|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
1200+ fellow developers rate and compare features of the top IDEs, like Visual Studio, Eclipse, RAD, Delphi and others, across 13 categories. Enjoy this FREE Download of the IDE User Satisfaction Study by Evans Data Corporation. Download Now!
|
|
#1
May 13th, 2004, 06:11 PM
|
|||
|
|||
|
your-Searcher homepage hijack
With Hijackthis, here's my log
Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\system32\config\services.exe C:\program files\GlobalDialer\domer00095\gd-dial.exe C:\Program Files\Internet Explorer\IEengine.exe C:\WINNT\system32\WTablet\TabUserW.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINNT\system32\wuauclt.exe C:\Program Files\AIM\aim.exe C:\Program Files\Plan Link\CDROMCAMP.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Richmond\Desktop\Andy\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Regsvc] C:\WINNT\system\regsv.exe O4 - HKLM\..\Run: [Services Process] C:\WINNT\system32\config\services.exe O4 - HKLM\..\Run: [proc sixth] C:\PROGRA~1\Plan Link\CDROMCAMP.exe O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00095\gd-dial.exe -remove O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe O4 - HKCU\..\Run: [dllhelp] c:\winnt\dllhelp.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MRIS VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Microsoft® JavaScript® Console (HKLM) O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Microsoft® JavaScript® Console (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_41.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pu...ash/swflash.cab
|
|
#2
May 14th, 2004, 05:22 PM
|
|||
|
|||
|
Hey AndyLC,
We really need to see the top portion (header) of your log. Please include it in your follow up post. Open Task Manager and end the following processes if running: dllhelp.exe gd-dial.exe IEengine.exe Run HijackThis, place a checkmark next to the following items. Close ALL other windows and browsers except HijackThis. Click "fix checked". R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00095\gd-dial.exe -remove O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe O4 - HKCU\..\Run: [dllhelp] c:\winnt\dllhelp.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Show hidden files: How to Show hidden files and folders. http://www.xtra.co.nz/help/0,,4155-1916458,00.html Boot into Safe Mode. Here's instructions: http://service1.symantec.com/SUPPOR...01052409420406/ Delete the following folder: c:\program files\GlobalDialer\ Delete the following file: c:\winnt\dllhelp.exe Reboot normally and post a new log. Does anything in these two lines look familiar to you? C:\Program Files\Plan Link\CDROMCAMP.exe O4 - HKLM\..\Run: [proc sixth] C:\PROGRA~1\Plan Link\CDROMCAMP.exe Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#3
May 15th, 2004, 12:19 AM
|
|||
|
|||
|
Here's my log
Logfile of HijackThis v1.97.7 Scan saved at 1:25:56 AM, on 5/15/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\PLANLI~1\CDROMCAMP.exe C:\WINNT\system32\config\services.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\wuauclt.exe C:\Documents and Settings\Richmond\Desktop\Applications\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough...www.google.com/ O4 - HKLM\..\Run: [proc sixth] C:\PROGRA~1\PLANLI~1\CDROMCAMP.exe O4 - HKLM\..\Run: [Services Process] C:\WINNT\system32\config\services.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab These two... C:\Program Files\Plan Link\CDROMCAMP.exe O4 - HKLM\..\Run: [proc sixth] C:\PROGRA~1\Plan Link\CDROMCAMP.exe ... do not look familiar to me. *something new just happenend. While opening Internet Explorer, a pro-search toolbar popped up. This did not happen the last time I thought I got rid of this search engine hijack.
|
|
#4
May 15th, 2004, 03:29 PM
|
|||
|
|||
|
You don't seem to have any any antivirus or firewall installed.
AVG from Grisoft has a free version! www.grisoft.com/us/us_dwnl_free.php ZoneLabs has a free firewall: www.zonelabs.com/ Let's have HijackThis fix: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough...www.google.com/ Reboot Can you right-click this file and tell me if a company name is associated with it? C:\Program Files\Plan Link\CDROMCAMP.exe
|
|
#5
May 15th, 2004, 07:09 PM
|
|||
|
|||
|
I downloaded the AVG fire wall
here's a new log Logfile of HijackThis v1.97.7 Scan saved at 8:16:36 PM, on 5/15/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\config\services.exe C:\PROGRA~1\PLANLI~1\CDROMCAMP.exe C:\WINNT\system32\wuauclt.exe C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Richmond\Desktop\Applications\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Services Process] C:\WINNT\system32\config\services.exe O4 - HKLM\..\Run: [proc sixth] C:\PROGRA~1\PLANLI~1\CDROMCAMP.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O9 - Extra button: AIM (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab Wierd, now there's a new tool bar that pops up when I open IE, it's not a search engine page any more.
|
|
#6
May 16th, 2004, 09:50 AM
|
|||
|
|||
|
Just ran a scan this morning
Logfile of HijackThis v1.97.7 Scan saved at 10:57:29 AM, on 5/16/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\config\services.exe C:\PROGRA~1\PLANLI~1\CDROMCAMP.exe C:\WINNT\system32\wuauclt.exe C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE C:\Program Files\AIM\aim.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Documents and Settings\Richmond\Desktop\Applications\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Services Process] C:\WINNT\system32\config\services.exe O4 - HKLM\..\Run: [proc sixth] C:\PROGRA~1\PLANLI~1\CDROMCAMP.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O9 - Extra button: AIM (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
|
|
#8
May 17th, 2004, 05:45 PM
|
|||
|
|||
|
Sure.
Type of file: application Description: CDROMCAMP Location: C:\Program Files\Plan Link Size: 229 KB Size on disk: 232 KB Created: Saturday, may 08, 2004 Modified: Friday, May 14, 2004 Accessed: Today, May 17, 2004 I don't remember installing anything on that day, nor accessign anything different today. and if it helps, my current log... ogfile of HijackThis v1.97.7 Scan saved at 6:53:28 PM, on 5/17/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\config\services.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\AIM\aim.exe C:\WINNT\kdx\KHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Richmond\Desktop\Applications\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Services Process] C:\WINNT\system32\config\services.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe O9 - Extra button: AIM (HKLM) O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab Thanks for helping me out.
|
|
#10
May 17th, 2004, 11:28 PM
|
|||
|
|||
|
yup,
Logfile of HijackThis v1.97.7 Scan saved at 12:36:32 AM, on 5/18/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\config\services.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\AIM\aim.exe C:\WINNT\kdx\KHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Richmond\Desktop\Applications\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Services Process] C:\WINNT\system32\config\services.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab am I in the green now?
|
|
#12
May 25th, 2004, 05:54 PM
|
|||
|
|||
|
Someone please help!
Would someone please help me here. I am noe to the HJT application and do not want to make things worse. see attached HJT log.
Logfile of HijackThis v1.97.7 Scan saved at 5:30:02 PM, on 5/25/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\atiptaxx.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Winamp\Winampa.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\windows\dllhelp.exe C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Mike\Desktop\1st\2nd\hijack\hijackthis\HijackThis.exe C:\toshiba\ivp\ism\ivpsvmgr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = URL R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = URL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = firewall:80 R1 - HKCU\Software\Microsoft\Internet Explorer,Search = URL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhelp.exe O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: WeatherBug (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: JT's Blocks - URL O16 - DPF: Tornado 21 - URL O16 - DPF: Yahoo! Bingo - URL O16 - DPF: Yahoo! Blackjack - URL O16 - DPF: Yahoo! Checkers - URL O16 - DPF: Yahoo! Dice - URL O16 - DPF: Yahoo! Dominoes - URL O16 - DPF: Yahoo! Dots - URL O16 - DPF: Yahoo! Go - URL O16 - DPF: Yahoo! Go Fish - URL O16 - DPF: Yahoo! Graffiti - URL O16 - DPF: Yahoo! Klondike Solitaire - URL O16 - DPF: Yahoo! Literati - URL O16 - DPF: Yahoo! Poker - URL O16 - DPF: Yahoo! Pool 2 - URL O16 - DPF: Yahoo! Pyramids - URL O16 - DPF: Yahoo! Reversi - URL O16 - DPF: Yahoo! Spelldown - URL O16 - DPF: Yahoo! Tic-Tac-Toe - URL O16 - DPF: Yahoo! Towers 2.0 - URL O16 - DPF: Yahoo! Word Racer - URL O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - URL O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - URL O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - URL O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - URL O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - URL O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - URL O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - URL O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\Mike\LOCALS~1\Temp\ThereInstallHelper.dll O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - URL O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - URL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = corp.sprint.com,hq.sprint.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.sprint.com,hq.sprint.com
|
|
#13
May 25th, 2004, 07:37 PM
|
|||
|
|||
|
Hi kcmomale74,
Please post your log in a new thread. It is too difficult to try and sort things out with more than one person's log is in a thread. Tom
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
