re: QHosts-1 Trojan Saturday, February 7, 2004 at 9:12 am Windows XP Annoyances Discussion Forum Posted by triplate (20834 messages posted) Would like to know what this is??..;0....O4 - Startup: Mentor Tray Icon.lnk = C:\Program Files\tMentor\Mentor for WinMe\minitray.exe On Saturday, February 7, 2004 at 9:08 am, colin wrote: >hi, > >the problem seems to be fixed now. i deleted the files and went to google and the >problem seems to be fixed. here is the hijack list thing again, any other files i >should delete? > >Logfile of HijackThis v1.97.7 >Scan saved at 09:44:49, on 26/01/2004 >Platform: Windows ME (Win9x 4.90.3000) >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) > >Running processes: >C:\WINDOWS\SYSTEM\KERNEL32.DLL >C:\WINDOWS\SYSTEM\MSGSRV32.EXE >C:\WINDOWS\SYSTEM\MPREXE.EXE >C:\WINDOWS\SYSTEM\MSTASK.EXE >C:\WINDOWS\SYSTEM\SSDPSRV.EXE >C:\WINDOWS\SYSTEM\STIMON.EXE >C:\WINDOWS\SYSTEM\mmtask.tsk >C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE >C:\WINDOWS\EXPLORER.EXE >C:\WINDOWS\TASKMON.EXE >C:\WINDOWS\SYSTEM\SYSTRAY.EXE >C:\PQSC\PROGRAM\SCTRAY.EXE >C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE >C:\WINDOWS\SYSTEM\LVCOMS.EXE >C:\WINDOWS\SYSTEM\WMIEXE.EXE >C:\PROGRAM FILES\TMENTOR\MENTOR FOR WINME\MINITRAY.EXE >C:\PROGRAM FILES\CCONNECT\CCONNECT.EXE >C:\WINDOWS\SYSTEM\DDHELP.EXE >C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE >C:\WINDOWS\TEMP\TD_0007.DIR\HIJACKTHIS.EXE > >O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT >5.0\READER\ACTIVEX\ACROIEHELPER.OCX >O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\APPLICATION DATA\IERP\IERP.DLL >O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION >DATA\IERP\MSIESH.DLL >O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM >FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL >O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX >O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun >O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe >O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s >O4 - HKLM\..\Run: [SystemTray] SysTray.Exe >O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme >O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EX_" >O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.ex_" >O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.ex_" >O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE >O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" >-osboot >O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe >O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install >O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme >O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe >O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe >O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe >O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EX_" >O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE >O4 - Startup: Mentor Tray Icon.lnk = C:\Program Files\tMentor\Mentor for WinMe\minitray.exe >O4 - Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe >O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE >O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 >O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html >O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html >O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html >O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM >FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html >O9 - Extra button: Mentor (HKLM) >O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab >O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab >O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab >O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB >O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB > > > >i have downloaded ad aware and have spybot and CWShredder thing. Any other good programs >to help prevent this thing happening again? > >thanks, > >colin Written in response to: re: QHosts-1 Trojan (colsy: Saturday, February 7, 2004 at 9:08 am) Responses to this message: re: QHosts-1 Trojan (colsy: Saturday, February 7, 2004 at 9:16 am) All messages in this thread [show all] google help (colsy: Sat, Feb 7, 2004, 6:35 am) re: google help (triplate: Sat, Feb 7, 2004, 6:42 am) re: google help (colsy: Sat, Feb 7, 2004, 7:11 am) re: google help (triplate: Sat, Feb 7, 2004, 7:14 am) re: google help (colsy: Sat, Feb 7, 2004, 7:17 am) re: google help (triplate: Sat, Feb 7, 2004, 7:19 am) re: google help (triplate: Sat, Feb 7, 2004, 7:16 am) re: google help (colsy: Sat, Feb 7, 2004, 7:19 am) re: google help (triplate: Sat, Feb 7, 2004, 7:20 am) re: google help (colsy: Sat, Feb 7, 2004, 8:02 am) re: google help (triplate: Sat, Feb 7, 2004, 8:04 am) re: google help (colsy: Sat, Feb 7, 2004, 8:11 am) re: google help (triplate: Sat, Feb 7, 2004, 8:14 am) re: google help (colsy: Sat, Feb 7, 2004, 8:22 am) re: google help (triplate: Sat, Feb 7, 2004, 8:26 am) re: google help (colsy: Sat, Feb 7, 2004, 8:27 am) re: google help (colsy: Sat, Feb 7, 2004, 8:29 am) re: google help (triplate: Sat, Feb 7, 2004, 8:35 am) re: google help (colsy: Sat, Feb 7, 2004, 8:44 am) re: google help (triplate: Sat, Feb 7, 2004, 8:51 am) re: google help (Dan Sarandrea, MCSE: Sat, Feb 7, 2004, 8:51 am) re: google help (colsy: Sat, Feb 7, 2004, 8:58 am) re: google help (Dan Sarandrea, MCSE: Sat, Feb 7, 2004, 9:02 am) re: google help (triplate: Sat, Feb 7, 2004, 9:06 am) New Ad-aware record (at least for me)... (Dan Sarandrea, MCSE: Sat, Feb 7, 2004, 10:33 am) re: New Ad-aware record (at least for me)... (triplate: Sat, Feb 7, 2004, 10:40 am) And here's the killer.... (Dan Sarandrea, MCSE: Sat, Feb 7, 2004, 10:42 am) re: And here's the killer.... (triplate: Sat, Feb 7, 2004, 10:49 am) re: google help (Ms. Eagle: Sat, Feb 7, 2004, 9:07 am) re: google help (triplate: Sat, Feb 7, 2004, 9:11 am) QHosts-1 Trojan (Ms. Eagle: Sat, Feb 7, 2004, 9:02 am) re: QHosts-1 Trojan (triplate: Sat, Feb 7, 2004, 9:07 am) re: QHosts-1 Trojan (colsy: Sat, Feb 7, 2004, 9:08 am) re: QHosts-1 Trojan (triplate: Sat, Feb 7, 2004, 9:12 am) re: QHosts-1 Trojan (colsy: Sat, Feb 7, 2004, 9:16 am) re: QHosts-1 Trojan (triplate: Sat, Feb 7, 2004, 9:19 am) re: QHosts-1 Trojan (colsy: Sat, Feb 7, 2004, 9:21 am) re: QHosts-1 Trojan (triplate: Sat, Feb 7, 2004, 9:26 am) re: QHosts-1 Trojan (Ms. Eagle: Sat, Feb 7, 2004, 9:20 am) re: QHosts-1 Trojan (colsy: Sat, Feb 7, 2004, 9:27 am) me or xp (colsy: Sat, Feb 7, 2004, 9:37 am) re: me or xp (Ms. Eagle: Sat, Feb 7, 2004, 9:41 am) re: me or xp (colsy: Sat, Feb 7, 2004, 9:53 am) re: me or xp (colsy: Sat, Feb 7, 2004, 2:00 pm) google problem (colsy: Sat, Feb 7, 2004, 2:07 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum