OptixPro
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: OptixPro

  1. #1
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400

    OptixPro

    k..I've got a trojan on my pc,OptixPro.13(I know cos my AV pops up a msg saying that everytime my comp boots,n its bout the only useful thing it does lol,cos it shuts down just after,ditto with my firewall). I'm pretty sure that the trojan isnt active cos only my normal ports seem to be open..I did d/l the removal instructions..everything went smoothly till I couldnt find a key I had to delete this key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    I removed everything I could think of as not being a required system process,even did a Hijackthis thingummy...but *sigh* my AV's still down..

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Have you tried booting into safe mode and running your AV?

    Remember if you are running WinME or XP you should turn off the System Restore facility until you have cleaned your machine, then create a manual restore point.

    Good luck

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Definitely create a restore point in the event you delete an important file or file of the registry. Be careful when deleting thing's from the registry you don't know because you could delete a system file or something of value to your system. Also, if your AV detected it, wouldn't you research removal instruction's, quarentine, delete, etc?
    Space For Rent.. =]

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Spyder,

    I think that he has to turn off system restore and boot into safe mode for the AV to have a chance of deleting it?

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    I know the safe mode part (and I was counting on the fact he took your advice on that) but you need to turn off System Restore? Never happened with me.
    Space For Rent.. =]

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi spyder,

    Two issues as I see it:
    1. Stop it loading so the AV can kill it
    2. get it completely off the system incase he uses a restore?

    Also, your AV will be constantly finding instances of the malware unless you clear it out of the restore folder as well.

    I am not aware of anything currently that could be run from the restore folder, but I would imagine that it could be possible?

    Cheers

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    therenegade.. post your hijackthis log..

    and I would try running pestpatrol.. do most of your cleaning work (with all your scanning apps) in safe mode, if possible.

    and uh.. there's plently of info to be found on optix and removal to be found here.

  8. #8
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    Logfile of HijackThis v1.97.7
    Scan saved at 2:17:19 PM, on 5/9/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
    C:\WINDOWS\SYSTEM\PGPSDKSERV.EXE
    C:\WINDOWS\SYSTEM\MESSENGER.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\SAVE\SAVE.EXE
    C:\PROGRAM FILES\PGP CORPORATION\PGP FOR WINDOWS 98\PGPTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
    C:\BACKUP\TEMP\TEMPVT\SETUP FILES\FORENSICS\HT\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
    O1 - Hosts: 645238813 auto.search.msn.com
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Jammer] C:\PROGRA~1\AGNITUM\JAMMER~1.95\jammer.exe
    O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\SYSTEM\bootconf.exe
    O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [PGPSDKSVC] C:\WINDOWS\SYSTEM\PGPsdkServ.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows 98\PGPtray.exe
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
    O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger Addon (HKLM)
    O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
    O9 - Extra button: NeoTrace It! (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .php: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.cerials.net/download_serial.exe
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.com...HTMLDialer.cab
    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binarie...DHTML_pack.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
    O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp (file missing)
    O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)

    n yes,I checked out the removal instructions ages ago n rebooted in safe mode n did everything there..didnt turn off system restore tho,my AV works in safe mode but it doesnt detect the virus

  9. #9
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    ok first off, you'll have to forgive me as I'm going to use you (and your log) as an example of things not to do and things folks should do. Hopefully there'll be some lessons learned in all of this.

    Usually I start off telling folks to run adaware and spybot before running hijackthis.
    But that's because the issue is usually just spyware or a hijacked browser.

    I also will tell folks to run a trojan scanner besides their AV..
    here's a good page that list trojan scanners

    Since I'm going to offer general advice here, I will say that to decipher a HJT log, one should google entries and look at other HJT logs to see what's good and bad. Yep, it's time consuming, and yep, guess what.. I have to google the stuff too. One does get a sense of what's good and bad after doing it for a while. But.. I did offer to do it for you and so I will make good on that offer.. to some extent. (it's times like this, when a 56k connection isn't the most desired thing in the world. <grin&gt

    Before I start, I noticed that you run jammer. Well, I've never tried it and I would expect that this app.. coming from such a reputable company, would do a better job.. but things aren't always what you'd expect. Maybe you installed it after the fact (or just recently) ?

    ok.. let's look at the log..

    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    You really should have the latest version of IE and up to date on it's patches.
    Support for the older versions are waning.. here's a list of places you can grab the full install for IE6sp1.

    http://helpdesk.uvic.ca/how-to/suppo...PL/ie60sp1.exe
    http://ftp.gentoo.skynet.be/pub/ftp....p1/ie60sp1.exe
    http://debian.goldweb.com.au/microso...p1/ie60sp1.exe
    http://public.planetmirror.com/pub/m...p1/ie60sp1.exe
    http://ftp.up.ac.za/pub/windows/micr...p1/ie60sp1.exe
    http://smokeping.planetmirror.com/pu...p1/ie60sp1.exe
    http://download.au.kde.org/pub/www/b...p1/ie60sp1.exe
    http://tucows.iinet.com.au/pub/micro...p1/ie60sp1.exe


    ok.. it didn't take long to find your optix problem.. it's this line..

    C:\WINDOWS\SYSTEM\MESSENGER.EXE look here for example

    see how they mask the task name to make it appear that it's a valid name ?
    interesting 'tho, the "normal" startup entries in the run section aren't there.
    I'd expect to see these..
    O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\MESSENGER.EXE
    O4 - HKLM\..\RunServices: [system] C:\WINDOWS\SYSTEM\MESSENGER.EXE

    So something else is causing it to start..
    =====

    There's a few things that you really don't need to have running like your ATI video card stuff, the LOADQM.EXE, STIMON.EXE, FINDFAST.EXE, PowerReg Scheduler.exe and even your pgp stuff.. but that's wholely up to you whether you want to disable them later on via your msconfig/startup tab.

    the next line that stands out like a sore thumb is this one. SAVENOW (and it's related startup)

    C:\PROGRAM FILES\SAVE\SAVE.EXE look here or here

    O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
    ===
    I love flashget myself but it does have spyware components.. and it depends on what version and how you installed it.. but I think, for it to work, you will need to keep your JCCATCH.DLL entry. The BPKWB.DLL, I believe.. is part of optix read the stuff here
    you'll want to delete these bad files later on after a reboot.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
    O1 - Hosts: 645238813 auto.search.msn.com
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

    O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL

    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL

    (searchbar and host entries above not needed)
    ====
    O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\SYSTEM\bootconf.exe

    oops.. I should of noticed this before.. it's a coolwebsearch variant.. you should run cwshredder.. I'll let you search for the download.. and if you wish to google on bootconf.exe
    ===

    ok.. now time for a mini-lecture.. visiting crack sites and such.. hell, that's probably how you got infected in the first place. really, I don't need to say much more.. I'm sure you've heard it all before.. but please don't ask for my help if you're going to continue in your quest for illegal stuff.. these activex cab files will most likely cause a reinfection of either spyware,hijacks or possibly the optix trojan itself.. whenever you go online.. I didn't google all of them but the dialer one looks suspicious and the pack.cab one shows only a few google hits.. it's safe to get rid of them.

    O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.cerials.net/download_serial.exe
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.co...GHTMLDialer.cab
    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binari...GDHTML_pack.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
    ==

    keep in mind that when you put a check mark next to the bad entries in hijackthis, make sure that you do NOT have any windows (besides the hijackthis one) running.. especially internet explorer.

    look into getting registryprot from diamondcs and scriptsentry..(google for them) along with pestpatrol, spywareblaster, IEspyad.. not to mention the adware and spybot apps.. and run the immunization feature of spybot.

    I hope this helps..

    and uh.. once you get rid of the stuff and reboot, post a new log and when I get the chance, I'll have another look..


    edit : oops.. you can get rid of the last two entries as well
    O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp (file missing)
    O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)

    google search for C:\WINDOWS\default.css

    remember to delete the bad files (default.css ,bootconf.exe, BPKWB.DLL, SAVE\SAVE.EXE , MESSENGER.EXE and that save directory) afterwards..

  10. #10
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    k thnx...I missed the dll file...oh..and the reason that you didnt find the Run and RunServices entries was cos I did a lil removing of my own when I found out what was infected
    here's the new log...n thnxLogfile of HijackThis v1.97.7
    Scan saved at 12:18:47 AM, on 5/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
    C:\WINDOWS\SYSTEM\PGPSDKSERV.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\PGP CORPORATION\PGP FOR WINDOWS 98\PGPTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\P&PLUS\PNPLUS.EXE
    C:\WINDOWS\SYSTEM\CMMON32.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\BACKUP\TEMP\TEMPVT\SETUP FILES\FORENSICS\HT\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Jammer] C:\PROGRA~1\AGNITUM\JAMMER~1.95\jammer.exe
    O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\SYSTEM\bootconf.exe
    O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\SYSTEM\WINVTOL.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [PGPSDKSVC] C:\WINDOWS\SYSTEM\PGPsdkServ.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows 98\PGPtray.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
    O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger Addon (HKLM)
    O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
    O9 - Extra button: NeoTrace It! (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .php: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •