/12/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\EAST TENNESSEE NETWORK XTN XPRESS\PROPELAC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\DRWATSON.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hawkins.xtn.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XTN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\EAST TENNESSEE NETWORK XTN XPRESS\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PP7600usb] C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe
O4 - HKLM\..\Run: [isystem] C:\WINDOWS\SYSTEM\isystem.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\SYSTEM\ICASSERV.EXE
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\East Tennessee Network XTN Xpress\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ldriver] C:\WINDOWS\SYSTEM\ldriver.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - User Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\East Tennessee Network XTN Xpress\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\East Tennessee Network XTN Xpress\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\East Tennessee Network XTN Xpress\pac-image.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O21 - SSODL: nuWsAC - {1B180EEE-B1B2-A444-074E-1B3C57220A49} - C:\WINDOWS\SYSTEM\RCJ.DLL
  • 0

Advertisements

#2
Guest_nommork_*
Posted 11 May 2005 - 06:17 PM

Guest_nommork_*
  • Guest
Run two of the following programs
Spysweeper
http://www.webroot.c...4a8c66981b574e5

Microsoft Anti-spyware
http://www.microsoft...re/default.mspx

Ad-aware se
http://www.lavasoft....ftware/adaware/

Ewido
http://www.ewido.net

Counterspy
http://www.sunbeltsoftware.com

Run at least two of the online AV scans:
Panda Active Scan
House Call (Trend Micro)
BitDefender Free Online Virus Scan
F-Secure Free Online Virus Scan
Symantec Security Scan & Virus Detection
RAV AntiVirus Online Virus Scan!
Danish Antivirus scan
McAfee Antivirus scan
Danish Antivirus scan
F-SecureAntivirus scan
  • 0

#3
tofu5
Posted 12 May 2005 - 10:34 AM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I went to webroot.com to get Spysweeper. I did a SpyAudit first, 3/4 of the way thru a box came up that said"external exception C0000006. I clicked OK, then the scanning process stopped and did not resume, I tried this three times and could not get any further.

I did AdAware se and even posted to them, they said I am clean.
SpyBot said "No immediate threats were found".

For the AV, I went to the Symantec site and tried to do a Security Scan. After downloading ActiveX, I clickied on something and it said "Page Cannot be displayed". I then went back to Symantec and tried to do a virus scan, they said I was unable to download what was needed.

I know I have something as my homepage is being taken over continually to go to searchforfree.info and the bookmarks that keep coming back list the url as yoursearchws
I went to BitDefende and was downloading when up popped This Program has performed an illegal operation, etc(I am typing blind now as this box covers what I am writing.. So i have not done any virus scans that you recommended.

Nancy
  • 0

#4
tofu5
Posted 12 May 2005 - 10:40 AM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I got rid of the "You have performed an illegal operation etc" box, finished BitDefender, they said they found no viral code.
Nancy
  • 0

#5
tofu5
Posted 12 May 2005 - 10:51 AM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I have Windows 98 on my computer and am having a hard time finding anti-spyware/virus programs for that, most want Windows 2000.
  • 0

#6
Guest_nommork_*
Posted 13 May 2005 - 06:57 AM

Guest_nommork_*
  • Guest
Please post a new HJT file.
  • 0

#7
tofu5
Posted 14 May 2005 - 10:04 AM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
Now I am having problems with hijackthis. When I follow the procedure to scan and get the logfiles, a box comes up that say "an error occurred while loading the file C:/unzipped/hijackthis...The file is damaged or is not a valid Dr. Watson file".
This did not come up originally when I did the first hijackhis scan.

Nancy
  • 0

#8
Eric the Red
Posted 15 May 2005 - 05:02 PM

Eric the Red

    Member

  • Member
  • PipPip
  • 13 posts
Would you please try starting your computer in Safe Mode as shown at the following link:

How to start the computer in Safe mode

With the machine running in safe mode try to access HJT again and run it. On completion do not delete anything, just reboot back to normal mode and post the log as requested.
  • 0

#9
tofu5
Posted 15 May 2005 - 05:50 PM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I will do this tomorrow, when I have the help of my husband. I am in way over my head already. Thank you so much.

Nancy
  • 0

#10
tofu5
Posted 16 May 2005 - 12:13 PM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
My husband felt uncomfortable about putting my computer into SAFE mode, he said it can get tricky. So he would not do it.
I went into hijackthis again, but did just a scan. When I tried to save the result, a box came up that said " an error occurred while loading the file C:/unzipped/hijackthismay16logfile. The file is damaged or is not a valid Dr. Watson log file"
I redid:
AVG Free
Ad-Aware SE Personal
CW Shredder
Spybot Search and Destroy(no problems)
Spy Audit (3/4 of the way thru a box came up that said "external exception C0000006", I clicked OK but SpyAudit went not further.

