Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old April 27th, 2004, 01:56 PM
andygaskell andygaskell is offline
New Member
 
Join Date: Apr 2004
Posts: 11
xp pro defrag help

hi i run the pc pitstop test and it tells me to gefrag so i did and run the test again and it says to do a defrag as soon as possible as i have just done one i have avg anyivirus and quick test keeps finding boot sector virus but when i look at the logs it says no virus could these problems be caused by a virus


thanks for any help

Last edited by andygaskell; April 27th, 2004 at 02:03 PM.
Reply With Quote


  #2  
Old April 27th, 2004, 02:25 PM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
Hi buddy...yes they could...Download 'Hijack This!'create a new folder and put hijack into it Unzip, doubleclick HijackThis.exe, Check for updates first by clicking the config then tools buttons. and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
http://mjc1.com/files/merijn/HijackThis.exe It will show what's running on your computer...Don't make any changes until
someone checks it out.

Also Open up AVG>test results click on the last scan that has the problem> and then "write to file"
It should then produce a log which you can copy and post in here.
Reply With Quote
  #3  
Old April 27th, 2004, 06:47 PM
andygaskell andygaskell is offline
New Member
 
Join Date: Apr 2004
Posts: 11
hijackthis and avg logs

hi thanks for the reply here are my logs


Logfile of HijackThis v1.97.7
Scan saved at 18:42:43, on 27/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\csrss.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.btbroadbandstart.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...rector7/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...027.6115740741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1670FED-0687-47D6-8E3B-A6E9473579E4}: NameServer = 194.72.9.34 194.74.65.68




Partition table (MBR)okQuick checkedBoot sector of disk C:ChangeChangedSystem registry Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadScannedSystem registry Software\Microsoft\Windows NT\CurrentVersion\Windows\RunScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunOnceScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunOnceE xScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunServi cesScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunServi cesOnceScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunOnceScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunOnceE xScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunServi cesScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunServi cesOnceScannedSystem registry Software\Microsoft\Windows\CurrentVersion\Winlogon \UserinitScannedSystem registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellScannedSystem registry exefile\shell\open\commandScannedSystem registry scrfile\shell\open\commandScannedSystem registry scrfile\shell\config\commandScannedSystem registry batfile\shell\open\commandScannedSystem registry cmdfile\shell\open\commandScannedSystem registry comfile\shell\open\commandScannedSystem registry piffile\shell\open\commandScannedSystem registry giffile\shell\open\commandScannedSystem registry htmlfile\shell\open\commandScannedSystem registry htafile\shell\open\commandScannedSystem registry jpegfile\shell\open\commandScannedSystem registry txtfile\shell\open\commandScannedSystem registry regfile\shell\open\commandScannedSystem registry Word.Document.8\shell\open\commandScannedSystem registry WordPad.Document.1\shell\open\commandScannedC:\PROGRA~1\Grisoft\AVG7\avgcc.exeokQuick checkedC:\PROGRA~1\Grisoft\AVG7\avgemc.exeokQuick checkedC:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEokQuick checkedC:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exeokQuick checkedC:\Program Files\Creative\Splash Screen\CTEaxSpl.EXEokQuick checkedC:\Program Files\Internet Explorer\iexplore.exeokQuick checkedC:\Program Files\MSN Messenger\MsnMsgr.ExeokQuick checkedC:\Program Files\Microsoft Office\Office\WINWORD.EXEokQuick checkedC:\Program Files\QuickTime\qttask.exeokQuick checkedC:\Program Files\Real\RealPlayer\RealPlay.exeokQuick checkedC:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exeokQuick checkedC:\WINDOWS\System32\CTHELPER.EXEokQuick checkedC:\WINDOWS\System32\RUNDLL32.EXEokQuick checkedC:\WINDOWS\System32\ctfmon.exeokQuick checkedC:\WINDOWS\System32\dslagent.exeokQuick checkedC:\WINDOWS\System32\gsicon.exeokQuick checkedC:\WINDOWS\System32\mshta.exeokQuick checkedC:\WINDOWS\System32\nwiz.exeokQuick checkedC:\WINDOWS\System32\rundll32.exeokQuick checkedC:\WINDOWS\csrss.exeokQuick checkedC:\WINDOWS\system32\NeroCheck.exeokQuick checkedC:\IO.SYSokQuick checkedC:\MSDOS.SYSokQuick checkedC:\WINDOWS\System32\kernel32.dllokQuick checkedC:\WINDOWS\System32\wsock32.dllokQuick checkedC:\WINDOWS\System32\user32.dllokQuick checkedC:\WINDOWS\System32\shell32.dllokQuick checkedC:\WINDOWS\System32\ntoskrnl.exeokQuick checked
when i click info on boot sector of c: it just says boot sector of c: changed and sometimes when i do another quick test it wont be there but if i do another it will be back i have done a complete test and that finds nothing
Reply With Quote
  #4  
Old April 27th, 2004, 07:07 PM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
Back to the drawing board...your logs are clean!

Have you tried an online scan..maybe with PANDA?
Reply With Quote
  #5  
Old April 27th, 2004, 10:37 PM
andygaskell andygaskell is offline
New Member
 
Join Date: Apr 2004
Posts: 11
tried panda

hi tried panda and nothing also tried tried another cant remember which one but that found nothing aswell do you think i should click keep or change when avg finds another as long as it doesnt mess my comp up i wont be botherd but i dont want to do nothing just in case it does oh yes does it mean that avg has fixed the problem in my boot sector or should i use a different antivirus software because it keeps coming back
(formating is an option but i dont know if it will sort the problem out)
also when i do a defrag and it says complete and pc pitstop tells me to do one asap any suggestions
thanks for your time
andy

Last edited by andygaskell; April 27th, 2004 at 10:42 PM.
Reply With Quote
  #6  
Old April 28th, 2004, 12:36 AM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
Hi again...after further advice Close all open windows...run hijack again and put a check in the boxes for the below entries..then hit "fix checked"

O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe

Reboot into safe mode..make sure you can view hidden files .... Go to start>search>files and folders and run a search for and delete the following files and/or folders when/if found.
Also ctrl>alt>del to bring up task manager..and end process on the below if running.
csrss.exe

If you can get hold of a copy of norton disk....2002/3/4 try booting with it..it might just sort the boot virus prob.
Reply With Quote
  #7  
Old April 28th, 2004, 12:47 AM
Meangean Meangean is offline
Senior Member
 
Join Date: Jan 2004
Location: U.S.A
Age: 26
Posts: 311
go to start button go to run and type in msconfig and go to start up tab and take pics of what is starting up at start up

and upload em at imageshack.us

and post em here
plz
Reply With Quote
  #8  
Old April 28th, 2004, 12:49 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Meangean, there is no need for Andy to do that. We can see all his startups in his log.
Reply With Quote
  #9  
Old April 28th, 2004, 01:27 AM
andygaskell andygaskell is offline
New Member
 
Join Date: Apr 2004
Posts: 11
Exclamation Csrss.exe

hi thanks again for your help i fixed checked rebooted in safe mode csrss.exe is there but i cant delete it and i cant delete the process either it says this is a critical system process and task manager cannot end this process
please can you tell me what it is and if it can/should be removed as i am getting mixed up by the things im reading on google search

Last edited by andygaskell; April 28th, 2004 at 10:38 AM.
Reply With Quote
  #10  
Old April 28th, 2004, 11:31 AM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
Hi again..yeah I know it is a little confusing....the one you need to get rid of is C:\Windows\csrss.exe

Forget a general search and delete and just navigate to the above. It is a critical file...but only when run from the correct location. Spyware writers use the same names or very similar sometimes to confuse anyone trying to get rid of the crap...It's a good job windows warns when critical files are attempted to be deleted.
Reply With Quote
  #11  
Old April 28th, 2004, 01:36 PM
andygaskell andygaskell is offline
New Member
 
Join Date: Apr 2004
Posts: 11
hi again the only one i can find is csrss

description:winpatch 1.5
company:StarMicrpSdn.
file version:3.0.0.0
date created:24/4/2004 20:57
size 106kb

is this the one i need to delete

and was that 04 - HKLM\..\RUN:[csrss] C:\WINDOWS\csrss.exe that i fixchecked with hijack this the right thing to do or do i have to restore it or something

thanks again for your time

Last edited by andygaskell; April 28th, 2004 at 01:43 PM.
Reply With Quote
  #12  
Old April 28th, 2004, 02:44 PM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
Looking at the date created....yep. And I would run hijack again...that 04 entry is probably back,,,fix it again if it is.
Reply With Quote
  #13  
Old April 28th, 2004, 05:07 PM
andygaskell andygaskell is offline
New Member
 
Join Date: Apr 2004
Posts: 11
hi in taskmanager ive got 2 csrss.exe processes running


csrss.exe andy&nicola
csrss.exe system

should i end 1 or both of them and then try to delete csrss from c:windows then run hijackthis

Last edited by andygaskell; April 28th, 2004 at 05:12 PM.
Reply With Quote
  #14  
Old April 28th, 2004, 05:19 PM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
I would run hijack again...delete the 04 entry....reboot..and then check processes again.See if they are both still running...those 2 are likely to be ok though.
Reply With Quote
  #15  
Old April 28th, 2004, 05:34 PM
andygaskell andygaskell is offline
New Member
 
Join Date: Apr 2004
Posts: 11
hi right i couldnt end either process i deleted c:windows\csrss.exe rebooted and guess what ive only got 1 process running csrrs.exe system in task manager and its back in my hijackthis log


Logfile of HijackThis v1.97.7
Scan saved at 17:29:33, on 28/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.btbroadbandstart.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...rector7/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...027.6115740741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

hope i aint done something wrong the above done in safe mode before reboot and hijackthis after reboot

Last edited by andygaskell; April 28th, 2004 at 07:53 PM.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:36 AM.