First, i'd recommend moving
HiJackThis to it's own folder. When backups are created, they might appear on your desktop.
First, It appears your pc has a peper infection. We need to go to this
site, and follow the instructions provided. Be patient, it might take several attempts to completely fix this problem.
Just for reference, the entry(s) above, represent the peper infection.
Next, Go to
www.trendmicro.com, then click "
Free Online Scan".It'll take awhile to download, so be patient. After if done, select all available drive, then begin scanning.
Next, use "
Add/Remove programs" to look for, and uninstall (remove) the following entry(s):
MyWebSearch
AdvSearch or AdvanceSearch
CommonSearch (VCatch...)
HelpExpress
Look for entry(s) with 'search' in the name. Be careful not to remove any system software or 'hot' fixes. If your not sure about any entry(s), just post them back.
Run
HiJackThis, Click "
Scan", the check (tick) the following entry(s), if present:
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (This won't be here if you've previously uninstalled 'MyWebSearch'.)
C:\PROGRA~1\INTERN~2\inetmgr.exe C:\PROGRA~1\INTERN~2\inetsvc.exe (This won't be here if you've previously uninstalled 'AdvSearch'.)
C:\documents and settings\doug hite\local settings\temp\sQxbNxmL.exe C:\Program Files\System Soap Pro\hhhh.exe
C:\PROGRA~1\COMMON~2\VCatch\VCATCH.EXE (This won't be here if you've previously uninstalled 'CommonSearch' (Vcatch).)
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
Hello and thanks for the help but I am still experiencing this recurring Rundll error. I have done as
you suggested but ran into some issues. First, I found no pepper files, second, when trying to delete
the My Web Search popular screen savers file from 'Add/Remove' programs I get this Rundll message:
'error loading C:\Progra~1\myweb~1\bar\1.bin\nwsbar.dll. I did find several unremovable virus's from
the Virus program (sorry, I did not copy the file but will if needed).. I re-ran and fixed the specified files in my HijackThis log and have posted a new
logfile, however, I still show one that I checked to fix listed: 04 -hklm\..Run [inetmgr] C:\Progra~1\INTERN~2\inetmgr.exe.
Thanks again.
Logfile of HijackThis v1.98.2 Scan saved at 2:55:05 PM, on 10/25/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Ok, let's see if we can find these two. First, download, install and run "
Process Explorer" from SysInternals.
Expand the window to it's fullest view and click on the "
Process" header to alphabetize the entries. How many "
RunDll32" entry(s) do you have?
When you find them, double-click on each entry to bring up it's "
Properties" window and look for the missing dll file name(s) in the command line. When you find them, look at "
Parent", to see who 'spawned' this process (entry).
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm (I'm not sure if this is related to it as well, but if you don't use of need this, have HJT fix it.)
Now, with all windows closed (except
HijackThis), click
'Fix checked'.
Look for and delete these entry(s), if present. Make sure you can view hidden and system files:
[folder] C:\Program Files\MyWebSearch
Flush your temporary folders, and temporary internet files (including offline content); use "
Disk Cleanup", if you want.
Thanks again. I believe this fixed my problem. I know longer have the recurring rundll errors. It appears
the Adaware Personal SE edition fixed it. I also removed the items listed and I am posting a new
logfile just in case there is something I missed but I have not seen any more errors.
Thanks.
Logfile of HijackThis v1.98.2 Scan saved at 3:06:07 PM, on 10/29/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I ran HijackThis again and fixed the 04 - HKLM\..\Run [intetmgr] C:\Progra~1\Intern~2.......entry.
I found no further files with C:\Progra~1\Intern~1.... I re-ran HijackThis and here is my logfile.
Thanks again.
Logfile of HijackThis v1.98.2
Scan saved at 4:18:56 PM, on 10/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Midnight Star
4.8K Posts
0
October 24th, 2004 22:00
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\NjqM9Y44.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
(This won't be here if you've previously uninstalled 'MyWebSearch'.)
C:\PROGRA~1\INTERN~2\inetsvc.exe
(This won't be here if you've previously uninstalled 'AdvSearch'.)
C:\Program Files\System Soap Pro\hhhh.exe
(This won't be here if you've previously uninstalled 'CommonSearch' (Vcatch).)
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\NjqM9Y44.exe
(This won't be here if you've previously uninstalled 'HelpExpress'.)
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
(These won't be here if you've previously uninstalled 'MyWebSearch'.)
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [sQxbNxmL] C:\documents and settings\doug hite\local settings\temp\sQxbNxmL.exe
O4 - HKLM\..\Run: [qekxfk] C:\WINDOWS\System32\qwpecauz.exe
O4 - HKLM\..\Run: [4KA6FLQ3XA9NMJ] C:\WINDOWS\System32\Grxe.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\hhhh.exe min
O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\VCatch\VCATCH.EXE
(Netster)
Now, with all windows closed, except HiJackThis, click " Fix checked". Close the HiJackThis window.
ChrisRLG
3.9K Posts
0
October 25th, 2004 11:00
Add these to the removal list - malware :-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
DKH8888
4 Posts
0
October 25th, 2004 18:00
Hello and thanks for the help but I am still experiencing this recurring Rundll error. I have done as
you suggested but ran into some issues. First, I found no pepper files, second, when trying to delete
the My Web Search popular screen savers file from 'Add/Remove' programs I get this Rundll message:
'error loading C:\Progra~1\myweb~1\bar\1.bin\nwsbar.dll. I did find several unremovable virus's from
the Virus program (sorry, I did not copy the file but will if needed).. I re-ran and fixed the specified files in my HijackThis log and have posted a new
logfile, however, I still show one that I checked to fix listed: 04 -hklm\..Run [inetmgr] C:\Progra~1\INTERN~2\inetmgr.exe.
Thanks again.
Logfile of HijackThis v1.98.2
Scan saved at 2:55:05 PM, on 10/25/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\INTERN~2\inetmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\INTERN~2\inetsvc.exe
C:\Program Files\America Online 8.0c\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 8.0c\aol.exe
C:\Program Files\America Online 8.0c\waol.exe
C:\Program Files\America Online 8.0c\aolwbspd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C0A7BB-01D1-45FC-B74A-621B126F7A8C}: NameServer = 205.188.146.146
jamez kann
860 Posts
0
October 26th, 2004 16:00
Midnight Star
4.8K Posts
0
October 27th, 2004 02:00
Midnight Star
4.8K Posts
0
October 27th, 2004 03:00
(I'm not sure if this is related to it as well, but if you don't use of need this, have HJT fix it.)
DKH8888
4 Posts
0
October 29th, 2004 18:00
Thanks again. I believe this fixed my problem. I know longer have the recurring rundll errors. It appears
the Adaware Personal SE edition fixed it. I also removed the items listed and I am posting a new
logfile just in case there is something I missed but I have not seen any more errors.
Thanks.
Logfile of HijackThis v1.98.2
Scan saved at 3:06:07 PM, on 10/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 8.0c\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\America Online 8.0c\aol.exe
C:\Program Files\America Online 8.0c\waol.exe
C:\Program Files\America Online 8.0c\aolwbspd.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C0A7BB-01D1-45FC-B74A-621B126F7A8C}: NameServer = 205.188.146.146
Midnight Star
4.8K Posts
0
October 29th, 2004 23:00
DKH8888
4 Posts
0
October 30th, 2004 19:00
Scan saved at 4:18:56 PM, on 10/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 8.0c\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\America Online 8.0c\aol.exe
C:\Program Files\America Online 8.0c\waol.exe
C:\Program Files\America Online 8.0c\aolwbspd.exe
C:\Program Files\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C0A7BB-01D1-45FC-B74A-621B126F7A8C}: NameServer = 205.188.146.146
Midnight Star
4.8K Posts
0
October 30th, 2004 21:00