-
May 7th, 2004, 09:02 PM
#1
OptixPro
k..I've got a trojan on my pc,OptixPro.13(I know cos my AV pops up a msg saying that everytime my comp boots,n its bout the only useful thing it does lol,cos it shuts down just after,ditto with my firewall). I'm pretty sure that the trojan isnt active cos only my normal ports seem to be open..I did d/l the removal instructions..everything went smoothly till I couldnt find a key I had to delete this key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I removed everything I could think of as not being a required system process,even did a Hijackthis thingummy...but *sigh* my AV's still down..
-
May 7th, 2004, 09:33 PM
#2
Have you tried booting into safe mode and running your AV?
Remember if you are running WinME or XP you should turn off the System Restore facility until you have cleaned your machine, then create a manual restore point.
Good luck
-
May 7th, 2004, 09:37 PM
#3
Definitely create a restore point in the event you delete an important file or file of the registry. Be careful when deleting thing's from the registry you don't know because you could delete a system file or something of value to your system. Also, if your AV detected it, wouldn't you research removal instruction's, quarentine, delete, etc?
-
May 7th, 2004, 09:42 PM
#4
Spyder,
I think that he has to turn off system restore and boot into safe mode for the AV to have a chance of deleting it?
-
May 7th, 2004, 09:44 PM
#5
I know the safe mode part (and I was counting on the fact he took your advice on that) but you need to turn off System Restore? Never happened with me.
-
May 7th, 2004, 10:01 PM
#6
Hi spyder,
Two issues as I see it:
1. Stop it loading so the AV can kill it
2. get it completely off the system incase he uses a restore?
Also, your AV will be constantly finding instances of the malware unless you clear it out of the restore folder as well.
I am not aware of anything currently that could be run from the restore folder, but I would imagine that it could be possible?
Cheers
-
May 7th, 2004, 10:21 PM
#7
therenegade.. post your hijackthis log..
and I would try running pestpatrol.. do most of your cleaning work (with all your scanning apps) in safe mode, if possible.
and uh.. there's plently of info to be found on optix and removal to be found here.
-
May 9th, 2004, 10:09 AM
#8
Logfile of HijackThis v1.97.7
Scan saved at 2:17:19 PM, on 5/9/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\WINDOWS\SYSTEM\PGPSDKSERV.EXE
C:\WINDOWS\SYSTEM\MESSENGER.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\PGP CORPORATION\PGP FOR WINDOWS 98\PGPTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\BACKUP\TEMP\TEMPVT\SETUP FILES\FORENSICS\HT\HIJACKTHIS.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
O1 - Hosts: 645238813 auto.search.msn.com
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Jammer] C:\PROGRA~1\AGNITUM\JAMMER~1.95\jammer.exe
O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\SYSTEM\bootconf.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [PGPSDKSVC] C:\WINDOWS\SYSTEM\PGPsdkServ.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows 98\PGPtray.exe
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .php: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.cerials.net/download_serial.exe
O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.com...HTMLDialer.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binarie...DHTML_pack.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)
n yes,I checked out the removal instructions ages ago n rebooted in safe mode n did everything there..didnt turn off system restore tho,my AV works in safe mode but it doesnt detect the virus
-
May 9th, 2004, 04:12 PM
#9
ok first off, you'll have to forgive me as I'm going to use you (and your log) as an example of things not to do and things folks should do. Hopefully there'll be some lessons learned in all of this.
Usually I start off telling folks to run adaware and spybot before running hijackthis.
But that's because the issue is usually just spyware or a hijacked browser.
I also will tell folks to run a trojan scanner besides their AV..
here's a good page that list trojan scanners
Since I'm going to offer general advice here, I will say that to decipher a HJT log, one should google entries and look at other HJT logs to see what's good and bad. Yep, it's time consuming, and yep, guess what.. I have to google the stuff too. One does get a sense of what's good and bad after doing it for a while. But.. I did offer to do it for you and so I will make good on that offer.. to some extent. (it's times like this, when a 56k connection isn't the most desired thing in the world. <grin>![wink](https://antionline.com/images/smilies/wink.png)
Before I start, I noticed that you run jammer. Well, I've never tried it and I would expect that this app.. coming from such a reputable company, would do a better job.. but things aren't always what you'd expect. Maybe you installed it after the fact (or just recently) ?
ok.. let's look at the log..
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
You really should have the latest version of IE and up to date on it's patches.
Support for the older versions are waning.. here's a list of places you can grab the full install for IE6sp1.
http://helpdesk.uvic.ca/how-to/suppo...PL/ie60sp1.exe
http://ftp.gentoo.skynet.be/pub/ftp....p1/ie60sp1.exe
http://debian.goldweb.com.au/microso...p1/ie60sp1.exe
http://public.planetmirror.com/pub/m...p1/ie60sp1.exe
http://ftp.up.ac.za/pub/windows/micr...p1/ie60sp1.exe
http://smokeping.planetmirror.com/pu...p1/ie60sp1.exe
http://download.au.kde.org/pub/www/b...p1/ie60sp1.exe
http://tucows.iinet.com.au/pub/micro...p1/ie60sp1.exe
ok.. it didn't take long to find your optix problem.. it's this line..
C:\WINDOWS\SYSTEM\MESSENGER.EXE look here for example
see how they mask the task name to make it appear that it's a valid name ?
interesting 'tho, the "normal" startup entries in the run section aren't there.
I'd expect to see these..
O4 - HKLM\..\Run: [system] C:\WINDOWS\SYSTEM\MESSENGER.EXE
O4 - HKLM\..\RunServices: [system] C:\WINDOWS\SYSTEM\MESSENGER.EXE
So something else is causing it to start..
=====
There's a few things that you really don't need to have running like your ATI video card stuff, the LOADQM.EXE, STIMON.EXE, FINDFAST.EXE, PowerReg Scheduler.exe and even your pgp stuff.. but that's wholely up to you whether you want to disable them later on via your msconfig/startup tab.
the next line that stands out like a sore thumb is this one. SAVENOW (and it's related startup)
C:\PROGRAM FILES\SAVE\SAVE.EXE look here or here
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
===
I love flashget myself but it does have spyware components.. and it depends on what version and how you installed it.. but I think, for it to work, you will need to keep your JCCATCH.DLL entry. The BPKWB.DLL, I believe.. is part of optix read the stuff here
you'll want to delete these bad files later on after a reboot.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
O1 - Hosts: 645238813 auto.search.msn.com
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\SYSTEM\BPKWB.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
(searchbar and host entries above not needed)
====
O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\SYSTEM\bootconf.exe
oops.. I should of noticed this before.. it's a coolwebsearch variant.. you should run cwshredder.. I'll let you search for the download.. and if you wish to google on bootconf.exe
===
ok.. now time for a mini-lecture.. visiting crack sites and such.. hell, that's probably how you got infected in the first place. really, I don't need to say much more.. I'm sure you've heard it all before.. but please don't ask for my help if you're going to continue in your quest for illegal stuff.. these activex cab files will most likely cause a reinfection of either spyware,hijacks or possibly the optix trojan itself.. whenever you go online.. I didn't google all of them but the dialer one looks suspicious and the pack.cab one shows only a few google hits.. it's safe to get rid of them.
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.cerials.net/download_serial.exe
O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.co...GHTMLDialer.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binari...GDHTML_pack.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
==
keep in mind that when you put a check mark next to the bad entries in hijackthis, make sure that you do NOT have any windows (besides the hijackthis one) running.. especially internet explorer.
look into getting registryprot from diamondcs and scriptsentry..(google for them) along with pestpatrol, spywareblaster, IEspyad.. not to mention the adware and spybot apps.. and run the immunization feature of spybot.
I hope this helps..
and uh.. once you get rid of the stuff and reboot, post a new log and when I get the chance, I'll have another look..
edit : oops.. you can get rid of the last two entries as well
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)
google search for C:\WINDOWS\default.css
remember to delete the bad files (default.css ,bootconf.exe, BPKWB.DLL, SAVE\SAVE.EXE , MESSENGER.EXE and that save directory) afterwards..
-
May 11th, 2004, 08:06 PM
#10
k thnx...I missed the dll file...oh..and the reason that you didnt find the Run and RunServices entries was cos I did a lil removing of my own when I found out what was infected![big grin](https://antionline.com/images/smilies/biggrin.png)
here's the new log...n thnxLogfile of HijackThis v1.97.7
Scan saved at 12:18:47 AM, on 5/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\WINDOWS\SYSTEM\PGPSDKSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\PGP CORPORATION\PGP FOR WINDOWS 98\PGPTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\P&PLUS\PNPLUS.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\BACKUP\TEMP\TEMPVT\SETUP FILES\FORENSICS\HT\HIJACKTHIS.EXE
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Jammer] C:\PROGRA~1\AGNITUM\JAMMER~1.95\jammer.exe
O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\SYSTEM\bootconf.exe
O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\SYSTEM\WINVTOL.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [PGPSDKSVC] C:\WINDOWS\SYSTEM\PGPsdkServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows 98\PGPtray.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .php: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|