[Solved] Home page Hijacked by limon-finder ...Please Help

Hi Everyone,

I'm Desperate. I somehow managed to pick up a Trojan virus about a week ago, which AVG detected and removed. But ever since my home page has been changing to http://limon-finder.com/search.php , and if i let the page load completely, DAP tries downloading a couple of exe files...gdnau1350.exe and rdgau320.exe

Iv'e performed scans with AVG, Adaware and Spybot, each time making sure i had the latest updates and deleted/fixed everything they find. Iv'e then run Hijackthis and deleted all of the obvious entries, ie, anything that mentions limon-finder, but they keep coming back when I reboot.

I would much appreciate any advice anyone can give me.

Hijack this log below....

Logfile of HijackThis v1.97.7
Scan saved at 5:03:08 PM, on 9/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\GEMPRO\SYSTRAYFIND.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\BROWSER HIJACK BLASTER\BHBLASTER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\DOWNLOADS\SOFTWARE DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <none>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://limon-finder.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://limon-finder.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://limon-finder.com/search.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SysTrayFind] C:\GemPro\SysTrayFind.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\PROGRAM FILES\GOZILLA\GO.EXE" /FIXRAS
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://uroam.hatch.com.au/vdesk/cachecleaner.cab

 

Hi, Your problem lies just a bit farther down in the HJT log:

O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe

This indicates a an infection that might be one of several things. Do an online scan and see if anything is found, record well what files if any are found, cleaned, non cleanable, deleted.

Set the AUTOCLEAN button. This scanner takes a while to load but is very good at detecting trojans, etc.

It may or may not be able to clean the problem.

We like to have people showing any possible virus, worm etc do an online scan because where there is or was one, there can be more.

http://housecall.antivirus.com/housecall/start_corp.asp

When the ActiveX control finishes loading the SCAN button will darken> set the My Computer for scanning, and uncheck the CDROM drive and floppy drive, just scan the rest of the computer.

Post a new HJT log when done.

 

Hi Byteman,

Thanks for your suggestion. I ran the online scan and it found nothing.

Latest HJT log follows.....Thanks again

Logfile of HijackThis v1.97.7
Scan saved at 7:35:50 PM, on 10/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\GEMPRO\SYSTRAYFIND.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\DESKTOP\DOWNLOADS\SOFTWARE DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://limon-finder.com/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://limon-finder.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://limon-finder.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://limon-finder.com/search.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SysTrayFind] C:\GemPro\SysTrayFind.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\PROGRAM FILES\GOZILLA\GO.EXE" /FIXRAS
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://uroam.hatch.com.au/vdesk/cachecleaner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

Hi, Sorry for the delay in getting back to you.
You may want to use the "Thread Tools" button at top of page where your first posting is, there is a "Printable Version" button that will print text-only pages for you, or you can save the instructions here on your computer as a text file on the desktop so you can refer to it easily.

First: create a new folder inside the C:\WINDOWS\DESKTOP\DOWNLOADS\SOFTWARE DOWNLOADS folder, name it HJT.

You can get a newer version of Hijackthis.exe at the site below, and simply delete the v1.97 copy or leave it, download the newer copy to the HJT folder.

Download CWShredder.exe, to a folder you make, in the same Desktop\Software Downloads folder, name it CWS.

>>>>>Do NOT run cwshredder.exe yet.<<<<<<

http://www.lurkhere.com/~nicefiles/


Open Windows Explorer> at the top of the window, open View> then Folder Options> then View again> and make sure you put a dot into "Show all Files" and UNcheck "hide extensions for known file types" and click OK.

You must be disconnected from the Internet- good way is to remove any Network cable from the cable modem or back of computer, or telephone line from your modem or wall jack> no browser windows open, No Internet explorer open, nothing but Hijackthis.

Start Hijackthis from it's folder (version 1.98.2) and when it finishes scanning, fix the following items by putting a check into each item listed:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <none>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://limon-finder.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://limon-finder.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://limon-finder.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://limon-finder.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://limon-finder.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://limon-finder.com/search.php

O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe


Find the file at the end of this line: C:\WINDOWS\SYSTEM\winupd.exe <---this file, and highlight it and click Delete.

Run Disk Cleanup and get rid of all temp, Temporary Internet Files, and empty the Recycle Bin, giving that plenty of time to empty.


Next: Boot to Safe Mode, by tapping the F8 key several times when the computer starts up. Give it time to reach Safe Mode. Windows works the same only it looks funny, that is normal.


Run Hijackthis again, and if any items from the first run appear, fix them in Safe Mode.

Then run CWShredder.exe and let it remove what it finds, if anything.


Also> use the Find>Files or Folders from Start button, and look IN C: drive for these files: they probably will not be found, but look anyway!

C:\WINDOWS\SYSTEM\winupd.exe

gdnau1350.exe and rdgau320.exe

Or, search folders for them manually if you noted the folder that they would be downloaded to such as your Software Downloads folder> you are using a download manager so they should be in that default folder. Run the download manager if the folders are not searchable without the program running.

Find those files and delete them and again empty the Bin.

Reboot and run AdAware, ((have it check for updates)), and see if it removes anything.

If you have SpyBot Search and Destroy, run that as well.
Reboot, and post a new Hijackthis logfile.

 

Thanks ever so much Byteman,

I followed your instructions and......problem solved

Advice like that is well worth money, so Iv'e made a small donation toward the tech guy web site.

Latest HJT log follows for your information ..... Thanks again

Logfile of HijackThis v1.97.7
Scan saved at 9:42:55 AM, on 11/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\GEMPRO\SYSTRAYFIND.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\SOFTWARE\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comsec.com.au/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SysTrayFind] C:\GemPro\SysTrayFind.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\PROGRAM FILES\GOZILLA\GO.EXE" /FIXRAS
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://uroam.hatch.com.au/vdesk/cachecleaner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

Hi, On behalf of the Administrator Mike C.,and from all us TSGer's , thank you for any donation you make!

You wouldn't believe how much this site has improved my life and my computers so, I can heartily agree with you--