Good Morning / Afternoon,
Thanks Admin, Here is the startup log...
I noticed on there that the WINPATROL is still showing... And a few others that I found...
MSN messenger, Shockwave Flash Object, 3-Symantec items, and a thingy from Yahoo about downloading games... "I don't download games, music, etc..."
I have Panda Virus Protection, so don't know why the Symantec is still there?
If you have any questions on any of items on the log... Please feel free to ask...
If I don't use it, I don't want it, If I don't need it, I don't want it...
I am so thankful of your help.... I just hope that the thorn has not grown?
Thanks,
Staci
StartupList report, 4/20/04, 9:00:33 AM
StartupList version: 1.52
Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
IgfxTray = C:\WINDOWS\SYSTEM\igfxtray.exe
HotKeysCmds = C:\WINDOWS\SYSTEM\hkcmd.exe
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
SCANINICIO = "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
APVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
LoadQM = loadqm.exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
WinPatrol = "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
PAVFIRES = C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=C:\PROGRA~1\PANDAS~1\PANDAA~1\hpfsched.bat;C:\PROGRA~1\PANDAS~1\PANDAA~1\hpfsched.exe;C:\PROGRA~1\PANDAS~1\PANDAA~1\hpfsched.com;C:\PROGRA~1\PANDAS~1\PANDAA~1\hpfsched.scr;C:\PROGRA~1\PANDAS~1\PANDAA~1\hpfsched.vbs;C:\WINDOWS\hpfsched.bat;C:\WINDOWS\hpfsched.exe;C:\WINDOWS\hpfsched.com;C:\WINDOWS\hpfsched.scr;C:\WINDOWS\hpfsched.vbs;C:\WINDOWS\COMMAND\hpfsched.bat;C:\WINDOWS\COMMAND\hpfsched.exe;C:\WINDOWS\COMMAND\hpfsched.com;C:\WINDOWS\COMMAND\hpfsched.scr;C:\WINDOWS\COMMAND\hpfsched.vbs;C:\WINDOWS\SYSTEM\hpfsched.bat;C:\WINDOWS\SYSTEM\hpfsched.exe;C:\WINDOWS\SYSTEM\hpfsched.com;C:\WINDOWS\SYSTEM\hpfsched.scr;C:\WINDOWS\SYSTEM\hpfsched.vbs
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 19/4/2004, 7:52:40)
[Rename]
NUL=C:\WINDOWS\SYSTEM\WININET.DLL
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\SET3105.TMP
C:\WINDOWS\SYSTEM\jscript.dll=C:\WINDOWS\SYSTEM\jscript.001
C:\WINDOWS\SYSTEM\crypt32.dll=C:\WINDOWS\SYSTEM\crypt32.001
C:\WINDOWS\SYSTEM\schannel.dll=C:\WINDOWS\SYSTEM\schannel.001
C:\WINDOWS\SYSTEM\softpub.dll=C:\WINDOWS\SYSTEM\softpub.001
C:\WINDOWS\SYSTEM\msnet32.dll=C:\WINDOWS\SYSTEM\msnet32.001
C:\WINDOWS\SYSTEM\shell32.dll=C:\WINDOWS\SYSTEM\shell32.001
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
SET PATH=C:\PROGRA~1\PANDAS~1\PANDAA~1;%PATH%
C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVCLSHE C:\PROGRA~1\PANDAS~1\PANDAA~1\
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Windows Critical Update Notification.job
--------------------------------------------------
Enumerating Download Program Files:
[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE =
http://download.yaho...s/yinst0401.cab[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE =
http://download.macr...ash/swflash.cab[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE =
http://v4.windowsupd...8083.0151157407[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE =
http://security.syma...bin/AvSniff.cab[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE =
http://security.syma...n/bin/cabsa.cab[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\POPCAPLOADER.DLL
CODEBASE =
http://download.game...aploader_v5.cab--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 6,543 bytes
Report generated in 0.868 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only