Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis log please help


  • This topic is locked This topic is locked
9 replies to this topic

#1 gh0zt

gh0zt

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 05 May 2004 - 03:14 AM

got some annoying popups that won't go away and this phonecom thing that trys to download every once in awhile. new to this so i hope im doing this right. tried everything and i seem to still have these few popups. help is greatly appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 1:06:38 AM, on 5/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\pnphostu.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Messenger\msmsgs.exe
E:\progs\stuff\hijack this\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [prtrmgri] C:\WINDOWS\System32\prtrmgri.exe
O4 - HKLM\..\Run: [bdmonk] C:\WINDOWS\System32\bdmonk.exe
O4 - HKLM\..\Run: [dminstm] C:\WINDOWS\System32\dminstm.exe
O4 - HKLM\..\Run: [umprepd] C:\WINDOWS\System32\umprepd.exe
O4 - HKLM\..\Run: [_1252c] C:\WINDOWS\System32\_1252c.exe
O4 - HKLM\..\Run: [afrdms] C:\WINDOWS\System32\afrdms.exe
O4 - HKLM\..\Run: [cbdyctlr] C:\WINDOWS\System32\cbdyctlr.exe
O4 - HKLM\..\Run: [cpmibt] C:\WINDOWS\System32\cpmibt.exe
O4 - HKLM\..\Run: [dite] C:\WINDOWS\System32\dite.exe
O4 - HKLM\..\Run: [eaksiei] C:\WINDOWS\System32\eaksiei.exe
O4 - HKLM\..\Run: [ebcheckw] C:\WINDOWS\System32\ebcheckw.exe
O4 - HKLM\..\Run: [egsvr32r] C:\WINDOWS\System32\egsvr32r.exe
O4 - HKLM\..\Run: [ejot] C:\WINDOWS\ejot.exe
O4 - HKLM\..\Run: [embioso] C:\WINDOWS\System32\embioso.exe
O4 - HKLM\..\Run: [etsetupn] C:\WINDOWS\System32\etsetupn.exe
O4 - HKLM\..\Run: [hcpd] C:\WINDOWS\System32\hcpd.exe
O4 - HKLM\..\Run: [hmedias] C:\WINDOWS\System32\hmedias.exe
O4 - HKLM\..\Run: [hscraps] C:\WINDOWS\System32\hscraps.exe
O4 - HKLM\..\Run: [icwmil] C:\WINDOWS\System32\icwmil.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mevtmsgn] C:\WINDOWS\System32\mevtmsgn.exe
O4 - HKLM\..\Run: [mfutilm] C:\WINDOWS\System32\mfutilm.exe
O4 - HKLM\..\Run: [ounds] C:\WINDOWS\System32\ounds.exe
O4 - HKLM\..\Run: [r50_qcxi] C:\WINDOWS\System32\r50_qcxi.exe
O4 - HKLM\..\Run: [solayk] C:\WINDOWS\System32\solayk.exe
O4 - HKLM\..\Run: [srvoicau] C:\WINDOWS\System32\srvoicau.exe
O4 - HKLM\..\Run: [ssenhd] C:\WINDOWS\System32\ssenhd.exe
O4 - HKLM\..\Run: [tsapi32w] C:\WINDOWS\System32\tsapi32w.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [pnphostu] C:\WINDOWS\System32\pnphostu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [window.exe] C:\WINDOWS\System32\window.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8036.8562731482
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

Edited by gh0zt, 05 May 2004 - 03:14 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Plimsol_*

Guest_Plimsol_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2004 - 01:26 PM

Go into your control panel and click on add remove programs. Then uninstall Viewpoint Manager.


I want you to fix some of those entries. Please do the following:

First Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Just fix these

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKLM\..\Run: [prtrmgri] C:\WINDOWS\System32\prtrmgri.exe
O4 - HKLM\..\Run: [bdmonk] C:\WINDOWS\System32\bdmonk.exe
O4 - HKLM\..\Run: [dminstm] C:\WINDOWS\System32\dminstm.exe
O4 - HKLM\..\Run: [umprepd] C:\WINDOWS\System32\umprepd.exe
O4 - HKLM\..\Run: [_1252c] C:\WINDOWS\System32\_1252c.exe
O4 - HKLM\..\Run: [afrdms] C:\WINDOWS\System32\afrdms.exe
O4 - HKLM\..\Run: [cbdyctlr] C:\WINDOWS\System32\cbdyctlr.exe
O4 - HKLM\..\Run: [cpmibt] C:\WINDOWS\System32\cpmibt.exe
O4 - HKLM\..\Run: [dite] C:\WINDOWS\System32\dite.exe
O4 - HKLM\..\Run: [eaksiei] C:\WINDOWS\System32\eaksiei.exe
O4 - HKLM\..\Run: [ebcheckw] C:\WINDOWS\System32\ebcheckw.exe
O4 - HKLM\..\Run: [egsvr32r] C:\WINDOWS\System32\egsvr32r.exe
O4 - HKLM\..\Run: [ejot] C:\WINDOWS\ejot.exe
O4 - HKLM\..\Run: [embioso] C:\WINDOWS\System32\embioso.exe
O4 - HKLM\..\Run: [etsetupn] C:\WINDOWS\System32\etsetupn.exe
O4 - HKLM\..\Run: [hcpd] C:\WINDOWS\System32\hcpd.exe
O4 - HKLM\..\Run: [hmedias] C:\WINDOWS\System32\hmedias.exe
O4 - HKLM\..\Run: [hscraps] C:\WINDOWS\System32\hscraps.exe
O4 - HKLM\..\Run: [icwmil] C:\WINDOWS\System32\icwmil.exe
O4 - HKLM\..\Run: [mevtmsgn] C:\WINDOWS\System32\mevtmsgn.exe
O4 - HKLM\..\Run: [mfutilm] C:\WINDOWS\System32\mfutilm.exe
O4 - HKLM\..\Run: [ounds] C:\WINDOWS\System32\ounds.exe
O4 - HKLM\..\Run: [r50_qcxi] C:\WINDOWS\System32\r50_qcxi.exe
O4 - HKLM\..\Run: [solayk] C:\WINDOWS\System32\solayk.exe
O4 - HKLM\..\Run: [srvoicau] C:\WINDOWS\System32\srvoicau.exe
O4 - HKLM\..\Run: [ssenhd] C:\WINDOWS\System32\ssenhd.exe
O4 - HKLM\..\Run: [tsapi32w] C:\WINDOWS\System32\tsapi32w.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [pnphostu] C:\WINDOWS\System32\pnphostu.exe
O4 - HKCU\..\Run: [window.exe] C:\WINDOWS\System32\window.exe


Reboot your computer into Safe Mode and delete the following files:

Then delete these files only...be careful you dont delete anything but these:
C:\WINDOWS\System32\prtrmgri.exe
C:\WINDOWS\System32\bdmonk.exe
C:\WINDOWS\System32\dminstm.exe
C:\WINDOWS\System32\umprepd.exe
C:\WINDOWS\System32\_1252c.exe
C:\WINDOWS\System32\afrdms.exe
C:\WINDOWS\System32\cbdyctlr.exe
C:\WINDOWS\System32\cpmibt.exe
C:\WINDOWS\System32\dite.exe
C:\WINDOWS\System32\eaksiei.exe
C:\WINDOWS\System32\ebcheckw.exe
C:\WINDOWS\System32\egsvr32r.exe
C:\WINDOWS\ejot.exe
C:\WINDOWS\System32\embioso.exe
C:\WINDOWS\System32\etsetupn.exe
C:\WINDOWS\System32\hcpd.exe
C:\WINDOWS\System32\hmedias.exe
C:\WINDOWS\System32\hscraps.exe
C:\WINDOWS\System32\icwmil.exe
C:\WINDOWS\System32\mevtmsgn.exe
C:\WINDOWS\System32\mfutilm.exe
C:\WINDOWS\System32\ounds.exe
C:\WINDOWS\System32\r50_qcxi.exe
C:\WINDOWS\System32\solayk.exe
C:\WINDOWS\System32\srvoicau.exe
C:\WINDOWS\System32\ssenhd.exe
C:\WINDOWS\System32\tsapi32w.exe
C:\WINDOWS\System32\pnphostu.exe
C:\WINDOWS\System32\window.exe


Renable system restore with instructions from tutorial above

Reboot your computer to go back to normal mode and post a new log.

#3 gh0zt

gh0zt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 05 May 2004 - 04:39 PM

thanks for the quick response i appreciate it. i think i followed the instructions correctly, but when i went to delete the files i couldn't find any of them. my folders are set to show hidden files so im not sure whats wrong. my new log is below. thanks again.

Logfile of HijackThis v1.97.7
Scan saved at 2:36:22 PM, on 5/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\luginp.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Messenger\msmsgs.exe
E:\progs\stuff\hijack this\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [luginp] C:\WINDOWS\System32\luginp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8036.8562731482
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

#4 Guest_Plimsol_*

Guest_Plimsol_*

  • Guests
  • OFFLINE
  •  

Posted 05 May 2004 - 04:47 PM

You missed this one:

O4 - HKLM\..\Run: [luginp] C:\WINDOWS\System32\luginp.exe

Edited by Plimsol, 05 May 2004 - 04:47 PM.


#5 gh0zt

gh0zt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 05 May 2004 - 04:56 PM

ok cool new log below. thanks.

Logfile of HijackThis v1.97.7
Scan saved at 2:55:10 PM, on 5/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\wanmpsvc.exe
E:\progs\stuff\hijack this\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8036.8562731482
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA

Posted 05 May 2004 - 06:01 PM

Looks all clean! Good job

#7 gh0zt

gh0zt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 05 May 2004 - 08:02 PM

yup haven't had popups ever since that last post! thanks guys appreciate it.

#8 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:04 PM

Posted 06 May 2004 - 10:06 AM

To gh0zt, please do not delete this file, unless confirmed from someone else.

What about this one?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


From my take on it, Export is spelled wrong, and I can not remember any entry that has & in a word. Some problem applications, like to spell their files to something that is similar to a liget one.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#9 Guest_MrSnausage_*

Guest_MrSnausage_*

  • Guests
  • OFFLINE
  •  

Posted 06 May 2004 - 10:25 AM

The export entry is fine. The & means that the character that immediately follows the & should be the shortcut key for that menu option.

Its normal

#10 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:04:04 PM

Posted 06 May 2004 - 11:01 AM

Thanks for educating me on that. :thumbsup:
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users