|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
TuqueNukem
Guest
IP: 24.157.*.*
|
 Posted: Sat Nov 29, 2003 5:48 pm Post subject: Power Scan and other suspects |
|
|
Help! Can't remove Power Scan which i suspect is implicated in the way my machine is slowing to a crawl lately.
First of all, thanks for this great software, very empowering 
Here is my log which also reveals an amazing collection of other assorted garbage. 4 people use this machine and have consistently refused to heed my threats about loading software without my permission. 2 of them also visit porn sites but deny it (they still don't know about browser history? Well I'm not going to tell them)
N.B. That first first Warning popup should say "cease" not "seize". Never say seize to a Windows user unless you really mean it 
Logfile of HijackThis v1.97.7
Scan saved at 12:20:11 PM, on 2003-11-29
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DLINK.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\LEXMARKX83\ACBTNMGR_X83.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\QUICKENW\QAGENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.snapy.net/index2.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.runsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.runsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.runsearch.com/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://PROXY:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
O1 - Hosts: 216.239.51.101 auto.search.msn.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL (file missing)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NetworkSetup] c:\windows\DLink.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [QAGENT] C:\PROGRAM FILES\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Overnet] C:\My Documents\steve\Overnet\overnet.exe -t
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE c:\windows\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] c:\windows\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: VirusScan Home Edition (2).lnk = c:\WINDOWS\Application Data\Microsoft\Installer\{E4DC62CE-5F95-11D6-B254-00C04FF4B435}\_AEAE05C0AEF1_11D6_99D3_00605B102CFB.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL/cmbacklinks.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/msdn-online/downloads/cabs/sbncheck.cab
O16 - DPF: {FE67C682-F5EA-11CF-9C2F-0000C0C83ADC} (Jamba Class Library) - http://www.kozyshack.com/dressup/Jambalib.cab
O16 - DPF: {8FBFE5FF-5E98-11D3-80AF-00C04FCFBC72} (SurveyCtl35 Class) - http://activex.microsoft.com/controls/mtswizards/sw35.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://activex.liveupdate.com/controls/cres.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs4.chat.yahoo.com/v/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c371/chat.cab
O16 - DPF: Yahoo! Go Fish - http://yog4.yahoo.com/yog/y/zk1_x.cab
O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab
O16 - DPF: Yahoo! PagerLite - http://jpager.yahoo.com/jpager/y/pg5_x.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/navclient/data/deleon/1.1.43-deleon/GoogleNav.cab
O16 - DPF: {C7ADE150-743D-11D4-8141-00E029626F6A} - http://209.25.168.46/al/kernell32.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://surfer.www.conxion.com/surferplugin.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.6528703704
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27edc32eb1cabd28ee06/netzip/RdxIE601.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.05.04&http://www.toyota.com/vehicles/2004/highlander/ext360.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
Whaddaya think?
I think that Power Scan is evil, Overnet is naughty (thought I had uninstalled it), Stimon is junk. What are Internat, NvCplDaemon, Nwiz, BCDetect.exe? Armbender doesn't sound good!
It's news to me that there was ever any Norton software on this machine?
Can I get rid of all those IE search argument things? The search function has been taken over by uninvited guests a number of times.
Cheers Tuque
|
|
| Back to top |
|
 |
Bulldog
General
Premium Member
Joined: Nov 16, 2003
Posts: 4375
Location: Canada
|
| Posted: Sat Nov 29, 2003 9:06 pm Post subject: |
|
|
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.snapy.net/index2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.runsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.runsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.runsearch.com/search.html
O1 - Hosts: 216.239.51.101 auto.search.msn.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL (file missing)
Since you say you didn't know about Norton, check this one for now too.
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Overnet] C:\My Documents\steve\Overnet\overnet.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
Check any/all of these that you do not use. I have included the extra buttons for the Google Toolbar because it seems the file is missing above.
You can always reinstall the google toolbar later.
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_1.1.45-DELEON.DLL/cmbacklinks.html
Reboot and delete:
C:\My Documents\steve\Overnet <-- folder
C:\Program Files\Power Scan <-- folder
Then can you please locate this file:
C:\WINDOWS\SYSTEM\QTTASK.EXE
Make sure it is the one in the C:\WINDOWS\SYSTEM\ <-- folder
Right click > properties and tell us what it says please.
If you like, zip it up and mail it to us here:
SubmitStuffATrogers.com
(Replace the AT with the normal @)
Post a new HJT log when done please.
.
|
|
| Back to top |
|
|
TuqueNukem
Guest
IP: 24.157.*.*
|
| Posted: Sun Nov 30, 2003 2:01 am Post subject: |
|
|
Done!
Deleted an Overnet folder under Program Files (no .exe file)
Did not find one under My Documents\steve
(I probably deleted that one on a previous occasion).
qttask.exe
C:\WINDOWS\SYSTEM
77,824 bytes
Created: Saturday, October 11, 2003 3:22:39 PM
Modified: Saturday, October 11, 2003 3:22:40 PM
Version 6.3
© Apple Computer, Inc. 2001-2003
QuickTime Task
Logfile of HijackThis v1.97.7
Scan saved at 8:54:09 PM, on 2003-11-29
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DLINK.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\LEXMARKX83\ACBTNMGR_X83.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\QUICKENW\QAGENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://PROXY:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NetworkSetup] c:\windows\DLink.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [QAGENT] C:\PROGRAM FILES\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE c:\windows\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] c:\windows\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: VirusScan Home Edition (2).lnk = c:\WINDOWS\Application Data\Microsoft\Installer\{E4DC62CE-5F95-11D6-B254-00C04FF4B435}\_AEAE05C0AEF1_11D6_99D3_00605B102CFB.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/msdn-online/downloads/cabs/sbncheck.cab
O16 - DPF: {FE67C682-F5EA-11CF-9C2F-0000C0C83ADC} (Jamba Class Library) - http://www.kozyshack.com/dressup/Jambalib.cab
O16 - DPF: {8FBFE5FF-5E98-11D3-80AF-00C04FCFBC72} (SurveyCtl35 Class) - http://activex.microsoft.com/controls/mtswizards/sw35.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://activex.liveupdate.com/controls/cres.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs4.chat.yahoo.com/v/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c371/chat.cab
O16 - DPF: Yahoo! Go Fish - http://yog4.yahoo.com/yog/y/zk1_x.cab
O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab
O16 - DPF: Yahoo! PagerLite - http://jpager.yahoo.com/jpager/y/pg5_x.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/navclient/data/deleon/1.1.43-deleon/GoogleNav.cab
O16 - DPF: {C7ADE150-743D-11D4-8141-00E029626F6A} - http://209.25.168.46/al/kernell32.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://surfer.www.conxion.com/surferplugin.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.6528703704
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27edc32eb1cabd28ee06/netzip/RdxIE601.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.05.04&http://www.toyota.com/vehicles/2004/highlander/ext360.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
Many Thanks,
Tuque
|
|
| Back to top |
|
|
Bulldog
General
Premium Member
Joined: Nov 16, 2003
Posts: 4375
Location: Canada
|
| Posted: Sun Nov 30, 2003 8:45 am Post subject: |
|
|
| Quote: | qttask.exe
C:\WINDOWS\SYSTEM
77,824 bytes
Created: Saturday, October 11, 2003 3:22:39 PM
Modified: Saturday, October 11, 2003 3:22:40 PM
Version 6.3
© Apple Computer, Inc. 2001-2003
QuickTime Task |
Log file looks good now.
Do you also have a Quicktime folder with a copy of qttask.exe in it ?
The system folder seems a very odd place for this file ???
|
|
| Back to top |
|
|
TuqueNukem
Guest
IP: 24.157.*.*
|
| Posted: Sun Nov 30, 2003 4:10 pm Post subject: |
|
|
No. Searched all drives. I have:
C:\WINDOWS\SYSTEM\qttask.exe
C:\WINDOWS\SYSTEM\QuickTime.cpl
C:\WINDOWS\SYSTEM\QuickTime.qtp
C:\WINDOWS\SYSTEM\QuickTime.qts
C:\WINDOWS\SYSTEM\QuickTimeCheck.ocx
C:\WINDOWS\SYSTEM\QuickTimeFavorites.qtr
C:\WINDOWS\SYSTEM\QuickTimeVR.qtx
C:\My Documents\steve\QTInfo.exe
C:\My Documents\steve\QuickTimePlayer.exe
C:\My Documents\steve\QuickTime3GPPInstaller.exe
C:\My Documents\steve\QuickTimeUpdater.exe
Recall some problems with player. Perhaps I should uninstall (may not get a complete, clean uninstall?) and start over 
Cheers Tuque
|
|
| Back to top |
|
|
Bulldog
General
Premium Member
Joined: Nov 16, 2003
Posts: 4375
Location: Canada
|
| Posted: Sun Nov 30, 2003 8:49 pm Post subject: |
|
|
| TuqueNukem wrote: | No. Searched all drives. I have:
Recall some problems with player. Perhaps I should uninstall (may not get a complete, clean uninstall?) and start over
Cheers Tuque |
Yes, I think maybe that would be best.
If you need this thread reopened, PM one of the Mods.
>
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