A question: a year this computer was given to me by a friend, a university statistics professor. She left lots of stuff on the computer and about a month ago I started deleting obvious files and programs I would never use. I remember seeing a Dr. Watson and thinking it was a file about her doctor. Is there a chance I could have deleted something to do with Dr. Watson?
I am curious tho how I did copy a hiajckthis logfile week ago but cannot now.

Nancy
  • 0

Advertisements

#11
Guest_nommork_*
Posted 16 May 2005 - 04:46 PM

Guest_nommork_*
  • Guest
Number 1 there is nothing tricky about putting a PC into Windows Safe Mode or getting out of SAfe Mode. IT is built into Windows by MIcrosoft so that in the event Windows is damamged and cannot start you can get into Safe Mdoe and attempt to fix it. Safe Mode only loads those programs required by Windows to run so it does not allow most spyware to run by its very nature See here for an explaination http://computer.hows...question575.htm. If want more info type in SAfe MOde in a seach engine like Google and read about it, there are lots of websites that talk about it.

IF you removed programs that were proerly registered by Windows without using START|Control Panel|Add/Remove Programs in Windows then you have not removed all the items that were required to be removed

You need to create a new directory for HJT something like C:\HJT and unzip the Hijackthis executable file. Download HJT again and do a scan.

Dr Watson is a Windows program that when activated will record the memory locations that a program used and corrupted. Looking at Dr Watson log takes someone with a great deal of knowledge about Windows to interpret properly

Idf you didn't use START|Control PAnel|Add/Remove Programs in Windows then you did not remove the programs properly

Edited by nommork, 16 May 2005 - 04:47 PM.

  • 0

#12
tofu5
Posted 19 May 2005 - 11:10 AM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I went into SAFE mode, ran a hjt scan but the same "an error occurred while loading the file C:/hjt/hijackthislog...The file is damaged or is not a valid Dr. Watson file" came up. I still believe I possibly did something to the Dr. Watson file. My husband just got a new computer and went in looking for Dr. Watson, thinking he could possibly copy it and put it back in my computer. But he said there was so much about Dr. Watson he would not know what to try to put back, if I did delete something. I was able to do an initial hjt logfile but cannot do it a 2nd time.
I have also gotten a Trojan three times in the past week. It says it is 1BAOFA91.exe. Luckily AVG catches it right away.

Nancy
  • 0

#13
Guest_nommork_*
Posted 19 May 2005 - 04:07 PM

Guest_nommork_*
  • Guest
The executable file is not called hijackthislog, it is named hijackthis

Please download Hijackthis 1.99.1
Hijackthis 1.99.1 Download


Scan and post a new log
  • 0

#14
tofu5
Posted 19 May 2005 - 05:42 PM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I followed your advice, and after scanning received the notice " An error occurred while loading the file C:\UNZIPPED\hijackthis(1)\hijackthis.log The file is damaged or is not a valid Dr. Watson file".
Also, I tried to defragment and scan today. I could not defragment, after 1 1/2 hrs. I was only 20%. It stated the Drives contents had changed and was restarting. It said this a lot. When trying to scan, the comptuer stalled at 10% for quite a while, then after another hour was only a tad above 20% so I stopped it also. Can this all be connected?


Nancy
  • 0

#15
tofu5
Posted 20 May 2005 - 09:06 AM

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
may20hjtlogfile. I still get the Dr. Watson error but somehow my husband managed to get this logfile to his computer, via a floppy, and got it open. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 10:14:30 AM, on 05/20/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\EAST TENNESSEE NETWORK XTN XPRESS\PROPELAC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hawkins.xtn.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/?sid=u001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/?sid=u001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XTN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\EAST TENNESSEE NETWORK XTN XPRESS\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {1B180EF4-B1B2-A45E-C0D2-2C2857220A4C} - C:\WINDOWS\SYSTEM\K6C40RVK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PP7600usb] C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\East Tennessee Network XTN Xpress\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - User Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\East Tennessee Network XTN Xpress\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\East Tennessee Network XTN Xpress\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\East Tennessee Network XTN Xpress\pac-image.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O21 - SSODL: nuWsAC - {1B180EEE-B1B2-A444-074E-1B3C57220A49} - C:\WINDOWS\SYSTEM\RCJ.DLL
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP