Hijack This Log

Discussion in 'adware, spyware & hijack cleaning' started by Carlson4, Apr 6, 2004.

Thread Status:
Not open for further replies.
  1. Carlson4

    Carlson4 Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    3
    I have downloaded and run Adaware. Many shortcuts keep coming up after rebooting that I have no clue about.

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\BCMDMMSG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\DEVLDR16.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\PROGRAM FILES\CANON CREATIVE\TEXTBRIDGE\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\EXCITE\PLATFORM\EXSHELL.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\HW0NWMAB.EXE
    C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\PROFILES\NANCY\MY DOCUMENTS\COPY OF HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.jethomepage.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.40.16.218 auto.search.msn.com
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
    O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
    O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [Excite Platform] C:\PROGRA~1\EXCITE\PLATFORM\ExLaunch.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [SHTCPW] C:\WINDOWS\SYSTEM\SHTCPW.exe
    O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\Run: [HW0NWMAB.EXE] C:\WINDOWS\HW0NWMAB.EXE /dk
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [HW0NWMAB.EXE] C:\WINDOWS\HW0NWMAB.EXE /dk
    O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Update Grokster.lnk = C:\Program Files\Grokster\WiseUpdt.exe
    O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Startup: WGLY565W.lnk = C:\WINDOWS\wgly565w.exe
    O4 - Startup: E4EYZGWA.lnk = C:\WINDOWS\e4eyzgwa.exe
    O4 - Startup: O0X08230.lnk = C:\WINDOWS\o0x08230.exe
    O4 - Startup: RDI7EVH1.lnk = C:\WINDOWS\rdi7evh1.exe
    O4 - Startup: 4B0QLBG8.lnk = C:\WINDOWS\4b0qlbg8.exe
    O4 - Startup: HW0NWMAB.lnk = C:\WINDOWS\hw0nwmab.exe
    O4 - User Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
    O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - User Startup: Update Grokster.lnk = C:\Program Files\Grokster\WiseUpdt.exe
    O4 - User Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - User Startup: WGLY565W.lnk = C:\WINDOWS\wgly565w.exe
    O4 - User Startup: E4EYZGWA.lnk = C:\WINDOWS\e4eyzgwa.exe
    O4 - User Startup: O0X08230.lnk = C:\WINDOWS\o0x08230.exe
    O4 - User Startup: RDI7EVH1.lnk = C:\WINDOWS\rdi7evh1.exe
    O4 - User Startup: 4B0QLBG8.lnk = C:\WINDOWS\4b0qlbg8.exe
    O4 - User Startup: HW0NWMAB.lnk = C:\WINDOWS\hw0nwmab.exe
    O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
    O4 - Global Startup: EO088O1F.lnk = C:\WINDOWS\eo088o1f.exe
    O4 - Global Startup: 03MN0EJ7.lnk = C:\WINDOWS\03mn0ej7.exe
    O4 - Global Startup: FVT2K85N.lnk = C:\WINDOWS\fvt2k85n.exe
    O4 - Global Startup: ITHL3U07.lnk = C:\WINDOWS\ithl3u07.exe
    O4 - Global Startup: 12RLNQPK.lnk = C:\WINDOWS\12rlnqpk.exe
    O4 - Global Startup: CP853FBF.lnk = C:\WINDOWS\cp853fbf.exe
    O4 - Global Startup: QYFWK9PX.lnk = C:\WINDOWS\qyfwk9px.exe
    O4 - Global Startup: 6CX7TL4A.lnk = C:\WINDOWS\6cx7tl4a.exe
    O4 - Global Startup: EFGW9C09.lnk = C:\WINDOWS\efgw9c09.exe
    O4 - Global Startup: YOOLI06X.lnk = C:\WINDOWS\yooli06x.exe
    O4 - Global Startup: X4DW8XIZ.lnk = C:\WINDOWS\x4dw8xiz.exe
    O4 - Global Startup: ZQ3Z21FV.lnk = C:\WINDOWS\zq3z21fv.exe
    O4 - Global Startup: ZOLLMB8H.lnk = C:\WINDOWS\zollmb8h.exe
    O4 - Global Startup: 4B0QLBG8.lnk = C:\WINDOWS\4b0qlbg8.exe
    O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Global Startup: 5JJT3G5Y.lnk = C:\WINDOWS\5jjt3g5y.exe
    O4 - Global Startup: AGQ6XIAL.lnk = C:\WINDOWS\agq6xial.exe
    O4 - Global Startup: 9UJXGW9Q.lnk = C:\WINDOWS\9ujxgw9q.exe
    O4 - Global Startup: T5VWDULY.lnk = C:\WINDOWS\t5vwduly.exe
    O4 - Global Startup: 0HLITKHC.lnk = C:\WINDOWS\0hlitkhc.exe
    O4 - Global Startup: 4IMI3UZB.lnk = C:\WINDOWS\4imi3uzb.exe
    O4 - Global Startup: O5BMOKLK.lnk = C:\WINDOWS\o5bmoklk.exe
    O4 - Global Startup: FYD18FY0.lnk = C:\WINDOWS\fyd18fy0.exe
    O4 - Global Startup: WGLY565W.lnk = C:\WINDOWS\wgly565w.exe
    O4 - Global Startup: E4EYZGWA.lnk = C:\WINDOWS\e4eyzgwa.exe
    O4 - Global Startup: O0X08230.lnk = C:\WINDOWS\o0x08230.exe
    O4 - Global Startup: RDI7EVH1.lnk = C:\WINDOWS\rdi7evh1.exe
    O4 - Global Startup: HW0NWMAB.lnk = C:\WINDOWS\hw0nwmab.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Encarta Encyclopedia (HKLM)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
    O9 - Extra button: Define (HKLM)
    O9 - Extra 'Tools' menuitem: Define (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {1FA643B0-F90E-11D3-BA0B-00C04F384A92} (HomeTsrCtrl Class) - http://image.excite.com/sputnik/dynacat_upload/HOME/ATHMWWW/locationchange.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38012.659525463

    disabled smilies - Pieter
     
    Carlson4, Apr 6, 2004
    #1
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    download this file (Adtomi Cleanup.zip).
    http://www.wilderssecurity.com/attachments/9x_Adtomi_Cleanup.zip for 98 or ME
    or alternatively from
    http://www.thespykiller.co.uk/downloads.htm

    It was created by Mosaic1 and is available here with her kind permission
    And follow the instructions carefully.

    First If you have a Script Blocking Program enabled, disable it so the scripts will run.

    Unzip it to C:\Windows

    See if there is an Adtomi or yahoo stocks icon in your system tray , it might be a red ?? and if so right click and select remove , you must be online for this part
    --A web page from Adtomi would appear "-uninstall was succesful!"
    then go off line
    (note not all infections have this icon, so if it isn't there then don't worry, just continue to the next step)

    next press ctrl+ ALT+DEL once to bring up task manager, look in applications for the funny named file with 8 assorted letters & numbers, that will be listed towards the bottom of the running process list in your hijackthis log, If it isn't listed in the applications, then look in processes tab.

    In your case the file/ process to stop is : HW0NWMAB.EXE
    then press end task or end process and make sure that entry has disapeared from the list.
    if you can't stop it running, then DO NOT CONTINUE, please ask for more help first and there might also be morze1 running, if so end that process as well.

    Now locate and Double Click Cleanup.bat that is in the folder you unzipped ( C:\Windows\Adtomi Cleanup )

    ***Do not Touch the VBS files. The bat file will run the scripts.

    Make sure all Browser and folder windows are closed and it will do everything automatically for you.

    It will remove the Adtomi Spyware files from the Windows Folder
    Clean the Startup Folders
    Create Backups of the Adtomi exe files it deletes and save them in this folder
    Create a list of all oddly named files deleted from the Windows Folder
    Uninstall the BHO
    Start HijackThis and give you directions on what to remove.

    When you have finished please restart the computer.

    Run HijackThis again and post the contents of your new log and the contents of Adtomi.txt in your next reply in your Forum Topic.

    There will be other things to clear after we fix this one
     
    dvk01, Apr 6, 2004
    #2
  3. Carlson4

    Carlson4 Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    3
    I have not been able to locate the file: HWONWMAB.EXE
    So, I haven't been able to remove it. Is there somewhere else to look? Just so you know, I am a complete computer idiot. Help!!
     
    Carlson4, Apr 6, 2004
    #3
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    please post a new hijackthis log in case the file has changed it's name
     
    dvk01, Apr 7, 2004
    #4
  5. Carlson4

    Carlson4 Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    3
    Here is the new Hijack This Log. Thanks.
    Logfile of HijackThis v1.97.7
    Scan saved at 7:50:44 AM, on 4/7/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\BCMDMMSG.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\DEVLDR16.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\PROGRAM FILES\CANON CREATIVE\TEXTBRIDGE\BIN\INSTANTACCESS.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\EXCITE\PLATFORM\EXSHELL.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
    C:\WINDOWS\SYSTEM\HPZSTATX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\LIPCIMPA.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\TEMP\TD_0010.DIR\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.jethomepage.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.40.16.218 auto.search.msn.com
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
    O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [Excite Platform] C:\PROGRA~1\EXCITE\PLATFORM\ExLaunch.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
    O4 - HKLM\..\Run: [FD3Q0EJ4.EXE] C:\WINDOWS\FD3Q0EJ4.EXE /dk
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\Run: [LIPCIMPA] C:\WINDOWS\SYSTEM\LIPCIMPA.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [FD3Q0EJ4.EXE] C:\WINDOWS\FD3Q0EJ4.EXE /dk
    O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Update Grokster.lnk = C:\Program Files\Grokster\WiseUpdt.exe
    O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Startup: WGLY565W.lnk = C:\WINDOWS\wgly565w.exe
    O4 - Startup: E4EYZGWA.lnk = C:\WINDOWS\e4eyzgwa.exe
    O4 - Startup: O0X08230.lnk = C:\WINDOWS\o0x08230.exe
    O4 - Startup: RDI7EVH1.lnk = C:\WINDOWS\rdi7evh1.exe
    O4 - Startup: 4B0QLBG8.lnk = C:\WINDOWS\4b0qlbg8.exe
    O4 - Startup: HW0NWMAB.lnk = C:\WINDOWS\hw0nwmab.exe
    O4 - Startup: FD3Q0EJ4.lnk = C:\WINDOWS\fd3q0ej4.exe
    O4 - User Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
    O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - User Startup: Update Grokster.lnk = C:\Program Files\Grokster\WiseUpdt.exe
    O4 - User Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - User Startup: WGLY565W.lnk = C:\WINDOWS\wgly565w.exe
    O4 - User Startup: E4EYZGWA.lnk = C:\WINDOWS\e4eyzgwa.exe
    O4 - User Startup: O0X08230.lnk = C:\WINDOWS\o0x08230.exe
    O4 - User Startup: RDI7EVH1.lnk = C:\WINDOWS\rdi7evh1.exe
    O4 - User Startup: 4B0QLBG8.lnk = C:\WINDOWS\4b0qlbg8.exe
    O4 - User Startup: HW0NWMAB.lnk = C:\WINDOWS\hw0nwmab.exe
    O4 - User Startup: FD3Q0EJ4.lnk = C:\WINDOWS\fd3q0ej4.exe
    O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
    O4 - Global Startup: EO088O1F.lnk = C:\WINDOWS\eo088o1f.exe
    O4 - Global Startup: 03MN0EJ7.lnk = C:\WINDOWS\03mn0ej7.exe
    O4 - Global Startup: FVT2K85N.lnk = C:\WINDOWS\fvt2k85n.exe
    O4 - Global Startup: ITHL3U07.lnk = C:\WINDOWS\ithl3u07.exe
    O4 - Global Startup: 12RLNQPK.lnk = C:\WINDOWS\12rlnqpk.exe
    O4 - Global Startup: CP853FBF.lnk = C:\WINDOWS\cp853fbf.exe
    O4 - Global Startup: QYFWK9PX.lnk = C:\WINDOWS\qyfwk9px.exe
    O4 - Global Startup: 6CX7TL4A.lnk = C:\WINDOWS\6cx7tl4a.exe
    O4 - Global Startup: EFGW9C09.lnk = C:\WINDOWS\efgw9c09.exe
    O4 - Global Startup: YOOLI06X.lnk = C:\WINDOWS\yooli06x.exe
    O4 - Global Startup: X4DW8XIZ.lnk = C:\WINDOWS\x4dw8xiz.exe
    O4 - Global Startup: ZQ3Z21FV.lnk = C:\WINDOWS\zq3z21fv.exe
    O4 - Global Startup: ZOLLMB8H.lnk = C:\WINDOWS\zollmb8h.exe
    O4 - Global Startup: 4B0QLBG8.lnk = C:\WINDOWS\4b0qlbg8.exe
    O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Global Startup: 5JJT3G5Y.lnk = C:\WINDOWS\5jjt3g5y.exe
    O4 - Global Startup: AGQ6XIAL.lnk = C:\WINDOWS\agq6xial.exe
    O4 - Global Startup: 9UJXGW9Q.lnk = C:\WINDOWS\9ujxgw9q.exe
    O4 - Global Startup: T5VWDULY.lnk = C:\WINDOWS\t5vwduly.exe
    O4 - Global Startup: 0HLITKHC.lnk = C:\WINDOWS\0hlitkhc.exe
    O4 - Global Startup: 4IMI3UZB.lnk = C:\WINDOWS\4imi3uzb.exe
    O4 - Global Startup: O5BMOKLK.lnk = C:\WINDOWS\o5bmoklk.exe
    O4 - Global Startup: FYD18FY0.lnk = C:\WINDOWS\fyd18fy0.exe
    O4 - Global Startup: WGLY565W.lnk = C:\WINDOWS\wgly565w.exe
    O4 - Global Startup: E4EYZGWA.lnk = C:\WINDOWS\e4eyzgwa.exe
    O4 - Global Startup: O0X08230.lnk = C:\WINDOWS\o0x08230.exe
    O4 - Global Startup: RDI7EVH1.lnk = C:\WINDOWS\rdi7evh1.exe
    O4 - Global Startup: HW0NWMAB.lnk = C:\WINDOWS\hw0nwmab.exe
    O4 - Global Startup: FD3Q0EJ4.lnk = C:\WINDOWS\fd3q0ej4.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Encarta Encyclopedia (HKLM)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
    O9 - Extra button: Define (HKLM)
    O9 - Extra 'Tools' menuitem: Define (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {1FA643B0-F90E-11D3-BA0B-00C04F384A92} (HomeTsrCtrl Class) - http://image.excite.com/sputnik/dynacat_upload/HOME/ATHMWWW/locationchange.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38012.659525463

    disabled smilies - Pieter
     
    Carlson4, Apr 7, 2004
    #5
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Carlson4,

    Here is the file you are looking for now to stop the process of:

    LIPCIMPA.EXE

    Regards,
    Kent
     
    puff-m-d, Apr 7, 2004
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...