|
#1
April 14th, 2004, 09:54 AM
|
|||
|
|||
|
Please Help - System Errors
Hello. Lately I have been experiencing agravating problems with my computer. These all occured after one night - I downloaded nothing previously (although I am unsure if my other siblings may of done so) - and have annoyed and worried me since that time. As soon as I saw these errors, I vastly underestimated them. I followed to run Ad-Aware (which had always helped in the past) and to research the problem on my own - but my attempts failed, and the errors kept coming. The problems are as follows:
For one, every time I log in to my computer, Missing Shortcut errors pop up - and it seems that the number of these increase every log in. Such Missing Shortcut errors include missing the files "MORZE1.ink", "05A2A5WK.ink", and "K46606RO.ink". These are just a few, may I remind you that there are hundreds of these random files. After the missing shorcut file errors neared 200 I decided to try to search for a problem. I found that in the Startup folder all of these file names were listed - but with .exe at the end instead of .ink. I quickly deleted these, and it seemed that I had solved the problem. Then I logged in again - and 8 NEW shortcut errors popped up. Another problem that I think may or may not be related to the previous one is as follows. My home page keeps changing... ON ITS OWN. Unfortunately, I have already reset it to the common google.com, but I am sure that it will return to the "ghost" homepage again. I truly wish I could post the name now, if that could help any of you help me. Lastly (or so I think), I have lately been getting bombarded with an exceeding ammount of pop ups. It seems that whatever site I go to, 4 pop ups pop up (including this site). These pop ups sometimes vary, but there are the repeats, and may I remind you, that these repeats repeat themselves often on varying websites. I am using Windows ME - and am near to just reinstalling the Windows in its whole... although I'd rather not, for I'd have to reconfigure internet settings, reinstall all programs, etc. PLEASE help me with any advice that you can give. Just as a side note, before I reached this site I tried to do some research on this problem. One site that I found listed similiar problems that related to my first problem - saying that the previous were caused be an "Adtomi Adware infection". Well... thanks for your time - and once again, I beg of you for some help. Sincerely, Cole Thompson 
|
|
#2
April 14th, 2004, 09:59 AM
|
|||
|
|||
|
Welcome to CTH, Cole
It appears that you may well have a coolwebsearch infestation Download the following programmes: 1.cwshredder 2.Hijack this 3.Spybot & 4.Adaware Run Program 1 and have it fix anything it finds Update programs 3 & 4, then run the programmes, have them fix anything they find. When you have run and fixed everything with Spybot Search and Destroy and AdAware, please reboot before scanning, as not everything can be removed when Windows is running When you have done all that, launch Hijack This, then press Scan, and press Save Log This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more. open that file Go to Edit | Select all Now click Edit | copy to copy it Do not change anything just yet Come back to the forum, Right Click and paste its contents here
|
|
#3
April 14th, 2004, 10:22 AM
|
|||
|
|||
|
First off - I REALLY appreciate the help.
Heres the saved log, I hope it can help: Logfile of HijackThis v1.97.7 Scan saved at 5:19:37 AM, on 4/14/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\MSREXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.master-search.com/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc. R3 - Default URLSearchHook is missing O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL (file missing) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWAY\BAR\1.BIN\MWSBAR.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWAY\SEARCHAT\1.BIN\MWSSRCAS.DLL (file missing) O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [M7HU2BJA.EXE] C:\WINDOWS\M7HU2BJA.EXE /dk O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SPYWAREBLOCKER.EXE" /0 O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart O4 - HKCU\..\Run: [M7HU2BJA.EXE] C:\WINDOWS\M7HU2BJA.EXE /dk O4 - Global Startup: 4QB799HI.lnk = C:\WINDOWS\4qb799hi.exe O4 - Global Startup: 0QPA71PJ.lnk = C:\WINDOWS\0qpa71pj.exe O4 - Global Startup: C0TGW0XM.lnk = C:\WINDOWS\c0tgw0xm.exe O4 - Global Startup: NWPWQADR.lnk = C:\WINDOWS\nwpwqadr.exe O4 - Global Startup: RM3R8QVJ.lnk = C:\WINDOWS\rm3r8qvj.exe O4 - Global Startup: 3NLV7BRD.lnk = C:\WINDOWS\3nlv7brd.exe O4 - Global Startup: EXR98U5H.lnk = C:\WINDOWS\exr98u5h.exe O4 - Global Startup: FHO6E93M.lnk = C:\WINDOWS\fho6e93m.exe O4 - Global Startup: GITMOEBQ.lnk = C:\WINDOWS\gitmoebq.exe O4 - Global Startup: 0AXOA62T.lnk = C:\WINDOWS\0axoa62t.exe O4 - Global Startup: X3XCDHC7.lnk = C:\WINDOWS\x3xcdhc7.exe O4 - Global Startup: T0YVRRM2.lnk = C:\WINDOWS\t0yvrrm2.exe O4 - Global Startup: OBYLPVKP.lnk = C:\WINDOWS\obylpvkp.exe O4 - Global Startup: XCC7LUGD.lnk = C:\WINDOWS\xcc7lugd.exe O4 - Global Startup: UWJ3D2C5.lnk = C:\WINDOWS\uwj3d2c5.exe O4 - Global Startup: VNYHH0HM.lnk = C:\WINDOWS\vnyhh0hm.exe O4 - Global Startup: EW2NF3MU.lnk = C:\WINDOWS\ew2nf3mu.exe O4 - Global Startup: 4TL0777H.lnk = C:\WINDOWS\4tl0777h.exe O4 - Global Startup: 0K79P13B.lnk = C:\WINDOWS\0k79p13b.exe O4 - Global Startup: M6T975VR.lnk = C:\WINDOWS\m6t975vr.exe O4 - Global Startup: 9PMJ6U5P.lnk = C:\WINDOWS\9pmj6u5p.exe O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe O4 - Global Startup: U96EVD26.lnk = C:\WINDOWS\u96evd26.exe O4 - Global Startup: 1NJZR8BG.lnk = C:\WINDOWS\1njzr8bg.exe O4 - Global Startup: 8JT8BC8I.lnk = C:\WINDOWS\8jt8bc8i.exe O4 - Global Startup: YXBJ0MRI.lnk = C:\WINDOWS\yxbj0mri.exe O4 - Global Startup: J62PX9YD.lnk = C:\WINDOWS\j62px9yd.exe O4 - Global Startup: K46606RO.lnk = C:\WINDOWS\k46606ro.exe O4 - Global Startup: Y1ZPPB4P.lnk = C:\WINDOWS\y1zppb4p.exe O4 - Global Startup: YH0TXXH2.lnk = C:\WINDOWS\yh0txxh2.exe O4 - Global Startup: MORZE3.lnk = C:\WINDOWS\morze3.exe O4 - Global Startup: PY1MQRVB.lnk = C:\WINDOWS\py1mqrvb.exe O4 - Global Startup: 05A2A5WK.lnk = C:\WINDOWS\05a2a5wk.exe O4 - Global Startup: CY7IONWD.lnk = C:\WINDOWS\cy7ionwd.exe O4 - Global Startup: B2X0M7C1.lnk = C:\WINDOWS\b2x0m7c1.exe O4 - Global Startup: 76Q5VCJ1.lnk = C:\WINDOWS\76q5vcj1.exe O4 - Global Startup: M7HU2BJA.lnk = C:\WINDOWS\m7hu2bja.exe O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Encarta Encyclopedia (HKLM) O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM) O9 - Extra button: Define (HKLM) O9 - Extra 'Tools' menuitem: Define (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Dell Home (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.c...winorbiter.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://c2s.chccs.k12.nc.us/Citrix/I...a32/wficac.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...077.8562847222 O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
|
|
#4
April 14th, 2004, 10:27 AM
|
|||
|
|||
|
You've run Cwshredder, spybot and adaware?
|
|
#5
April 14th, 2004, 10:28 AM
|
|||
|
|||
|
Yes... >< - although CWShredder didn't come up with anything to fix...
|
|
#6
April 14th, 2004, 10:31 AM
|
|||
|
|||
|
In that case the next stage, would be to run an antivirus scan, update it first, then do a full scan
|
|
#7
April 14th, 2004, 10:33 AM
|
|||
|
|||
|
OK - the following will be a bit embarassing to say...
In a mad deleting desperate rage, I deleted LiveUpdate which is needed to update Nortan AntiVirus... so I'm stuck w/ a 2000 version... any ideas where I could reinstall LiveUpdate? I ran Nortan 2000 before I posted. --------------------------------------------------- Also when you said "When you have run and fixed everything with Spybot Search and Destroy and AdAware, please reboot before scanning, as not everything can be removed when Windows is running", I was unsure how to NOT run windows and yet run the above two programs. Maybe thats whats wrong? Last edited by ColeThompson; April 14th, 2004 at 10:36 AM.
|
It's free!!|
#9
April 14th, 2004, 10:38 AM
|
|||
|
|||
|
God I love free programs - I'll download and run it right now.
|
|
#10
April 14th, 2004, 10:38 AM
|
|||
|
|||
|
Quote:
Click Yes and then restart your PC
|
|
#11
April 14th, 2004, 10:53 AM
|
|||
|
|||
|
Ohhhhhhhhhh - I know what you're talking about - thats happened often in the past monthes with AdAware, although it didn't happen this time with Spybot.
I'm running AVG right now... *crosses fingers* - its already found 15 additional infected files. (additional applying to left over files that AdAware and the other programs didn't catch) Last edited by ColeThompson; April 14th, 2004 at 10:56 AM.
|
|
#12
April 14th, 2004, 11:09 AM
|
|||
|
|||
|
Post a fresh Hijack this log when all done
|
|
#13
April 14th, 2004, 11:14 AM
|
|||
|
|||
|
Ugh.
Here's a fresh log: Logfile of HijackThis v1.97.7 Scan saved at 6:13:00 AM, on 4/14/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\FTXGLC6N.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.master-search.com/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc. R3 - Default URLSearchHook is missing O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL (file missing) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWAY\BAR\1.BIN\MWSBAR.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWAY\SEARCHAT\1.BIN\MWSSRCAS.DLL (file missing) O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [FTXGLC6N.EXE] C:\WINDOWS\FTXGLC6N.EXE /dk O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SPYWAREBLOCKER.EXE" /0 O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart O4 - HKCU\..\Run: [FTXGLC6N.EXE] C:\WINDOWS\FTXGLC6N.EXE /dk O4 - Startup: M7HU2BJA.lnk = C:\WINDOWS\m7hu2bja.exe O4 - Startup: JRHZ1YCT.lnk = C:\WINDOWS\jrhz1yct.exe O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe O4 - Startup: 09MQ7CGY.lnk = C:\WINDOWS\09mq7cgy.exe O4 - Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O4 - User Startup: M7HU2BJA.lnk = C:\WINDOWS\m7hu2bja.exe O4 - User Startup: JRHZ1YCT.lnk = C:\WINDOWS\jrhz1yct.exe O4 - User Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe O4 - User Startup: 09MQ7CGY.lnk = C:\WINDOWS\09mq7cgy.exe O4 - User Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O4 - Global Startup: 4QB799HI.lnk = C:\WINDOWS\4qb799hi.exe O4 - Global Startup: 0QPA71PJ.lnk = C:\WINDOWS\0qpa71pj.exe O4 - Global Startup: C0TGW0XM.lnk = C:\WINDOWS\c0tgw0xm.exe O4 - Global Startup: NWPWQADR.lnk = C:\WINDOWS\nwpwqadr.exe O4 - Global Startup: RM3R8QVJ.lnk = C:\WINDOWS\rm3r8qvj.exe O4 - Global Startup: 3NLV7BRD.lnk = C:\WINDOWS\3nlv7brd.exe O4 - Global Startup: EXR98U5H.lnk = C:\WINDOWS\exr98u5h.exe O4 - Global Startup: FHO6E93M.lnk = C:\WINDOWS\fho6e93m.exe O4 - Global Startup: GITMOEBQ.lnk = C:\WINDOWS\gitmoebq.exe O4 - Global Startup: 0AXOA62T.lnk = C:\WINDOWS\0axoa62t.exe O4 - Global Startup: X3XCDHC7.lnk = C:\WINDOWS\x3xcdhc7.exe O4 - Global Startup: T0YVRRM2.lnk = C:\WINDOWS\t0yvrrm2.exe O4 - Global Startup: OBYLPVKP.lnk = C:\WINDOWS\obylpvkp.exe O4 - Global Startup: XCC7LUGD.lnk = C:\WINDOWS\xcc7lugd.exe O4 - Global Startup: UWJ3D2C5.lnk = C:\WINDOWS\uwj3d2c5.exe O4 - Global Startup: VNYHH0HM.lnk = C:\WINDOWS\vnyhh0hm.exe O4 - Global Startup: EW2NF3MU.lnk = C:\WINDOWS\ew2nf3mu.exe O4 - Global Startup: 4TL0777H.lnk = C:\WINDOWS\4tl0777h.exe O4 - Global Startup: 0K79P13B.lnk = C:\WINDOWS\0k79p13b.exe O4 - Global Startup: M6T975VR.lnk = C:\WINDOWS\m6t975vr.exe O4 - Global Startup: 9PMJ6U5P.lnk = C:\WINDOWS\9pmj6u5p.exe O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe O4 - Global Startup: U96EVD26.lnk = C:\WINDOWS\u96evd26.exe O4 - Global Startup: 1NJZR8BG.lnk = C:\WINDOWS\1njzr8bg.exe O4 - Global Startup: 8JT8BC8I.lnk = C:\WINDOWS\8jt8bc8i.exe O4 - Global Startup: YXBJ0MRI.lnk = C:\WINDOWS\yxbj0mri.exe O4 - Global Startup: J62PX9YD.lnk = C:\WINDOWS\j62px9yd.exe O4 - Global Startup: K46606RO.lnk = C:\WINDOWS\k46606ro.exe O4 - Global Startup: Y1ZPPB4P.lnk = C:\WINDOWS\y1zppb4p.exe O4 - Global Startup: YH0TXXH2.lnk = C:\WINDOWS\yh0txxh2.exe O4 - Global Startup: MORZE3.lnk = C:\WINDOWS\morze3.exe O4 - Global Startup: PY1MQRVB.lnk = C:\WINDOWS\py1mqrvb.exe O4 - Global Startup: 05A2A5WK.lnk = C:\WINDOWS\05a2a5wk.exe O4 - Global Startup: CY7IONWD.lnk = C:\WINDOWS\cy7ionwd.exe O4 - Global Startup: B2X0M7C1.lnk = C:\WINDOWS\b2x0m7c1.exe O4 - Global Startup: 76Q5VCJ1.lnk = C:\WINDOWS\76q5vcj1.exe O4 - Global Startup: M7HU2BJA.lnk = C:\WINDOWS\m7hu2bja.exe O4 - Global Startup: JRHZ1YCT.lnk = C:\WINDOWS\jrhz1yct.exe O4 - Global Startup: 09MQ7CGY.lnk = C:\WINDOWS\09mq7cgy.exe O4 - Global Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Encarta Encyclopedia (HKLM) O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM) O9 - Extra button: Define (HKLM) O9 - Extra 'Tools' menuitem: Define (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Dell Home (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.c...winorbiter.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://c2s.chccs.k12.nc.us/Citrix/I...a32/wficac.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...077.8562847222 O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB it appears that 3 new .ink random file thingys have been added to my old list...
|
|
#14
April 14th, 2004, 11:22 AM
|
|||
|
|||
|
Close all browser windows
Restart Hijack this and put a check mark against the following: R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.master-search.com/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php R3 - Default URLSearchHook is missing O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL (file missing) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWAY\BAR\1.BIN\MWSBAR.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWAY\SEARCHAT\1.BIN\MWSSRCAS.DLL (file missing) O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [FTXGLC6N.EXE] C:\WINDOWS\FTXGLC6N.EXE /dk O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - Startup: M7HU2BJA.lnk = C:\WINDOWS\m7hu2bja.exe O4 - Startup: JRHZ1YCT.lnk = C:\WINDOWS\jrhz1yct.exe O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe O4 - Startup: 09MQ7CGY.lnk = C:\WINDOWS\09mq7cgy.exe O4 - Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O4 - User Startup: M7HU2BJA.lnk = C:\WINDOWS\m7hu2bja.exe O4 - User Startup: JRHZ1YCT.lnk = C:\WINDOWS\jrhz1yct.exe O4 - User Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe O4 - User Startup: 09MQ7CGY.lnk = C:\WINDOWS\09mq7cgy.exe O4 - User Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O4 - Global Startup: 4QB799HI.lnk = C:\WINDOWS\4qb799hi.exe O4 - Global Startup: 0QPA71PJ.lnk = C:\WINDOWS\0qpa71pj.exe O4 - Global Startup: C0TGW0XM.lnk = C:\WINDOWS\c0tgw0xm.exe O4 - Global Startup: NWPWQADR.lnk = C:\WINDOWS\nwpwqadr.exe O4 - Global Startup: RM3R8QVJ.lnk = C:\WINDOWS\rm3r8qvj.exe O4 - Global Startup: 3NLV7BRD.lnk = C:\WINDOWS\3nlv7brd.exe O4 - Global Startup: EXR98U5H.lnk = C:\WINDOWS\exr98u5h.exe O4 - Global Startup: FHO6E93M.lnk = C:\WINDOWS\fho6e93m.exe O4 - Global Startup: GITMOEBQ.lnk = C:\WINDOWS\gitmoebq.exe O4 - Global Startup: 0AXOA62T.lnk = C:\WINDOWS\0axoa62t.exe O4 - Global Startup: X3XCDHC7.lnk = C:\WINDOWS\x3xcdhc7.exe O4 - Global Startup: T0YVRRM2.lnk = C:\WINDOWS\t0yvrrm2.exe O4 - Global Startup: OBYLPVKP.lnk = C:\WINDOWS\obylpvkp.exe O4 - Global Startup: XCC7LUGD.lnk = C:\WINDOWS\xcc7lugd.exe O4 - Global Startup: UWJ3D2C5.lnk = C:\WINDOWS\uwj3d2c5.exe