1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] virus

Discussion in 'All Other Software' started by Nita, Apr 6, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Nita

    Nita Thread Starter

    Joined:
    Feb 3, 2004
    Messages:
    646
    I came to my computer yesterday and it had obviously run an automatic scan and I found that there was an infected file. I have Norton antivirus2003 and update regularly and am in fact uptodate. When I tried to fix repair or delete the infected file nothing happened. Today I ran another scan and it came up clean. I was puzzled When I looked at the log the following came up

    03/03/04 19.37protect W32 [email protected]… Access denied
    03/03/04 19.37protect W32 [email protected]… Delete failed
    03/03/04 19.37protect W32 [email protected] Quarantine failed
    03/03/04 19.37protect W32 [email protected]… Repair failed

    Source: C:\WINDOWS\Temporary Internet Files\Content.IE5\45MNG1MJ\TextFile[1].zip
    Click for more information about this virus : [email protected]!zip

    I looked at the symantec site where it said this is a worm and said it was easy to remove but did not give any instructions for Windows 98 SE which is what I have and the instructions given were incomprehensible to me. Can some good soul out there enlighten me.
    By the way I ran a find [email protected]!zip on the C drive and it came up with nothing. How is it possible that the file is not there when the NAV was unable to delete repair or quarantine it
     
  2. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    Which operating system are you using?

    If you are using XP, then you may have to disable System restore before doing a full scan
     
  3. DaveBurnett

    DaveBurnett Account Closed

    Joined:
    Nov 11, 2002
    Messages:
    12,970
    That file is in the temporary internet files folder. You may well have your system set up to delete these files when you exit Internet Explorer. They could also be deleted by a system/disk clean up, which may be one of the things the Norton package does.
    Just to be on the safe side, download and run Spybot Search and Destroy (spybotsd12.exe)
     
  4. Mr. PC Doc

    Mr. PC Doc

    Joined:
    Mar 15, 2004
    Messages:
    188
    Yes, you can also go to Tools (in IE) Internet options, and click clear Temp files, cookies, and history.
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,181
    Why don't you post a Hijack This log to see if there's any sign of Beagle in there. The experts can analyze it for you. You can also search and see if you have a file called "bbeagle.exe" (don't open it if it's thre).

    Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to it’s own folder (not temporary files).

    Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

    DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.

    Cookie
     
  6. Nita

    Nita Thread Starter

    Joined:
    Feb 3, 2004
    Messages:
    646
    Thank you all, I ran clean disk and got rid of the temp internet files but the NAV log remains the same. I downloaded and ran the hijack log but being stupid I cannot see how to save it to notepad and I can't seem to copy and paste it as it is. Please can you tell me how to do it I will then follow through. Thanks everyone for being so helpful
    Nita
     
  7. xgerryx

    xgerryx

    Joined:
    May 16, 2003
    Messages:
    4,092
    Hello Nita

    Hijack this is actually not that hard to do. Just take your time at reading the instructions that Cookiegal provided and it becomes quite clear as you go.

    If you need further instruction you could have a look here: http://tomcoyote.com/hjt/
     
  8. Nita

    Nita Thread Starter

    Joined:
    Feb 3, 2004
    Messages:
    646
    Logfile of HijackThis v1.97.7
    Scan saved at 12:21:48, on 07/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\FAXTALK COMMUNICATOR 4.0\FTCTRL32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\HARDWARE PRODUCT\KEYBOARD\IKEYMAIN.EXE
    C:\PROGRAM FILES\HARDWARE PRODUCT\MOUSE\AMOUMAIN.EXE
    C:\WINDOWS\SYSTEM\GSICON.EXE
    C:\WINDOWS\SYSTEM\DSLAGENT.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\FAXTALK COMMUNICATOR 4.0\FAPIEXE.EXE
    C:\WINDOWS\TWAIN_32\C6U14K\WATCH.EXE
    C:\PROGRAM FILES\MRSNAPPY95\SNAPPY95.EXE
    C:\PALM\HOTSYNC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    F1 - win.ini: run=hpfsched
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [CallControl] C:\Program Files\FaxTalk Communicator 4.0\FTCtrl32.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HARDWA~1\KEYBOARD\IKEYMAIN.EXE
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\HARDWA~1\MOUSE\AMOUMAIN.EXE
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\C6U14K\WATCH.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Mr. Snappy 95.lnk = C:\Program Files\MrSnappy95\snappy95.exe
    O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
    O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37881.5126967593
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content-g.kontiki.com/kdx/v2.10/kontiki/kontiki/current/kdx.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/032b821445ac21ce3f04/netzip/RdxIE601.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = BT
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.4.208.100

    I still didn't manage to save it to notepad but sent it to winword so here is the log.I await someone's comments and appreciate all your help
     
  9. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    Close all Browser Windows

    Restart Hijack this and put a check mark against the following:

    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/032b821445ac21...ip/RdxIE601.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/content...er/imloader.cab

    Click Fix Checked

    Restart your computer

    Post a fresh Hijack this log when done
     
  10. Nita

    Nita Thread Starter

    Joined:
    Feb 3, 2004
    Messages:
    646
    Thankyou Putasolution, I was about to do just as you said when a warning came up saying that these items would either be repaired or permanently deleted unless I have a back up, so I wondered whether it wouldn't be safer to create back up but I don't know how to do it. What do you think?
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,181
    Nita, you need to move Hijack This from your desktop into it's own folder. I should have mentioned this in my instructions for downloading the program. It's easier to retrieve the back-ups from there. You don't want them scattered all over your desktop.

    Hijack This will create it's own back-ups so once you've moved the program into a folder of its own, go ahead and follow Putasolution's advice.

    Cookie
     
  12. Nita

    Nita Thread Starter

    Joined:
    Feb 3, 2004
    Messages:
    646
    Thankyou Cookielegal. Please remember that you are talking to a computer dimwit here. I created a hijack folder on the desktop and put HijackThis.exe in it. I also sent the hijacklog to winword,and created a txt.save the document which I have also put in the same hijack folder. How does this create a backup?Incidentally when I click on the saved hijacklog, winzip comes up and says it can't open it, at this point I sent it to winword. Did I do the right thing?
    Did I tell you that I have windows 98SE
    Thanks for your patience
    Nita
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,181
    I'm not sure how to move Hijack This from your desktop but you can redownload it by clicking on the same link I gave you further up.

    When the box comes up that asks if you want to open or save it, choose "save" and it will open up another box asking you where you want to save it.

    By default, it's probably the desktop, so to change that you click on the arrow to the right of the choice that shows and a bunch of other options will open up. From there you can choose your C: and then programs or wherever you want to save it.

    Then create a folder and name it Hijack This and click "save" and your done.

    After the scan, you click on save log and it should automatically open in notepad. You just have to give it a name, say HJT log and a date if you like and click "save". It will save it and open up the entire log. All you have to do is click on Edit, then select all, then copy and then paste the log in your post.

    Hijack This creates back-ups of whatever you delete (or fix, as it's called). You should fix everything that comes up with a red exclamation mark but in this case Putasolution has told you what items to fix, which is what you should do. HJT will create a back-up of those items and store them just in case for any reason something is deleted that is needed and you can go back and restore the fixed item from the back-ups. You won't actually see the back-ups anywhere except in HJT. If you click on Config. and then Back-ups, you will see them in there.

    Hope this makes it a little clearer and maybe someone can tell you how to move HJT instead of redownloading it, although it doesn't take that long. Once you have the program in your program files, then you can delete the one from your desktop.

    Cookie
     
  14. Nita

    Nita Thread Starter

    Joined:
    Feb 3, 2004
    Messages:
    646
    Right, with a great deal of trepidation I have done the deed and here is the new log as requested. To my amazement several little icons called bak( I assume backup have appeared in the hijack folder just as you said!!
    Logfile of HijackThis v1.97.7
    Scan saved at 18:36:12, on 09/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\FAXTALK COMMUNICATOR 4.0\FTCTRL32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\HARDWARE PRODUCT\KEYBOARD\IKEYMAIN.EXE
    C:\PROGRAM FILES\HARDWARE PRODUCT\MOUSE\AMOUMAIN.EXE
    C:\WINDOWS\SYSTEM\GSICON.EXE
    C:\WINDOWS\SYSTEM\DSLAGENT.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\FAXTALK COMMUNICATOR 4.0\FAPIEXE.EXE
    C:\WINDOWS\TWAIN_32\C6U14K\WATCH.EXE
    C:\PROGRAM FILES\MRSNAPPY95\SNAPPY95.EXE
    C:\PALM\HOTSYNC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

    F1 - win.ini: run=hpfsched
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [CallControl] C:\Program Files\FaxTalk Communicator 4.0\FTCtrl32.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HARDWA~1\KEYBOARD\IKEYMAIN.EXE
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\HARDWA~1\MOUSE\AMOUMAIN.EXE
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\C6U14K\WATCH.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Mr. Snappy 95.lnk = C:\Program Files\MrSnappy95\snappy95.exe
    O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
    O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37881.5126967593
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content-g.kontiki.com/kdx/v2.10/kontiki/kontiki/current/kdx.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = BT
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.4.208.100
     
  15. Nita

    Nita Thread Starter

    Joined:
    Feb 3, 2004
    Messages:
    646
    Actually the little icons are labelled backup200...
    If these machines are so darn clever why don't they tell you that they are making a backup instead of scaring you to death by saying that if you don't make a back up all will be lost forever ?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - [Solved] virus
  1. bergy37
    Replies:
    1
    Views:
    230
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217579

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice