1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Zone Alarm

Discussion in 'Virus & Other Malware Removal' started by bigh47, Jan 8, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. bigh47

    bigh47 Thread Starter

    Joined:
    Dec 8, 2001
    Messages:
    1,091
    Zone alarm recently stopped working on my machine in Win 98SE. First I noticed no pop-up when booting. No icon in sys-tray. When the application was clicked it just flashed the menu and would not run. I tried to uninstall unsuccessfully the usual problem with Internet use after-wards followed the link on MS website. Managed to get my machine working reasonably well. I occasionally get web pages the won't open until I do a detect settings run, sometimes just get red crosses instead of graphics even on regular sites like TSG and finally it seems unable to shut windows down just freezes with a wallpaper or the windows is shutting down screen. BTW I did not do any thing with registry as suggested on MS w/s as I don't know what I'm doing there.

    Any ideas

    Thanks
    Howard
     
  2. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    Go to the site i posted a link at the bottom of this post,,download and run the startup list program and paste the generated text back here in a post so we can look at it.

    click here
     
  3. bigh47

    bigh47 Thread Starter

    Joined:
    Dec 8, 2001
    Messages:
    1,091
    Info As requested:-

    StartupList report, 1/9/03, 12:04:42 AM
    StartupList version: 1.50
    Started from : C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\WINSERVICES.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\OPLIMIT\OCRAWARE.EXE
    C:\OPLIMIT\OCRAWR32.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\DESKTOP\UTILITIES\MAILWASHER.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\TCPSVS32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    LoadQM = loadqm.exe
    CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
    UKVideo2 = c:\program files\dialers\ukvideo2\ukvideo2.exe /noconnect
    TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
    WinServices = C:\WINDOWS\SYSTEM\WinServices.exe
    QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstinit.exe /firstlogon

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    WinServices = C:\WINDOWS\SYSTEM\WinServices.exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = C:\WINDOWS\SYSTEM\mstask.exe

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "C:\WINDOWS\SYSTEM\nav32_loader.exe""%1"%*

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE

    [>PerUser_MSN_Clean] *
    StubPath = C:\WINDOWS\msnmgsr1.exe

    [PerUser_LinkBar_URLs] *
    StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=C:\OPLIMIT\ocraware.exe
    run=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\SPACE.SCR
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 7/1/2003, 23:40:46)

    [rename]
    NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
    NUL=C:\PROGRA~1\GAMEHO~1\COLLAPSE\UNWISE.EXE

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    keyb uk,,C:\WINDOWS\COMMAND\keyboard.sys

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - (no file) - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Windows Critical Update Notification.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1097/V31Controls/x86/w98/en/actsetup.cab

    [AccountTracking Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACCOUNTTRACKING.DLL
    CODEBASE = http://moneymanager.egg.com/customer/accounttracking.cab

    [QuickTime Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37625.6453009259

    --------------------------------------------------
    End of report, 7,123 bytes
    Report generated in 0.270 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only



    Midnight here so I'm of to bed pick up again Thursday thanks.

    Regards

    Howard
     
  4. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    Gonna be a while Howard,, I was looking through and run across one that requires more than just a spot check.. In order to get you good information I'm gonna have to read. If anyone is interested its this one

    UKVideo2 = c:\program files\dialers\ukvideo2\ukvideo2.exe /noconnect
     
  5. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    From what I have read if I understand it correctly, this is some kind of spyware called lop.com, I know that spybot is supposed to target this but from what I can tell that was not the accepted awnser on Dec.10, 2002, so I think the wise decision would be to ask someone who was involved back then. You agree?
     
  6. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Well, I have no personal experience with lop.com, but I understand that lop.com = evil.

    If you don't already have it, d/l and run spybot, making sure after you have it installed you click the button to d/l any updates, then do a system scan. You can uncheck in options scan for system internals, etc, not really necessary. You want to get the crud out of your system:


    http://security.kolla.de/index.php?lang=en&page=download


    Also, a thread that touchs a little on lop.com:

    http://forums.techguy.org/showthread.php?threadid=110258&highlight=lop.com
     
  7. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    I agree. (1) But before you download and install another software you need to go to the symantec link at the bottom of this post so you can remove the Yaha L virus. There is a removal tool there,,, read carefully

    (2) Then you can run spybot just like Buckaroo outlined, (3) Then go to start,,run,,type in msconfig and hit ok,,hit the startup tab and uncheck "Findfast",,,,Qttask ,Winservices.exe, apply and ok. Be sure to restart after each seperate task. Then do a file search for winservices.exe and post back.

    Symantec
     
  8. suzi

    suzi

    Joined:
    Dec 27, 2002
    Messages:
    362
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It's one of these two Yaha worms:

    http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

    There is a removal tool available for this one:

    http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

    I would also recommend before proceeding, to downlowad the exefix08.com file from the site below, as you may want to use this to repair the registry after running the removal tool.

    http://home.earthlink.net/~rmbox/Reticulated/Toys.html

    Once you've finished eliminating the worm, there are some additonal startup modifications that should be made.