O4 - Global Startup: VNYHH0HM.lnk = C:\WINDOWS\vnyhh0hm.exe O4 - Global Startup: EW2NF3MU.lnk = C:\WINDOWS\ew2nf3mu.exe O4 - Global Startup: 4TL0777H.lnk = C:\WINDOWS\4tl0777h.exe O4 - Global Startup: 0K79P13B.lnk = C:\WINDOWS\0k79p13b.exe O4 - Global Startup: M6T975VR.lnk = C:\WINDOWS\m6t975vr.exe O4 - Global Startup: 9PMJ6U5P.lnk = C:\WINDOWS\9pmj6u5p.exe O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe O4 - Global Startup: U96EVD26.lnk = C:\WINDOWS\u96evd26.exe O4 - Global Startup: 1NJZR8BG.lnk = C:\WINDOWS\1njzr8bg.exe O4 - Global Startup: 8JT8BC8I.lnk = C:\WINDOWS\8jt8bc8i.exe O4 - Global Startup: YXBJ0MRI.lnk = C:\WINDOWS\yxbj0mri.exe O4 - Global Startup: J62PX9YD.lnk = C:\WINDOWS\j62px9yd.exe O4 - Global Startup: K46606RO.lnk = C:\WINDOWS\k46606ro.exe O4 - Global Startup: Y1ZPPB4P.lnk = C:\WINDOWS\y1zppb4p.exe O4 - Global Startup: YH0TXXH2.lnk = C:\WINDOWS\yh0txxh2.exe O4 - Global Startup: MORZE3.lnk = C:\WINDOWS\morze3.exe O4 - Global Startup: PY1MQRVB.lnk = C:\WINDOWS\py1mqrvb.exe O4 - Global Startup: 05A2A5WK.lnk = C:\WINDOWS\05a2a5wk.exe O4 - Global Startup: CY7IONWD.lnk = C:\WINDOWS\cy7ionwd.exe O4 - Global Startup: B2X0M7C1.lnk = C:\WINDOWS\b2x0m7c1.exe O4 - Global Startup: 76Q5VCJ1.lnk = C:\WINDOWS\76q5vcj1.exe O4 - Global Startup: M7HU2BJA.lnk = C:\WINDOWS\m7hu2bja.exe O4 - Global Startup: JRHZ1YCT.lnk = C:\WINDOWS\jrhz1yct.exe O4 - Global Startup: 09MQ7CGY.lnk = C:\WINDOWS\09mq7cgy.exe O4 - Global Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://c2s.chccs.k12.nc.us/Citrix/...ca32/wficac.cab Click Fix Checked Restart your PC Post yet another hijack this log
|
|
#15
April 14th, 2004, 11:38 AM
|
|||
|
|||
|
Once again, I'd like to thank you puta. Well heres the fresh log:
Logfile of HijackThis v1.97.7 Scan saved at 6:35:21 AM, on 4/14/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\EARTHLINK TOTALACCESS\SPYWARE BLOCKER\SPYWAREBLOCKER.EXE C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\Q78R0K25.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE C:\PROGRAM FILES\MICROSOFT WORKS\MSWORKS.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Q78R0K25.EXE] C:\WINDOWS\Q78R0K25.EXE /dk O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SPYWAREBLOCKER.EXE" /0 O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [Q78R0K25.EXE] C:\WINDOWS\Q78R0K25.EXE /dk O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart O4 - Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O4 - Startup: Q78R0K25.lnk = C:\WINDOWS\q78r0k25.exe O4 - User Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O4 - User Startup: Q78R0K25.lnk = C:\WINDOWS\q78r0k25.exe O4 - Global Startup: FTXGLC6N.lnk = C:\WINDOWS\ftxglc6n.exe O4 - Global Startup: Q78R0K25.lnk = C:\WINDOWS\q78r0k25.exe O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Encarta Encyclopedia (HKLM) O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM) O9 - Extra button: Define (HKLM) O9 - Extra 'Tools' menuitem: Define (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Dell Home (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.c...winorbiter.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...077.8562847222 O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB Basically, once I restarted I noticed two things. Good News: I didn't get any missing shortcut errors for the first time in a while. Bad News: When I opened up the internet the pop-ups came - like before.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 03:38 AM.
[
RSS ]
