1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware - my hijackthis log. HELP?

Discussion in 'Virus & Other Malware Removal' started by jenspen, Oct 2, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. jenspen

    jenspen Thread Starter

    Joined:
    Feb 23, 2002
    Messages:
    58
    Hi! Every time I come here, it seems my problem(s) is/are resolved. So here I am again. :)

    My computer at work (the one I'm on now) has been getting progressively more slow and I'm going crazy. I'm always updating my ad-aware and running it at least once a week. Kazaa was causing some trouble, but I'm getting rid of it, so no biggie. I perform updated virus scans once a week also. No virus found.

    I'm also having a problem searching on yahoo.com. REGARDLESS OF THE SITUATION, when I hit "search" it pulls me to a "this page cannot be displayed" message. Ack. And it won't even let me go to google.com OR altavista.com OR lycos.com AT ALL. It will transfer me to some domain name site ("Names Direct" to be precise) for ANY of those URLs... and it's funny. It changes the URL in some of these cases by adding AN ADDITIONAL ".com" to the URL... WHAT THE .....?????

    I just want someone to look at my HijackThis log file and tell me if they see anything fishy.


    Here's the log:

    Logfile of HijackThis v1.97.2
    Scan saved at 8:40:17 PM, on 10/1/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\NOVELL\CLIENT32\NWPOPUP.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
    C:\WINDOWS\SYSTEM\MSDTCW.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\PWSTRAY.EXE
    C:\WINDOWS\SYSTEM\MMTASK.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\BRQIKMON.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
    C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    D:\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aitsafe.com/admin/users/
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: www.google.akadns.net
    O1 - Hosts: www.google.com
    O1 - Hosts: google.com
    O1 - Hosts: www.altavista.com
    O1 - Hosts: altavista.com
    O1 - Hosts: search.yahoo.com
    O1 - Hosts: uk.search.yahoo.com
    O1 - Hosts: ca.search.yahoo.com
    O1 - Hosts: jp.search.yahoo.com
    O1 - Hosts: au.search.yahoo.com
    O1 - Hosts: de.search.yahoo.com
    O1 - Hosts: search.yahoo.co.jp
    O1 - Hosts: www.lycos.de
    O1 - Hosts: www.lycos.ca
    O1 - Hosts: www.lycos.jp
    O1 - Hosts: www.lycos.co.jp
    O1 - Hosts: alltheweb.com
    O1 - Hosts: web.ask.com
    O1 - Hosts: ask.com
    O1 - Hosts: www.ask.com
    O1 - Hosts: www.teoma.com
    O1 - Hosts: search.aol.com
    O1 - Hosts: www.looksmart.com
    O1 - Hosts: auto.search.msn.com
    O1 - Hosts: search.msn.com
    O1 - Hosts: ca.search.msn.com
    O1 - Hosts: fr.ca.search.msn.com
    O1 - Hosts: search.fr.msn.be
    O1 - Hosts: search.fr.msn.ch
    O1 - Hosts: search.latam.yupimsn.com
    O1 - Hosts: search.msn.at
    O1 - Hosts: search.msn.be
    O1 - Hosts: search.msn.ch
    O1 - Hosts: search.msn.co.in
    O1 - Hosts: search.msn.co.jp
    O1 - Hosts: search.msn.co.kr
    O1 - Hosts: search.msn.com.br
    O1 - Hosts: search.msn.com.hk
    O1 - Hosts: search.msn.com.my
    O1 - Hosts: search.msn.com.sg
    O1 - Hosts: search.msn.com.tw
    O1 - Hosts: search.msn.co.za
    O1 - Hosts: search.msn.de
    O1 - Hosts: search.msn.dk
    O1 - Hosts: search.msn.es
    O1 - Hosts: search.msn.fi
    O1 - Hosts: search.msn.fr
    O1 - Hosts: search.msn.it
    O1 - Hosts: search.msn.nl
    O1 - Hosts: search.msn.no
    O1 - Hosts: search.msn.se
    O1 - Hosts: search.ninemsn.com.au
    O1 - Hosts: search.t1msn.com.mx
    O1 - Hosts: search.xtramsn.co.nz
    O1 - Hosts: search.yupimsn.com
    O1 - Hosts: uk.search.msn.com
    O1 - Hosts: search.lycos.com
    O1 - Hosts: www.lycos.com
    O1 - Hosts: www.google.ca
    O1 - Hosts: google.ca
    O1 - Hosts: www.google.uk
    O1 - Hosts: www.google.co.uk
    O1 - Hosts: www.google.com.au
    O1 - Hosts: www.google.co.jp
    O1 - Hosts: www.google.jp
    O1 - Hosts: www.google.at
    O1 - Hosts: www.google.be
    O1 - Hosts: www.google.ch
    O1 - Hosts: www.google.de
    O1 - Hosts: www.google.se
    O1 - Hosts: www.google.dk
    O1 - Hosts: www.google.fi
    O1 - Hosts: www.google.fr
    O1 - Hosts: www.google.com.gr
    O1 - Hosts: www.google.com.hk
    O1 - Hosts: www.google.ie
    O1 - Hosts: www.google.co.il
    O1 - Hosts: www.google.it
    O1 - Hosts: www.google.co.kr
    O1 - Hosts: www.google.com.mx
    O1 - Hosts: www.google.nl
    O1 - Hosts: www.google.co.nz
    O1 - Hosts: www.google.pl
    O1 - Hosts: www.google.pt
    O1 - Hosts: www.google.com.ru
    O1 - Hosts: www.google.com.sg
    O1 - Hosts: www.google.co.th
    O1 - Hosts: www.google.com.tr
    O1 - Hosts: www.google.com.tw
    O1 - Hosts: go.google.com
    O1 - Hosts: google.at
    O1 - Hosts: google.be
    O1 - Hosts: google.de
    O1 - Hosts: google.dk
    O1 - Hosts: google.fi
    O1 - Hosts: google.fr
    O1 - Hosts: google.com.hk
    O1 - Hosts: google.ie
    O1 - Hosts: google.co.il
    O1 - Hosts: google.it
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [System Update] winsct32.exe
    O4 - HKLM\..\Run: [MMtask Service] mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
    O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
    O4 - HKCU\..\Run: [System Update] winsct32.exe
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"
    O4 - Startup: FMS.pif = V:\FMS\WB.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {05CE4481-8015-11D3-9811-C4DA9F000000} - http://a18.g.akamai.net/f/18/2868/1h/www.topmoxie.com/external/builds/memolink/MLmoxie.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.americangreetings.com/cnp/Install/AxCtp.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37659.2463888889
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/PopSwatterInitialSetup1.0.0.5.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    --