    I'm going to give you some manual removal instructions which I think should work best for you. Then run the Removal Tool available for the Yaha.K worm.

    1-- obtain and run the exefix08.com from Reticulated Toys

    2 -- go to Start>Run, enter regedit and navigate to:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    >> with the RUN folder highlighed in the Left hand pane, Right click on and delete in the Right hand pane:

    WinServices = C:\WINDOWS\SYSTEM\WinServices.exe

    3 -- delete this line on the right also (not a part of Yaha, but it does not belong):

    mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe


    4 -- locate the following key:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    >> with the RunServices folder highlighted on the Left, Right click on and delete WinServices = C:\WINDOWS\SYSTEM\WinServices.exe on the Right

    5 -- close the registry editor and go to Start>Run, enter system.ini so that it opens in Notepad.

    >> locate the line: SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\SPACE.SCR and delete that line and close and save the file changes (I don't know whether this is or is not one of the infected screen savers the worm installs, but I'd take no prisoners, just kill it.)

    Finally, go ahead and run Symantec's Removal tool following their directions and then repost another StartupList. You should reboot to Safe Mode to run their tool. The tool is explained and available here:

    http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html
     
  10. bigh47

    bigh47 Thread Starter

    Joined:
    Dec 8, 2001
    Messages:
    1,091
    Thanks guys. Wow it's gonna take some time to wade through this. I've printed out every thing and will study at leisure. That ukvideo2 thing I think came from a "naughty" site linked from another site. I thought I had got rid of it.

    I'll report back/ask more questions later.

    Thanks again

    Howard
     
  11. bigh47

    bigh47 Thread Starter

    Joined:
    Dec 8, 2001
    Messages:
    1,091
    Thanks guys all seems OK now. I called in a friend of my daughter to help, as most of your instructions seemed in Chinese to me. We did have a problem after running exefix08.com. the worm/virus was stopping regedit from staying open so we were unable to edit it. My man solved it by renaming regedit and the doing the alterations. Obviously a bit smart this one as these were the symptoms is was getting originally with ZA it would open and the close down. The virus didn't want anything showing it was there. This will teach me for not running Anti Virus s/w

    I'll re-install ZA now.

    Still can't get windows to shut down though, I'll search previous and see if there's anything.

    Thanks again

    Regards

    Howard :D
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Howard, in my original response I missed this:

    UKVideo2 = c:\program files\dialers\ukvideo2\ukvideo2.exe /noconnect

    This could be a dangerous file; we don't like to see "dialers" in startups, no matter how they are configured. I would run regedit and delete it from

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    I would also install, update and run Spybot following the directions here:

    http://tomcoyote.com/SPYBOT/

    And then post another Startuplist and a description of the shutdown problem. What screen does it hang on? There is a shutdown suppliment patch for Win98 SE, that should be installed if it hasn't been.

    http://www.microsoft.com/windows98/downloads/contents/WURecommended/S_WUFeatured/Win98SE/Default.asp
     
  13. bigh47

    bigh47 Thread Starter

    Joined:
    Dec 8, 2001
    Messages:
    1,091
    Rog

    I have run regedit but don't see HKLM anything all my lists are HKEY
    Please advise. I had help before when we did regedit but he's not here now. Makes me a little nervous. Should this be done in SafeMode?

    Howard
     
  14. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    H key local machine..;)
     
  15. bigh47

    bigh47 Thread Starter

    Joined:
    Dec 8, 2001
    Messages:
    1,091
    My coleague must have taken it out already

    StartupList report, 1/10/03, 11:18:25 PM
    StartupList version: 1.50
    Started from : C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\OPLIMIT\OCRAWARE.EXE
    C:\OPLIMIT\OCRAWR32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\DESKTOP\UTILITIES\MAILWASHER.EXE
    C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    LoadQM = loadqm.exe
    CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
    QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = C:\WINDOWS\SYSTEM\mstask.exe
    TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE

    [>PerUser_MSN_Clean] *
    StubPath = C:\WINDOWS\msnmgsr1.exe

    [PerUser_LinkBar_URLs] *
    StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=C:\OPLIMIT\ocraware.exe
    run=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 7/1/2003, 23:40:46)

    [rename]
    NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
    NUL=C:\PROGRA~1\GAMEHO~1\COLLAPSE\UNWISE.EXE

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    keyb uk,,C:\WINDOWS\COMMAND\keyboard.sys

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - (no file) - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Windows Critical Update Notification.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1097/V31Controls/x86/w98/en/actsetup.cab

    [AccountTracking Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACCOUNTTRACKING.DLL
    CODEBASE = http://moneymanager.egg.com/customer/accounttracking.cab

    [QuickTime Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37625.6453009259

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
    CODEBASE = http://www.pandasoftware.com/activescan/as/asinst.cab

    --------------------------------------------------
    End of report, 7,163 bytes
    Report generated in 0.333 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    Thanks for the HKLM translation.

    Hows it look now?

    Regards

    Howard
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/112186

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice