|
| ||
| Application Data Folder... Hi all, I have been getting a lot of trojans lately which is pissing me off. Does anyone know if the folder called Application data located in C:\Documents and Settings\Administrator\Application Data\GridSoftDupe needs to be on the computer. In that bloody Grid Soft folder there was a trojan & I see other .exe files in there & want to just delete the folder. Any help you can give me would be great. Thanks Michelle |
| ||
| Re: Application Data Folder... Sounds like a LOP infection. First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run the Lop Remover from: http://www.thespykiller.co.uk/downloads.htm |
| ||
| Re: Application Data Folder... Hey Crunchie, Long time now talk :) I have another post I typed up w/ your name in it :) Ok, I searched for all of those & none are there. Deleting just the file won't do the trick? Thanks Michelle |
| ||
| Re: Application Data Folder... Did you try the LOP remover link? It is better (IMO) to do that first :). There are usually more than the one entry. |
| ||
| Re: Application Data Folder... Ok, I did that, but how do I know if it worked? I also DLed HJT b/c when I got a new computer 6 months ago it was lost. Should I run it & send you the code? I don't even remember how after all this time LOL Thanks Michelle |
| ||
| Re: Application Data Folder... Quote:
Close any open browser windows, press the Scan and save log button, and then copy the contents of the log that comes up and paste it here. |
| ||
| Re: Application Data Folder... Logfile of HijackThis v1.99.1 Scan saved at 5:23:47 AM, on 7/19/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINNT\system32\Brmfrmps.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE D:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE D:\Program Files\Live Human\LiveHuman.exe C:\Program Files\AVPersonal\AVSched32.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\AVPersonal\AVGNT.EXE D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ICQ\ICQ.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\WINNT\Samsung\LaserSMMgr\ssmmgr.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe C:\Program Files\AIM\aim.exe C:\Program Files\CyberLink DVD Solution\Power2Go\Power2GoExpress.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\mail.com\mcalert.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe C:\Program Files\eFax Messenger 3.5\J2GTray.exe C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe D:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe D:\Program Files\WinZip\WZQKPICK.EXE D:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe D:\Personal Assistant\assistant.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\WINNT\system32\ntvdm.exe C:\WINNT\system32\NOTEPAD.EXE C:\WINNT\system32\notepad.exe D:\Program Files\Microsoft Office\Office\Winword.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\notepad.exe C:\Program Files\FlashFXP\flashfxp.exe D:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp C:\Program Files\Outlook Express\msimn.exe D:\Program Files\Microsoft Office\Office\excel.exe C:\WINNT\system32\notepad.exe D:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\63yrq29d.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {8BA903A2-1CDE-A443-C538-E9065B7ED526} - C:\DOCUME~1\ADMINI~1\APPLIC~1\PHONED~1\Bleh Copy.exe O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [PLXSTART] C:\PROGRA~1\PLEXTO~1\PLXSTART.EXE O4 - HKLM\..\Run: [PLXTASK] C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE O4 - HKLM\..\Run: [LiveHuman] D:\Program Files\Live Human\LiveHuman.exe /S O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Zone Labs Client] d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINNT\Samsung\LaserSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [Personal Assistant] D:\Personal Assistant\assistant.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink DVD Solution\Power2Go\Power2GoExpress.exe" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: CorelCENTRAL Alarms.LNK = D:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe O4 - Startup: Personal Assistant.lnk = D:\Personal Assistant\assistant.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Get Gutcheck - file://C:\Program Files\Gutcheck/ebay.htm O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .html: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll O16 - DPF: {8D95D14D-4AFB-4885-8BF1-FB09FD72FCD2} (eBLVD ActiveX Control) - https://www.eblvd.com/control/launcher/3.0/ebie.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe |
| ||
| Re: Application Data Folder... Download Omegakiller from here. Run the program from it's own folder and allow it to remove any malware it finds. ========== Clear out your Temporary internet files and other temp files. Go to Start > Settings > Control Panel >Internet Options. Under the General tab click the Delete temporary internet files, delete all Offline content as well. Clear out Cookies. Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete. Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.) C:\Documents and Settings\username\Local Settings\Temp\ In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here. Empty the Recycle Bin. ========= Reboot when done and post another log please. |
| ||
| Re: Application Data Folder... Ok, here's what I've done. I tried to delete all the files *.tmp as I did about 2 wks. ago, but just like 2 wks. ago I couldn't delte a ton of them b/c it says there is a shared violation. It took me forever to try & delete them several at a time to get to the ones that weren't shared. Is there not another way or to make sure they aren't shared? Same thing happened with this folder... C:\Documents and Settings\Administrator\Local Settings\Temp Here's the log file from the Omega Killers. I'm not sure it did anything... - This is an automatically created log of OmegaKillers output - Please visit http://www.short-media.com/forum/forumdisplay.php?f=57 - for further assistance. Running pass number: 1 - enumerating modules - Downloader.HC module found c:\documents and settings\administrator\local settings\temp\sta1b89.exe - scanning bookmarks - scanning desktop icons - scanning and deleting browser hijacks - scanning running processes.. - infection in memory: c:\docume~1\admini~1\locals~1\temp\sta1b89.exe - process terminated. - file removed. - removing process startup key - scanning startup processes - found infection: messengerplus3 - deleted. - found infection: forkholeencheart - deleted. - found infection: forkholeencheart - deleted. - scanning executable variants - scanning BHO's - infected BHO: {8BA903A2-1CDE-A443-C538-E9065B7ED526} - removed - infected BHO: {8BA903A2-1CDE-A443-C538-E9065B7ED526} - removed - scanning toolbars Running pass number: 2 - killing Internet Explorer - enumerating modules - scanning bookmarks - scanning desktop icons - scanning and deleting browser hijacks - scanning running processes.. - infection in memory: c:\docume~1\admini~1\locals~1\temp\eredacgf.exe - process terminated. - file removed. - removing process startup key - scanning startup processes - scanning executable variants - scanning BHO's - scanning toolbars Running pass number: 3 - killing Internet Explorer - enumerating modules - scanning bookmarks - scanning desktop icons - scanning and deleting browser hijacks - scanning running processes.. - infection in memory: c:\docume~1\admini~1\locals~1\temp\ndzjqlhi.exe - process terminated. - file removed. - removing process startup key - scanning startup processes - scanning executable variants - scanning BHO's - scanning toolbars Running pass number: 4 - killing Internet Explorer - enumerating modules - scanning bookmarks - scanning desktop icons - scanning and deleting browser hijacks - scanning running processes.. - infection in memory: c:\docume~1\admini~1\locals~1\temp\nguqfmjs.exe - process terminated. - file removed. - removing process startup key - scanning startup processes - scanning executable variants - scanning BHO's - scanning toolbars Running pass number: 5 - killing Internet Explorer - enumerating modules - scanning bookmarks - scanning desktop icons - scanning and deleting browser hijacks - scanning running processes.. - infection in memory: c:\docume~1\admini~1\locals~1\temp\pfxoayqj.exe - process terminated. - file removed. - removing process startup key - scanning startup processes - scanning executable variants - scanning BHO's - scanning toolbars - no infections found, system clean on pass number: 5 ... - all done ... ------------------------------- I just deleted the Recycle bin, but there were only 52 items in it. I'll reboot & then come back. Thanks Michelle |
| ||
| Re: Application Data Folder... Ahh, just so you know, I don't use IE unless forced to by some site that hasn't validated their site so I can use it with FF. When I opened FF, something changed my homepage & NEVER EVER has FF done that to me, I've only had that problem w/ IE, so something I just did did that :( Here's the new HJT file.... Logfile of HijackThis v1.99.1 Scan saved at 8:50:34 PM, on 7/19/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINNT\system32\Brmfrmps.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE D:\Program Files\Live Human\LiveHuman.exe C:\Program Files\AVPersonal\AVSched32.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\AVPersonal\AVGNT.EXE D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\ICQ\ICQ.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\WINNT\Samsung\LaserSMMgr\ssmmgr.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe C:\Program Files\AIM\aim.exe C:\Program Files\CyberLink DVD Solution\Power2Go\Power2GoExpress.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\mail.com\mcalert.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe C:\WINNT\system32\ntvdm.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe C:\Program Files\eFax Messenger 3.5\J2GTray.exe C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe D:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe D:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe D:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe D:\Personal Assistant\assistant.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\WINNT\system32\NOTEPAD.EXE C:\WINNT\system32\notepad.exe C:\Program Files\Outlook Express\msimn.exe D:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bxqdtteyylwmnirz.net/KvSH...x3tGK1TaF3.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exoticpublishing.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.ruwbdnyzenxkifj.uk/KvSHKSMIXgKohV8jqYHkPYR27NpxlgxCOglVdjEDUjo.jpg");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\63yrq29d.slt\prefs.js) N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\63yrq29d.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [PLXSTART] C:\PROGRA~1\PLEXTO~1\PLXSTART.EXE O4 - HKLM\..\Run: [PLXTASK] C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE O4 - HKLM\..\Run: [LiveHuman] D:\Program Files\Live Human\LiveHuman.exe /S O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Zone Labs Client] d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINNT\Samsung\LaserSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [Personal Assistant] D:\Personal Assistant\assistant.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink DVD Solution\Power2Go\Power2GoExpress.exe" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ballrule] C:\DOCUME~1\ADMINI~1\APPLIC~1\GRIDSO~1\LINK FAST FLAW.exe O4 - Startup: CorelCENTRAL Alarms.LNK = D:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe O4 - Startup: Personal Assistant.lnk = D:\Personal Assistant\assistant.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Get Gutcheck - file://C:\Program Files\Gutcheck/ebay.htm O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .html: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll O16 - DPF: {8D95D14D-4AFB-4885-8BF1-FB09FD72FCD2} (eBLVD ActiveX Control) - https://www.eblvd.com/control/launcher/3.0/ebie.cab O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe Thanks Michelle |
| All times are GMT -4. The time now is 4:01 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC