|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
May 11th, 2004, 12:39 AM
|
|||
|
|||
hijack log help
Hi. Ads keep popping up on my pc and it affects everything by slowing down the pc alot. Heres the log. Thanks.
Logfile of HijackThis v1.97.7 Scan saved at 9:38:53 PM, on 5/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\installer.exe C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe C:\DOCUME~1\mack\LOCALS~1\Temp\bundle.exe C:\Program Files\Common Files\slmss\slmss.exe C:\WINDOWS\mwsvm.exe C:\WINDOWS\System32\RUNDLL32.exe C:\windows\system32\msbb.exe C:\WINDOWS\System32\iexplore.exe C:\WINDOWS\System32\sccmgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.2020search.com/9909/se...CID=default&s= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoast.com/9909/search/search.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/ O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020Search2.dll O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\mack\LOCALS~1\Temp\bundle.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe O4 - HKLM\..\Run: [msbb] c:\windows\system32\msbb.exe O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\System32\dpcproxy.exe O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Sidesearch (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Trashcan (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU) O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net.../r1chtrblz.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} (SpeedCtrl Class) - http://www.atelys.com/src/Speedup.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...063.9752893519 O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
|
#2
May 11th, 2004, 04:06 AM
|
||||
|
||||
|
Re: hijack log help
do you use direcway as your ISP, if not then the C:\WINDOWS\System32\dpcproxy.exe might be a baddie masqueradinga s a file that direcway uses to control your connection
first copy these files and zip them and send to submit@thespykiller.co.uk with a short note referring to this thread C:\WINDOWS\System32\sccmgr.exe C:\WINDOWS\System32\dpcproxy.exe Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in. These easily get lost in a Temp folder or get scattered all over the desktop Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.2020search.com/9909/s...PCID=default&s= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoast.com/9909/search/search.html O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020Search2.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\mack\LOCALS~1\Temp\bundle.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe O4 - HKLM\..\Run: [msbb] c:\windows\system32\msbb.exe O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe O9 - Extra button: Sidesearch (HKLM) O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.ne...b/r1chtrblz.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} (SpeedCtrl Class) - http://www.atelys.com/src/Speedup.ocx Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT...01052409420406 then as some of the files or folders you need to delete may be hidden do this: Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" Delete these files C:\DOCUME~1\mack\LOCALS~1\Temp\bundle.exe <<<<see below ******* C:\WINDOWS\System32\stcloader.exe C:\WINDOWS\bxxs5.dl C:\WINDOWS\mwsvm.exe C:\WINDOWS\Belt.exe c:\windows\system32\msbb.exe C:\WINDOWS\System32\iexplore.exe and Delete these folders C:\Program Files\ClearSearch C:\Program Files\Common Files\slmss C:\Program Files\Srng C:\Program Files\ClipGenie NOTE******** then using windows explorer go to C:\Documents and Settings\mack\Local Settings\Temp and select everything in that folder and delete it as XP will not let you delete files less than 24 hours old as it thinks it might need them please also do this while in the temp folder, select view and select details. then right click a blank part and select arrange icons by, and select show in groups and modified, that will give a list of all files in date order with today at the top of the page. select all the files/folders except the today ones and delete them all. 1) Open Control Panel 2) Click on Internet Options 3) On the General Tab, in the middle of the screen, click on Delete Files 4) You may also want to check the box "Delete all offline content" 5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files 6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive then Reboot normally & Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described Spybot - Search & Destroy from http://security.kolla.de AdAware 6 from http://www.lavasoft.de/support/download Run Sybot S&D After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED. then reboot & Run ADAWARE Before you scan with AdAware, check for updates of the reference file by using the "webupdate". the current ref file should read at least 01R303 08.05.2004 or a higher number/later date Then ........ Make sure the following settings are made and on -------"ON=GREEN" From main window :Click "Start" then " Activate in-depth scan" then...... click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files" then......... go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot" then...... click "proceed" to save your settings. Now to scan it´s just to click the "Scan" button. When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries. reboot again then post a new hijackthis log to check what is left
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy | Hedgehog Rescue |
|
#3
May 11th, 2004, 06:19 AM
|
||||
|
||||
|
Re: hijack log help
Ok I've just received the file
C:\WINDOWS\System32\dpcproxy.exe is not part of direcway My antivirus detects it as a golden palace trojan downloader so Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked O4 - HKLM\..\Run: [dpcproxy] C:\WINDOWS\System32\dpcproxy.exe Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT...01052409420406 then as some of the files or folders you need to delete may be hidden do this: Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" Delete these files C:\WINDOWS\System32\dpcproxy.exe then Reboot normally & see if all ypur problems are gone It would be wise to post another hjt log and Run an online antivirus check from at least one and preferably 2 of the following sites http://security.symantec.com/default.asp? http://housecall.trendmicro.com/ http://www.pandasoftware.com/activescan/ http://www.ravantivirus.com/scan/ http://www3.ca.com/virusinfo/
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy | Hedgehog Rescue |
|
#4
May 11th, 2004, 06:41 AM
|
|||
|
|||
|
Re: hijack log help
hey thanks alot. everything is faster and working correctly.
Logfile of HijackThis v1.97.7 Scan saved at 3:31:14 AM, on 5/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe C:\WINDOWS\System32\sccmgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Trashcan (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...063.9752893519 O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
|
#5
May 11th, 2004, 08:22 AM
|
||||
|
||||
|
Re: hijack log help
That looks a lot better
I'm quite suprised that KAV didn't catch the dpcproxy.exe so I would make sure you have that updated properly and check that all it's scanning options and extras are enabled if it is a proper version of KAV and not some rip off clone that pretends to be Kapersky Turn off system restore by following instructions here http://service1.symantec.com/SUPPORT...01111912274039 That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point. Read here http://www.wilderssecurity.com/showthread.php?t=27971 for info on how to tighten your security settings and how to help prevent future attacks. & it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy | Hedgehog Rescue |
|
#6
May 11th, 2004, 03:12 PM
|
|||
|
|||
|
Re: hijack log help
Hi. Now the sccmsg.exe shows up and im still getting the pop ups and slow net, so that may be the problem? Heres the log. Thx.
Scan saved at 12:09:10 PM, on 5/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe C:\WINDOWS\System32\sccmgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Trashcan (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...063.9752893519 O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