    This last one.. the mydomain.com... is this the culprit of my weird webpage display problems????

    Thanks in advance for any help!

    Sorry I wrote a book!

    ~Jen
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,192
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: www.google.akadns.net
    O1 - Hosts: www.google.com
    O1 - Hosts: google.com
    O1 - Hosts: www.altavista.com
    O1 - Hosts: altavista.com
    O1 - Hosts: search.yahoo.com
    O1 - Hosts: uk.search.yahoo.com
    O1 - Hosts: ca.search.yahoo.com
    O1 - Hosts: jp.search.yahoo.com
    O1 - Hosts: au.search.yahoo.com
    O1 - Hosts: de.search.yahoo.com
    O1 - Hosts: search.yahoo.co.jp
    O1 - Hosts: www.lycos.de
    O1 - Hosts: www.lycos.ca
    O1 - Hosts: www.lycos.jp
    O1 - Hosts: www.lycos.co.jp
    O1 - Hosts: alltheweb.com
    O1 - Hosts: web.ask.com
    O1 - Hosts: ask.com
    O1 - Hosts: www.ask.com
    O1 - Hosts: www.teoma.com
    O1 - Hosts: search.aol.com
    O1 - Hosts: www.looksmart.com
    O1 - Hosts: auto.search.msn.com
    O1 - Hosts: search.msn.com
    O1 - Hosts: ca.search.msn.com
    O1 - Hosts: fr.ca.search.msn.com
    O1 - Hosts: search.fr.msn.be
    O1 - Hosts: search.fr.msn.ch
    O1 - Hosts: search.latam.yupimsn.com
    O1 - Hosts: search.msn.at
    O1 - Hosts: search.msn.be
    O1 - Hosts: search.msn.ch
    O1 - Hosts: search.msn.co.in
    O1 - Hosts: search.msn.co.jp
    O1 - Hosts: search.msn.co.kr
    O1 - Hosts: search.msn.com.br
    O1 - Hosts: search.msn.com.hk
    O1 - Hosts: search.msn.com.my
    O1 - Hosts: search.msn.com.sg
    O1 - Hosts: search.msn.com.tw
    O1 - Hosts: search.msn.co.za
    O1 - Hosts: search.msn.de
    O1 - Hosts: search.msn.dk
    O1 - Hosts: search.msn.es
    O1 - Hosts: search.msn.fi
    O1 - Hosts: search.msn.fr
    O1 - Hosts: search.msn.it
    O1 - Hosts: search.msn.nl
    O1 - Hosts: search.msn.no
    O1 - Hosts: search.msn.se
    O1 - Hosts: search.ninemsn.com.au
    O1 - Hosts: search.t1msn.com.mx
    O1 - Hosts: search.xtramsn.co.nz
    O1 - Hosts: search.yupimsn.com
    O1 - Hosts: uk.search.msn.com
    O1 - Hosts: search.lycos.com
    O1 - Hosts: www.lycos.com
    O1 - Hosts: www.google.ca
    O1 - Hosts: google.ca
    O1 - Hosts: www.google.uk
    O1 - Hosts: www.google.co.uk
    O1 - Hosts: www.google.com.au
    O1 - Hosts: www.google.co.jp
    O1 - Hosts: www.google.jp
    O1 - Hosts: www.google.at
    O1 - Hosts: www.google.be
    O1 - Hosts: www.google.ch
    O1 - Hosts: www.google.de
    O1 - Hosts: www.google.se
    O1 - Hosts: www.google.dk
    O1 - Hosts: www.google.fi
    O1 - Hosts: www.google.fr
    O1 - Hosts: www.google.com.gr
    O1 - Hosts: www.google.com.hk
    O1 - Hosts: www.google.ie
    O1 - Hosts: www.google.co.il
    O1 - Hosts: www.google.it
    O1 - Hosts: www.google.co.kr
    O1 - Hosts: www.google.com.mx
    O1 - Hosts: www.google.nl
    O1 - Hosts: www.google.co.nz
    O1 - Hosts: www.google.pl
    O1 - Hosts: www.google.pt
    O1 - Hosts: www.google.com.ru
    O1 - Hosts: www.google.com.sg
    O1 - Hosts: www.google.co.th
    O1 - Hosts: www.google.com.tr
    O1 - Hosts: www.google.com.tw
    O1 - Hosts: go.google.com
    O1 - Hosts: google.at
    O1 - Hosts: google.be
    O1 - Hosts: google.de
    O1 - Hosts: google.dk
    O1 - Hosts: google.fi
    O1 - Hosts: google.fr
    O1 - Hosts: google.com.hk
    O1 - Hosts: google.ie
    O1 - Hosts: google.co.il
    O1 - Hosts: google.it
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [System Update] winsct32.exe
    O4 - HKLM\..\Run: [MMtask Service] mmtask.exe
    O4 - HKCU\..\Run: [System Update] winsct32.exe
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com


    then reboot &
    download AdAware 6 181
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it.

    then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.



    and since mmtask is a virus and I strongly suspect winsct32.exe to also be
    Run an online antivirus check from at least one of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/


    then post a new hijackthis log to check
     
  3. jenspen

    jenspen Thread Starter

    Joined:
    Feb 23, 2002
    Messages:
    58
    Hey, I just ran Housecall this morning (the free online antivirus) and no viruses were found. I also ran Ad-Aware this morning (with the latest ref file, as I always check for new ones each time I decide to run it), and so I'm mostly in the clear. However, I will go through all the steps you gave me. I really appreciate your help, and I will come back and let you know how everything works out. THANKS!

    ~Jen
     
  4. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Verify that you have this option checked under Ad-aware 6 Settings, Scanning, Memory & Registry: "Scan My Hosts File"
     
  5. jenspen

    jenspen Thread Starter

    Joined:
    Feb 23, 2002
    Messages:
    58
    OK, I did everything you mentioned dvk. Thank you for your very thorough post! My problem with the search engines is GONE! YAY! I love me some Spybot! It found where in the registry, the search query would bring me to about:blank. I wonder how in the world that happened... ?? I never mess with the registry unless I am following instructions to manually remove something. Anywho, Spybot fixed all that. I now have it downloaded at home and I'm getting ready to run it here as well. As for the speed of my computer at work, it seems to be OK, but I think I probably need to defrag and scandisk and all that, as it hasn't been done in a million years it seems.

    THANKS FOR ALL YOUR HELP!! Mark it solved, I suppose! :)

    ~Jen
     
  6. jenspen

    jenspen Thread Starter

    Joined:
    Feb 23, 2002
    Messages:
    58
    I need to ask though, mmtask.exe, I wasn't worried about, because I knew MusicMatch JukeBox used a file like that, but when doing a search, I found it in that folder AS WELL AS another mmtask.exe in the Windows/System folder and it was 30kb bigger.... If this IS a virus, why hasn't Housecall found it?? They keep that scanner upated. What do I need to do...???

    And... Oops, I forgot to post my new hijackthis log. Here it is.

    Logfile of HijackThis v1.97.2
    Scan saved at 1:26:03 AM, on 10/3/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\NOVELL\CLIENT32\NWPOPUP.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
    C:\WINDOWS\SYSTEM\MSDTCW.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\PWSTRAY.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\BRQIKMON.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\EXCEL.EXE
    D:\PM65\PM65.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\MSAGENT\AGENTSVR.EXE
    D:\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aitsafe.com/admin/users/
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
    O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
    O4 - Startup: FMS.pif = V:\FMS\WB.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.americangreetings.com/cnp/Install/AxCtp.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37659.2463888889
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/169004

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice