-
June 17th, 2004, 12:24 PM
#1
Junior Member
Adware/Spyware...
Got some stupid piece of Ad-ware/Spyware on my computer and I can't remove it
I used Ad-aware 6
CWShredder
Hijackthis
Spybot search and destroy
and Registry mechanic
They all found various things and remove them, but couple mins later some of the files are back...
Everytime I open IExplore links me to
res://lqftn.dll/index.html#96676
as homepage
I keep getting this website in background whenever I search on Google
http://search-to-find.com/
And I get various popups when im browsing the web...
Usually using the programs above kills them but looks like I got a clever bastard again...
I got a whole list of Registry files I can delete in Hijackthis but I would prefer not too mess with the ones I am unsure of as some of them are useful... If you think that will solve my problem I will link a list of all the files
OR If anyone has any other programs/solutions (short of formatting my hard drive) Will a system restore have any effect?
Nick
-
June 17th, 2004, 12:32 PM
#2
Adaware has an update option.
Do you have the latest definitions ?
Also try www.majorgeek.com for more adbusters.
-
June 17th, 2004, 12:43 PM
#3
I can not find anything specific to the problem you have posted but below is a link to an article that has infomation on dealing with generic hijacks. It is also a pretty good site that deals with spyware:
http://www.spywareinfo.com/articles/hijacked/
Just as an after thought i can not reach the page you link to with either IE or firefox.
When you have fixed your problem you might want to go here: http://www.javacoolsoftware.com/
Spyware blaster is a good add on for ie, as it stops this sort of thing becoming a problem, rather than fixin it after.
Or change your browser. I can recomend Firefox: http://texturizer.net/firefox/download.html
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
June 17th, 2004, 12:53 PM
#4
Junior Member
All the Adware removers I have are most updated versions, also her is that link again incase I copied it down wrong
res://lqftn.dll/index.html#96676
Will try some of those other solutions and post on progress here, still if ppl know of any other ideas feel free to add to discussion
-
June 17th, 2004, 01:39 PM
#5
Junior Member
Nothing I tired seems to work, I installed 2 new spyware removers which again find things but the problem persists...
Hijackthis log is enclosed I deleted all the R0 and R1 entries but the just reapper
Damnit I will probably have to format, I will not be beaten
Logfile of HijackThis v1.97.7
Scan saved at 13:46:47, on 17/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINDOWS\system32\netic.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\nick saunders\local settings\temp\jaseNJRxf.exe
C:\documents and settings\nick saunders\local settings\temp\VaxG6.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\WINDOWS\sdkza32.exe
C:\WINDOWS\System32\pndtls.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\delsvr32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\Nfw8fU8C.exe
C:\WINDOWS\System32\IhvoDV.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Nick Saunders\Desktop\AD\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqftn.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqftn.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqftn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqftn.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lqftn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lqftn.dll/sp.html#96676
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CD010E8-0B89-0B57-0309-03493BE208A3} - C:\WINDOWS\system32\iekx.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jaseNJRxf] C:\documents and settings\nick saunders\local settings\temp\jaseNJRxf.exe
O4 - HKLM\..\Run: [VaxG6] C:\documents and settings\nick saunders\local settings\temp\VaxG6.exe
O4 - HKLM\..\Run: [3PJN6WW2L8AG6D] C:\WINDOWS\System32\CagA2.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [sdkza32.exe] C:\WINDOWS\sdkza32.exe
O4 - HKLM\..\Run: [AutoLoaderos571OSjZIXX] "C:\WINDOWS\System32\pndtls.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [oFmh34P] pndtls.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Zo5nRQjpe] delsvr32.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKLM\..\RunOnce: [netzb.exe] C:\WINDOWS\system32\netzb.exe
O4 - HKLM\..\RunOnce: [netic.exe] C:\WINDOWS\system32\netic.exe
O4 - HKLM\..\RunOnce: [ievg32.exe] C:\WINDOWS\system32\ievg32.exe
O4 - HKLM\..\RunOnce: [mfclt32.exe] C:\WINDOWS\system32\mfclt32.exe
O4 - HKLM\..\RunOnce: [sysui.exe] C:\WINDOWS\system32\sysui.exe
O4 - HKLM\..\RunOnce: [javayb32.exe] C:\WINDOWS\system32\javayb32.exe
O4 - HKLM\..\RunOnce: [appjg32.exe] C:\WINDOWS\appjg32.exe
O4 - HKLM\..\RunOnce: [msmz.exe] C:\WINDOWS\msmz.exe
O4 - HKLM\..\RunOnce: [syswm32.exe] C:\WINDOWS\syswm32.exe
O4 - HKLM\..\RunOnce: [d3ik32.exe] C:\WINDOWS\d3ik32.exe
O4 - HKLM\..\RunOnce: [mspi.exe] C:\WINDOWS\system32\mspi.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_41.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs3b.instantservice.com/jars/...rxsigned40.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta...soesysinfo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
-
June 17th, 2004, 02:59 PM
#6
Wow, you have a mess. The wintools are easy to remove, and the peper trojan isn't too bad, but you have a nasty browser hijack, and this one sucks rocks to remove ...I'll walk you through the current method. Sometimes it works, sometimes it doesn't.
========================
To remove Wintools,
1. Boot into SAFE MODE by tapping the f8 key during boot up.
2. Kill running entries by ctrl, alt and del for Wintools. (Kill all references to anything that has Wintools in it.
3. Uninstall Wintools from Add/Remove. it will prompt for reboot. do that and reboot.
========================
Control-alt-delete end task on these tasks:
netic.exe
sdkza32.exe
delsvr32.exe
Put a checkmark next to the following in HijackThis. Make sure all other windows and browsers are closed before clicking on “Fix Checked”
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqftn.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqftn.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqftn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqftn.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lqftn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lqftn.dll/sp.html#96676
O2 - BHO: (no name) - {2CD010E8-0B89-0B57-0309-03493BE208A3} - C:\WINDOWS\system32\iekx.dll
C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [sdkza32.exe] C:\WINDOWS\sdkza32.exe
O4 - HKLM\..\Run: [AutoLoaderos571OSjZIXX] "C:\WINDOWS\System32\pndtls.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\RunOnce: [netzb.exe] C:\WINDOWS\system32\netzb.exe
O4 - HKLM\..\RunOnce: [netic.exe] C:\WINDOWS\system32\netic.exe
O4 - HKLM\..\RunOnce: [ievg32.exe] C:\WINDOWS\system32\ievg32.exe
O4 - HKLM\..\RunOnce: [mfclt32.exe] C:\WINDOWS\system32\mfclt32.exe
O4 - HKLM\..\RunOnce: [sysui.exe] C:\WINDOWS\system32\sysui.exe
O4 - HKLM\..\RunOnce: [javayb32.exe] C:\WINDOWS\system32\javayb32.exe
O4 - HKLM\..\RunOnce: [appjg32.exe] C:\WINDOWS\appjg32.exe
O4 - HKLM\..\RunOnce: [msmz.exe] C:\WINDOWS\msmz.exe
O4 - HKLM\..\RunOnce: [syswm32.exe] C:\WINDOWS\syswm32.exe
O4 - HKLM\..\RunOnce: [d3ik32.exe] C:\WINDOWS\d3ik32.exe
O4 - HKLM\..\RunOnce: [mspi.exe] C:\WINDOWS\system32\mspi.exe
=================
Boot into SAFE MODE by tapping the f8 key during boot up.
Makue sure your computer is set to show hidden files:
How to see Hidden files
Delete the following files:
C:\WINDOWS\system32\netzb.exe
C:\WINDOWS\system32\netic.exe
C:\WINDOWS\system32\ievg32.exe
C:\WINDOWS\system32\mfclt32.exe
C:\WINDOWS\system32\sysui.exe
C:\WINDOWS\system32\javayb32.exe
C:\WINDOWS\appjg32.exe
C:\WINDOWS\msmz.exe
C:\WINDOWS\syswm32.exe
C:\WINDOWS\d3ik32.exe
C:\WINDOWS\system32\mspi.exe
=======================
Reboot in normal mode
Please download TheKillbox from here: http://www.downloads.subratam.org/KillBox.zip
Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:
C:\WINDOWS\system32\netic.exe
Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The filenameand path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.
Reboot in normal mode and post a fresh log. There is going to be a bunch mre to remove. You may want to post your next log as a hidden post so people don't gripe about "having to scroll past a HJT log"
-
June 17th, 2004, 04:40 PM
#7
Junior Member
We are making progress
I now have control back of my homepage I will post the new log below with Hijackthis result in Hidden.
Will it be Safe now to run Adaware, registry mechanic etc or leave it till we have finished messing with Hijackthis?
Thank you for help
-
June 17th, 2004, 04:42 PM
#8
Junior Member
Logfile of HijackThis v1.97.7
Scan saved at 16:48:51, on 17/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\documents and settings\nick saunders\local settings\temp\jaseNJRxf.exe
C:\documents and settings\nick saunders\local settings\temp\VaxG6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\delsvr32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\MvuCw.exe
C:\WINDOWS\System32\MvuCw.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nick Saunders\Desktop\AD\HijackThis.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jaseNJRxf] C:\documents and settings\nick saunders\local settings\temp\jaseNJRxf.exe
O4 - HKLM\..\Run: [VaxG6] C:\documents and settings\nick saunders\local settings\temp\VaxG6.exe
O4 - HKLM\..\Run: [3PJN6WW2L8AG6D] C:\WINDOWS\System32\Oval63H.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Zo5nRQjpe] delsvr32.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_41.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs3b.instantservice.com/jars/...rxsigned40.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta...soesysinfo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B829E1C-40C0-48EB-A815-ED9ED78D8688}: NameServer = 195.92.195.94 195.92.195.95
-
June 17th, 2004, 04:44 PM
#9
Junior Member
Also and I am not sure what has caused this.....
Everytime I open up a Microsoft program it asks me to reinstall Microsoft Office Professional edition 2003 and it rants about configuration then justs opens the program....
/Shrug
-
June 17th, 2004, 04:49 PM
#10
just a word to the wise its usually a good idea to clean out the prefetch folder too. Sometimes virii or spyware can attach to different programs in there and relaunch when you open random programs.
For those who dont know the prefetch folder is a folder that windows XP utilizes to make programs open faster, it loads prefrences and small bits of data so when you open a program it will do so a half a second faster. By clearing the folder the program will open up slightly slower the next time you open it but will be normal after that intial open.
To clear that folder go to Start>run> type in prefetch hit enter. Hit ctrl-a then the delete button and you are all set, no need to restart or anything
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
here
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|