!Urgent!:: Application Hijack & Hijackthis log

Kilee · 10-22-2005, 02:53 PM

Before I show the log, which i'm not sure will have any relevance, I shall explain myself. This morning on Steam, I recieved some news about some mod group or something, and a new mod, and it had a link. Now normally steam would not just easily send you something bad, right? Anyways, I click it. Sometime later, when I have coremediaplayer open, it asks to connect to steam.exe, and then mIRC. When i block coremediaplayer, I cant even get on IRC. I'll show the application thing.

Application Hijacking has been detected
The application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe try to launch another application: C:\Program Files\Real\RealPlayer\realplay.exe to go to remote host 207.188.24.150

Application Hijacking has been detected
The application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe try to launch another application: C:\Program Files\Real\RealPlayer\realplay.exe to go to remote host message.real.com

Application Hijacking has been detected
The application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe try to launch another application: C:\Program Files\Real\RealPlayer\realplay.exe to go to remote host message.real.com

Application Hijacking has been detected
The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host www.blackwidowgames.com

Application Hijacking has been detected
The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host www.blackwidowgames.com

Application Hijacking has been detected
The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.148.250

Application Hijacking has been detected
The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.148.250

Application Hijacking has been detected
The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\mIRC\mirc.exe to go to remote host irc.sorcery.net

Application Hijacking has been detected
The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.191.84

Application Hijacking has been detected
The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.191.84

Application Hijacking has been detected
The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.156.250

Those are all the current things that were detected. I suspect that the cause of it started with www.blackwidowgames.com because when i tried to go there, the site was down, but it still contacted and initiated something, possibly a new virus? I will cease from entering any passwords until this has been solved, so please help me. Also, below, I shall make a Hijackthis log::

Kilee · 10-22-2005, 02:54 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:52:23 AM, on 10/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1124389788\ee\AOLHostManager.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\AOL\1124389788\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\1124389788\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe
C:\HJT\HijackThis.exe

O1 - Hosts: 209.240.25.74 L2authd.lineage2.com
O1 - Hosts: 68.142.232.33 master.udpsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V11\ATLIECP.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V11\ATLIECP.DLL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StartAOL] "C:\Program Files\America Online 9.0\AOL.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389788\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Translate by ATLAS - C:\Program Files\ATLAS V11\Atlscript.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V11\Atlscript.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104180421828
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

THank you, and please help me ASAP, remember, this is urgent.

Kilee · 10-22-2005, 03:10 PM

Another strange occurence was when I activated my virus scanner. Since explorer.exe usually lags my system, I would usually close it, while running games, etc. Well, when i closed it, I was able to connect to mirc, when I wasn't before because coremedia.exe was blocked from using the internet

**Buzz1927** · 10-22-2005, 08:44 PM

Quote:

Application Hijacking has been detected
The application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe try to launch another application: C:\Program Files\Real\RealPlayer\realplay.exe to go to remote host 207.188.24.150

What is telling you this? This is realplayer checking for updates.

It looks to me like getting rid of Core Media Player would solve your problem.

10-22-2005, 02:53 PM	#1 (permalink)
Kilee Bronze Member Join Date: Jul 2005 Posts: 35	!Urgent!:: Application Hijack & Hijackthis log Before I show the log, which i'm not sure will have any relevance, I shall explain myself. This morning on Steam, I recieved some news about some mod group or something, and a new mod, and it had a link. Now normally steam would not just easily send you something bad, right? Anyways, I click it. Sometime later, when I have coremediaplayer open, it asks to connect to steam.exe, and then mIRC. When i block coremediaplayer, I cant even get on IRC. I'll show the application thing. Application Hijacking has been detected The application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe try to launch another application: C:\Program Files\Real\RealPlayer\realplay.exe to go to remote host 207.188.24.150 Application Hijacking has been detected The application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe try to launch another application: C:\Program Files\Real\RealPlayer\realplay.exe to go to remote host message.real.com Application Hijacking has been detected The application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe try to launch another application: C:\Program Files\Real\RealPlayer\realplay.exe to go to remote host message.real.com Application Hijacking has been detected The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host www.blackwidowgames.com Application Hijacking has been detected The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host www.blackwidowgames.com Application Hijacking has been detected The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.148.250 Application Hijacking has been detected The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.148.250 Application Hijacking has been detected The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\mIRC\mirc.exe to go to remote host irc.sorcery.net Application Hijacking has been detected The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.191.84 Application Hijacking has been detected The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.191.84 Application Hijacking has been detected The application: C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe try to launch another application: C:\Program Files\Valve\Steam\Steam.exe to go to remote host 69.28.156.250 Those are all the current things that were detected. I suspect that the cause of it started with www.blackwidowgames.com because when i tried to go there, the site was down, but it still contacted and initiated something, possibly a new virus? I will cease from entering any passwords until this has been solved, so please help me. Also, below, I shall make a Hijackthis log::

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

10-22-2005, 02:54 PM	#2 (permalink)
Kilee Bronze Member Join Date: Jul 2005 Posts: 35	Logfile of HijackThis v1.99.1 Scan saved at 9:52:23 AM, on 10/22/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\program files\valve\steam\steam.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AOL\1124389788\ee\AOLHostManager.exe C:\Program Files\AIM\aim.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Common Files\AOL\1124389788\ee\AOLServiceHost.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\twain_32\S6U12BX\WATCH.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\AOL\1124389788\ee\AOLServiceHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Winamp\winamp.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe C:\HJT\HijackThis.exe O1 - Hosts: 209.240.25.74 L2authd.lineage2.com O1 - Hosts: 68.142.232.33 master.udpsoft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V11\ATLIECP.DLL O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V11\ATLIECP.DLL O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [StartAOL] "C:\Program Files\America Online 9.0\AOL.EXE" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389788\ee\AOLHostManager.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Translate by ATLAS - C:\Program Files\ATLAS V11\Atlscript.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V11\Atlscript.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104180421828 O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/pl...IM.9.5.1.8.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe THank you, and please help me ASAP, remember, this is urgent.

10-22-2005, 03:10 PM	#3 (permalink)
Kilee Bronze Member Join Date: Jul 2005 Posts: 35	Another strange occurence was when I activated my virus scanner. Since explorer.exe usually lags my system, I would usually close it, while running games, etc. Well, when i closed it, I was able to connect to mirc, when I wasn't before because coremedia.exe was blocked from using the internet