1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New unknown programs trying to access the net...

Discussion in 'Earlier Versions of Windows' started by GhettoChild, Apr 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. GhettoChild

    GhettoChild Thread Starter

    Joined:
    Mar 3, 2004
    Messages:
    49
    I use zone alarm and when I start my DSL Verizon connection I usually only have two system programs try using the net...recently i have found 5 more trying.... here is the list...I denied them all the internet use for now...Help?

    GINST_001_1234_4201A.EXE
    CMESYS.EXE
    GMT.EXE
    WUPDATER.EXE
    BUNDLE.EXE

    I downloaded Search And Destroy from a website recently to get rid of spyware then I deleted it...maybe they came and infected my computer then?
     
  2. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    Please state your operating system. For WinME/WinXP you may have to disable System Restore - very likely, before you start.

    Update your anti-virus.

    Make sure you have all the Critical Updates and Service Packs from http://windowsupdate.microsoft.com

    ***

    Get, install, update and run free Ad-aware (and its HexDump plug-in) from http://www.lavasoftusa.com/software/adaware/

    First in the main window look in the bottom right corner and click on Check for updates now and download the latest reference files.

    Make sure the following settings are made and on -------ON=GREEN

    From main window :Click Start then Activate in-depth scan (recommended)

    Click Use Custom Scanning Options' then click Customize' and have these options selected: Under Drives and Folders put a check by Scan Within Archives and below that under Memory and Registry put a check by all the options there.

    Now click on the Tweak button in that same window. Under Scanning engine select: Unload recognized processes during scanning and under Cleaning Engine select: Let windows remove files in use at next reboot

    Click proceed to save your settings.

    Boot to Safe Mode:

    (tap F8 five times per second during a restart; Choose option number three (3) in the Windows Startup dialog box using the arrow keys below the Delete key, and strike the Enter key; Click Ok when prompted).

    Empty your browser's Cache:

    Click the Start button; Point to Control Panel, select Internet Options; In the box that opens, click the Clear History; Delete Cookies And Delete Files buttons (tick the box next to, 'Delete all off-line content', each in turn; In the box that opens after activating each button, click the OK button. Click OK to close the Internet Options window.

    Clear the contents of the c:\Windows\Cookies; Temporary Internet Files and Temp folders.

    Then run a virus scan set to scan All files. When that's done run Ad-aware configured as set out above

    Boot back to Normal Mode via the Start button. The files you mention are indicative of Spyware and viral infections.
     
  3. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Sorry for the delay. Let's take a look at things,

    Go to http://tomcoyote.org/hjt/ or http://lurkhere.com/~nicefiles and download HiJackThis. Use Winzip to unzip it, then install and run it.

    NOTE: HiJackThis.exe file SHOULD be installed in it's own folder. Before downloading create a folder and name it HiJackThis then d/l HiJackThis to that folder. To run double-click the HiJackThis.exe file.

    The reason for it's own folder is because HiJackThis will create not only log files, but a backup of whatever it removes so you can restore if necessary. If you d/l HiJackThis to your desktop and run it from there you will have log and backup files scattered all over your desktop.

    To run, click the "Scan" button. When it's done the "Scan" button changes to "Save Log". Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post. Most of what it finds is harmless, so do not do anything yet. Someone will be glad to help you sort out any of the not so good items that may be in there.

    IF you get an error saying msvbvm60.dll is missing,
    Download and run the MS visual basic 6.0 runtime files
     
  4. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    BTW, you are right, all 5 of those are spyware/malware related. However, I would like to see the HJT scan to see what is calling them and what else may be there. This way we can not only get rid of them but get them out of the registry as well.
     
  5. GhettoChild

    GhettoChild Thread Starter

    Joined:
    Mar 3, 2004
    Messages:
    49
    Logfile of HijackThis v1.97.7
    Scan saved at 10:52:04 AM, on 4/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\NAVAGENT256.EXE
    C:\WINDOWS\SYSTEM\YAHOO.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
    C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\AIM+\AIM+.EXE
    C:\PROGRAM FILES\AIM95\AIM95_C0\AIM.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c00&s=searchbar&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\K9G5AR.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH13218.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Norton Auto Protect32] NavAgent256.exe
    O4 - HKLM\..\Run: [Yahoo Instant Messenger] yahoo.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [Winampa Agent] WINAMPA.EXE
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [Norton Auto Protect32] NavAgent256.exe
    O4 - HKLM\..\RunServices: [Yahoo Instant Messenger] yahoo.exe
    O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\RunOnce: [Winampa Agent] WINAMPA.EXE
    O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\AIM95\Patcher.exe
    O4 - Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Sidesearch (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1064520565320
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.netpaloffers.net/NetpalOffers/DMO1/k9g5ar.cab
     
  6. GhettoChild

    GhettoChild Thread Starter

    Joined:
    Mar 3, 2004
    Messages:
    49
    I also remember NOT to delete WinPoET lmao, that was my connection ramp, remember when we got rid of that last time? good thing there are backups
     
  7. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Yes, I remember WinPoET....all too well!!

    In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
    Next, close all browser Windows, and have HT fix all checked.

    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\K9G5AR.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH13218.DLL (file missing)


    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe

    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab




    Next reboot into Safe Mode and remove the following files and folders that are bolded

    C:\Windows\Downloaded Program Files\Bridge.Dll
    C:\Windows\System\K9g5ar.Dll
    C:\Windows\Bi.Dll
    C:\Windows\2_0_1browserhelper2.Dll

    C:\Progra~1\Bargai~1\Bin\Apuc.Dll
    C:\Program Files\Lycos\Sidesearch\Sidesearch13218.Dll

    See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

    Reboot into normal mode


    Now download Spybot - Search & Destroy (if you haven't got the program installed already)

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.

    Thanks
     
  8. GhettoChild

    GhettoChild Thread Starter

    Joined:
    Mar 3, 2004
    Messages:
    49
    Went into safe mode and couldn't find those things...

    found Bi.exe and another bi program that i got rid of...they recently got onto my computer so thats ok.

    I am now doing spybot
     
  9. GhettoChild

    GhettoChild Thread Starter

    Joined:
    Mar 3, 2004
    Messages:
    49
    Spybot won't download the updates...
     
  10. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    It's not all that uncommon that something shows up in the HJT log and then can't be found on the computer. The reason is that for the O4 items HJT reads from the run part of the registry, if a file has been manually deleted, but it's reference in the registry not cleaned up, it will show up in the HJT scan but not when you look for it.

    That is why it is best to fix in HJT first and then manually delete. The HJT fix removes the registry entry which prevents it from running so you can manually delete it. This way the file is gone and SO IS the reg entry.

    Deleting from Safe Mode is another way of preventing a file from running so it can be deleted.
     
  11. GhettoChild

    GhettoChild Thread Starter

    Joined:
    Mar 3, 2004
    Messages:
    49
    Spy bot freezes up when i try to download updates
     
  12. GhettoChild

    GhettoChild Thread Starter

    Joined:
    Mar 3, 2004
    Messages:
    49
    Logfile of HijackThis v1.97.7
    Scan saved at 3:59:16 PM, on 4/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\NAVAGENT256.EXE
    C:\WINDOWS\SYSTEM\YAHOO.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\SYSTEM\A.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\WINAMPA.EXE
    C:\PROGRAM FILES\AIM+\AIM+.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\GRAAL2001\REMOTECONTROL.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c00&s=searchbar&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Norton Auto Protect32] NavAgent256.exe
    O4 - HKLM\..\Run: [Yahoo Instant Messenger] yahoo.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [Winampa Agent] WINAMPA.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [Norton Auto Protect32] NavAgent256.exe
    O4 - HKLM\..\RunServices: [Yahoo Instant Messenger] yahoo.exe
    O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\RunOnce: [Winampa Agent] WINAMPA.EXE
    O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\AIM95\Patcher.exe
    O4 - Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1064520565320
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/k9g5ar.cab
     
  13. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Looks good. How's it running?
     
  14. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    Ok, Spybot S&D is not absolutely necessary. If you've got Ad-aware installed and updated, configure it like this then run a scan with it and you'll be fine:

    First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

    Make sure the following settings are made and on -------ON=GREEN

    From main window :Click Start then Activate in-depth scan (recommended)

    Click Use Custom Scanning Options' then click Customize' and have these options selected: Under Drives and Folders put a check by Scan Within Archives and below that under Memory and Registry put a check by all the options there.

    Now click on the Tweak button in that same window. Under Scanning engine select: Unload recognized processes during scanning and under Cleaning Engine select: Let windows remove files in use at next reboot

    Click proceed to save your settings.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.
     
  15. GhettoChild

    GhettoChild Thread Starter

    Joined:
    Mar 3, 2004
    Messages:
    49
    What are you talking about?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219380

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice