1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

{RESOLVED}Hijacked

Discussion in 'Virus & Other Malware Removal' started by Col.USMC, Sep 20, 2003.

Mark Solved
Thread Status:
Not open for further replies.
Advertisement
  1. Col.USMC

    Col.USMC Guest Thread Starter

    What dose not look right withLogfile of HijackThis v1.97.2
    Scan saved at 1:33:31 AM, on 9/20/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\SpyBlocker Software\spyblocker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\Documents and Settings\Owner\Desktop\WinPatrol.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe /min
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKLM\..\RunOnce: [SSCTL] C:\Program Files\SurfSecret\Privacy Protector\IC.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    this???
     
  2. Col.USMC

    Col.USMC Guest Thread Starter

    Could someone look over this log and tell me if it looks ok. thank you for your help.
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything
    .....then,close all browser and outlook windows and "fix checked"

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    now downoad this:http://www.cexx.org/lspfix.htm

    run it and come back with another logfile....make sure you copy/paste the whole log.

    ;)
     
  4. Col.USMC

    Col.USMC Guest Thread Starter

    Here is the new hijack log. This is all it would spit out. Ran CW shredder nothing there. The fix worked great thanks. I learning much here as I have not had time in the past five years. I have very much to catch up on in the tech world once gain.

    Logfile of HijackThis v1.97.2
    Scan saved at 10:05:37 AM, on 9/20/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\SpyBlocker Software\spyblocker.exe
    C:\Documents and Settings\Owner\Desktop\WinPatrol.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe /min
    O4 - HKLM\..\RunOnce: [SSCTL] C:\Program Files\SurfSecret\Privacy Protector\IC.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    Thanks
     
  5. Col.USMC

    Col.USMC Guest Thread Starter

    StartupList report, 9/20/2003, 10:52:45 AM
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Owner\Desktop\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\SpyBlocker Software\spyblocker.exe
    C:\Documents and Settings\Owner\Desktop\WinPatrol.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
    spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    hpsysdrv = c:\windows\system\hpsysdrv.exe
    HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
    KBD = C:\HP\KBD\KBD.EXE
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    AlcxMonitor = ALCXMNTR.EXE
    Reminder = "C:\Windows\Creator\Remind_XP.exe"
    PS2 = C:\WINDOWS\system32\ps2.exe
    LXSUPMON = C:\WINDOWS\System32\LXSUPMON.EXE RUN

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    SSCTL = C:\Program Files\SurfSecret\Privacy Protector\IC.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    SurfSecret = C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe /min

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - c:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    easy Internet sign-up.job
    Norton AntiVirus - Scan my computer.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 4,992 bytes
    Report generated in 0.094 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    Thanks
     
  6. socce98

    socce98

    Joined:
    Sep 20, 2003
    Messages:
    20
    Hello... I am a college student and I really need help on fixing my computer... nothing seems to be running oddly but on September 19th my computer caught a virus... I checked for it and it is called trojan horse and the filename is A0249929.CPY and A0249924.CPY... I have run the scan over and over but it sayd it cannot clean it or remove it... i even tried to do this in safe mode but that did not work either... maybe i am doing something wrong... i would be forever grateful if someone could please help me out... this is my hijack log

    Logfile of HijackThis v1.96.4
    Scan saved at 10:58:41 AM, on 9/20/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\WINDOWS\SYSTEM\CMPDPSRV.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\VPC32.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegheny.edu/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://allecat2.alleg.edu:8080/proxy.pac
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\czm26k6c.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ATIPOLAB] ati2evxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb.exe
    O4 - HKLM\..\Run: [PDPServer] CMpdpsrv.exe
    O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\SYSTEM\CMPDPSRV.EXE
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [winmain] winmain.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
    O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://nortonres.allegheny.edu/webinst/WebInst.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://infoeagle.bc.edu/bc_org/avp/...er/tdserver.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7872.8595486111
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
     
  7. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
  8. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    all clear there colonel(y)
     
  9. Col.USMC

    Col.USMC Guest Thread Starter

    Thanks gentlemen your service is appreciated; Semper Fi: Carry On
     
  10. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    your welcome;)
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166096

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice