0

I was reading in the press about a new freeware clean up tool X-RAYPC. I ran it and deleted a "bad" entry. There are several other entries marked as "unknown", I want to clean up my computer, as it doesn't always close down properly, and I do not know what I can safely delete. Can someone out there look at the log below, and let me know what is bad and should be deleted.

Thanks

Brian:cry:

Thanks

Brian

Registry Settings:
IE Start Page (User) : http://www.google.com/
IE Start Page (Global) : about:blank
IE Blank Page : C:\WINDOWS\SYSTEM\blank.htm
IE Default Page :
IE Search Page (User) :
IE Search Page (Global) :
IE Default Search :
IE Search Bar :

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL (471040 375b0813980ae17dcc689e913ab9dd7b)
C:\WINDOWS\SYSTEM\MSGSRV32.EXE (11920 15020a139f22cdbf9c70aa8d80f6ae0e)
C:\WINDOWS\SYSTEM\MPREXE.EXE (28672 562d04789250a81ce629d60646a0d191)
C:\WINDOWS\SYSTEM\mmtask.tsk (1184 38bae36e67c8b1ae3abc077837953b89)
C:\WINDOWS\SYSTEM\MSTASK.EXE (111888 39d6b416d9c73a7729cdaed247430d21)
C:\WINDOWS\SYSTEM\MDM.EXE (119400 95d85d69ffc099c516d99cb9581e3fe2)
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE (115200 6ead5b8c2c469aa993c32b8ac2d46806)
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE (20480 cf63aae9020129b18d452870ec6cbe7b)
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE (1213720 b0dc29a8390d82110fb1a0312fcc48b1)
C:\WINDOWS\EXPLORER.EXE (180224 b22b28f61b1bb06723019307f0faacfc)
C:\WINDOWS\SYSTEM\RPCSS.EXE (20480 ce9c4007585f538f769cc80f01d09d33)
C:\WINDOWS\TASKMON.EXE (28672 f795110611101279aa15997801abaca0)
C:\WINDOWS\SYSTEM\SYSTRAY.EXE (32768 73681085dcd0997e531240100ca12b28)
C:\WINDOWS\SYSTEM\KHOOKER.EXE (307200 3249f275334e9becfc28288f69d2bbc8)
C:\WINDOWS\RUNDLL32.EXE (24576 3857d93aa630abbd63467db4aeffce2c)
C:\WINDOWS\SYSTEM\DDHELP.EXE (31744 f62f3495c1e013a63698d556c80e1b62)
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE (684032 3f7be7864b7fa4071b773f2caad8fd5d)
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE (131157 f961c28664381d89ac8a8fc425a096b3)
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE (369209 1113c60b056a07e76c03cdcbeb9c5a0e)
C:\WINDOWS\MHOTKEY.EXE (491008 048491e13d708285a0dd3a73a3ccfd53)
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE (294972 a97812a623d23727e50f501f95719b23)
C:\WINDOWS\SYSTEM\USBMONIT.EXE (40960 57a33a66d43084485e3a93ee0194fe6b)
C:\WINDOWS\SYSTEM\STIMON.EXE (114688 3a395315c2d9e63c0ce4704afa404ffa)
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE (902432 5accd5a8cb0b40c4516d7a8a5ea0424e)
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE (614531 bd01e18519665aa81ad8a80417cca286)
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE (16432 a4abd04731982411a0e2ce5161d23051)
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE (200704 91e35f8e5c123ca3f1e5bad39fb57697)
C:\WINDOWS\SYSTEM\SYSTEMP.EXE (6685 811ca0c42dd782d569dc71a06ee8b2f2)
C:\WINDOWS\SYSTEM\SPOOL32.EXE (45056 db3bee092f0e90cf799d69f99c001dae)
C:\WINDOWS\SYSTEM\WMIEXE.EXE (16384 3dfe9ca6728c02ccd8309dc66b1dfeb1)
C:\WINDOWS\SYSTEM\RNAAPP.EXE (45056 04f808ef7bef391deae249eeeb7947e3)
C:\WINDOWS\SYSTEM\TAPISRV.EXE (122880 e411a84b98c3a2cb4ca23b9ffe772f80)
C:\WINDOWS\SYSTEM\PSTORES.EXE (81680 9540e610e33dd94ebc58c12315c20120)
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE (91136 47de8db53f783fe17f38aed02ec1871f)
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE (91136 47de8db53f783fe17f38aed02ec1871f)
C:\UNZIPPED\XRAYPC[1]\X-RAYPC.EXE (332024 78dbd24a52b7812b2a855c741760b372)

O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (37808 8394abfc1be196a62c9f532511936df7)
O2 - BHO: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (744960 abf5ba518c6a5ed104496ff42d19ad88)
O2 - BHO: (Google Toolbar Helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll (696320 f172252edb81e3a7b86b1b6b336d8b33)
O3 - Toolbar: &Radio {8e718888-423f-11d2-876e-00a0c9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX (846096 be15259e95a4d8e186f5ba7e9afea794)
O3 - Toolbar: &Google {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll (696320 f172252edb81e3a7b86b1b6b336d8b33)
O4 - HKLM\..\RunServices: [LoadPowerProfile] C:\WINDOWS\SYSTEM\powrprof.dll (24576 1632e2b49f6ac1fd2bd79088a970099a)
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe (111888 39d6b416d9c73a7729cdaed247430d21)
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE (119400 95d85d69ffc099c516d99cb9581e3fe2)
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (115200 6ead5b8c2c469aa993c32b8ac2d46806)
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe (20480 cf63aae9020129b18d452870ec6cbe7b)
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE (1213720 b0dc29a8390d82110fb1a0312fcc48b1)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe (86016 f123231689e2ab2fa5c636b99314501f)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe (28672 f795110611101279aa15997801abaca0)
O4 - HKLM\..\Run: [SystemTray] C:\WINDOWS\SYSTEM\SysTray.Exe (32768 73681085dcd0997e531240100ca12b28)
O4 - HKLM\..\Run: [LoadPowerProfile] C:\WINDOWS\SYSTEM\powrprof.dll (24576 1632e2b49f6ac1fd2bd79088a970099a)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe (307200 3249f275334e9becfc28288f69d2bbc8)
O4 - HKLM\..\Run: [Cmaudio]
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (684032 3f7be7864b7fa4071b773f2caad8fd5d)
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE (131157 f961c28664381d89ac8a8fc425a096b3)
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe (369209 1113c60b056a07e76c03cdcbeb9c5a0e)
O4 - HKLM\..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (491008 048491e13d708285a0dd3a73a3ccfd53)
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe (294972 a97812a623d23727e50f501f95719b23)
O4 - HKLM\..\Run: [USBMonit.exe] C:\WINDOWS\SYSTEM\USBMonit.exe (40960 57a33a66d43084485e3a93ee0194fe6b)
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE (114688 3a395315c2d9e63c0ce4704afa404ffa)
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (53248 552e9ca7b91120fb7d49cd5c10018dc3)
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (902432 5accd5a8cb0b40c4516d7a8a5ea0424e)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\SYSTEM\WEBCHECK.DLL (258048 b2dda29399a71c853caa82b39c9f2ab7)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [systemp] C:\WINDOWS\SYSTEM\systemp.dll (3072 5c051d14f3720334a239779933201b85)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll (270336 9d63f257e9cc6367692b92da4cb4ddac)
O16 - DPF: (Microsoft XML Parser for Java)- file://C:\WINDOWS\Java\classes\xmldso4.cab - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd (1162 6d9a45a0cf26b7760953d035734e924a)
O16 - DPF: (DirectAnimation Java Classes)- file://C:\WINDOWS\SYSTEM\dajava.cab - C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd (697 5e61262ec8e0940cf774788991219153)
O16 - DPF: (Internet Explorer Classes for Java)- file://C:\WINDOWS\SYSTEM\iejava.cab - C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd (562 dc025f57d80b81e05b23807752ae53e8)
O16 - DPF: {33564d57-9980-0010-8000-00aa00389b71} - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab - C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf (3036 ba5bb6908bfe2941d65b49f8ec4b51f9)
O16 - DPF: {9f1c11aa-197b-4942-ba54-47a8489bb47f} (Update Class)- http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38178.2729166667 - C:\WINDOWS\Downloaded Program Files\iuctl.inf (1050 74d5218fc6df6735f0dc23c8ceb566e8

3
Contributors
5
Replies
6
Views
12 Years
Discussion Span
Last Post by Brian
0

I don't know if there is anyone here familiar with X-RAYPC, you would probably get better support if you got Hijackthis and posted the log in the Virus forum.

0

Deleting onknown entrys will get you into trouble ,just because they are marked unknown doesnt mean they are bad ,just that there dadabase doesent know what they are !!

0

Deleting onknown entrys will get you into trouble ,just because they are marked unknown doesnt mean they are bad ,just that there dadabase doesent know what they are !!

Thanks for the advice. I am a little afraid of using Hijack this, as the last time I used it and followed advice, my PC developed a fatal exceptio error, and I had to format the hard drive, and re-instal windows. However, I have run another HJT LOg and it is below. Can anyone advise me as to whether all entires are OK, and what I can safely delete.

Thanks

Brian
file of HijackThis v1.97.7
Scan saved at 20:47:58, on 25/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SYSTEMP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38178.2729166667
:cry:

0

Hi,you are way behind on you version of hijackthis time to update it ,!
Please be sure to Close all Browsera and open windows,and when running Hijackthis
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!


1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

0

Hi,you are way behind on you version of hijackthis time to update it ,!
Please be sure to Close all Browsera and open windows,and when running Hijackthis
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!


1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

Thanks for that. I have downloaded the new version, and the log is below:

file of HijackThis v1.99.0
Scan saved at 15:23:26, on 26/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SYSTEMP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O21 - SSODL: systemp - {F36DD520-3E44-11D9-8945-444553540000} - systemp.dll (file missing)
Thanks

Brian

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.