If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
System Configuration Utility, 2 new programs running on my system
After running the System Configuration Utility, I have
found 2 new programs running on my system Reoe Registry (Per-User Run) C:\WINDOWS\ApplicationData\oecm.exe After doing a full Search I am unable to find this file on my computer. Here is the other file I am asking about Jfdcb Registry (Per-User Run) C:\WINDOWS\SYSTEM\nhrqgbf.exe I am able to find this file, in the SYSTEM folder but I am unable to remove it. (All of these programs have been fully updated) After doing a full Virus scan using Norton Internet Pro I am unable to find any virus. After doing a full Search using Ad-aware 6.0 I did not find any answers. After doing a full Search using Spybot Search & Destroy (advanced mode) using full search capabilities I was unable to find any answers here either. I also used Registry Mechanic I have not found any help there either. I have looked using the Microsoft Knowledge Base and the entire support site, with no luck I have looked using every search engine I could find (9) of them. I also ran Hijack This, here are the results Logfile of HijackThis v1.97.7 Scan saved at 8:27:10 AM, on 3/3/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\CCPXYSVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE C:\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=search&LC=0409 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp? region=all&bw=dsl&cd=5.1&bm=ho_home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...rs/presario/de skredir.dll?c=3c00&s=consumer&LC=0409 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=searchbar&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=searchbar&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=search&LC=0409 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R3 - Default URLSearchHook is missing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1 \NORTON~1\ADVTOOLS\ADVCHK.EXE O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1 \ADVTOOLS\NPROTECT.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security Professional\NISUM.EXE O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2 \CCPXYSVC.EXE O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1 \MSN\MSNIA\MSNIASVC.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O9 - Extra button: Translate (HKLM) O9 - Extra 'Tools' menuitem: AV &Translate (HKLM) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM) O9 - Extra 'Tools' menuitem: AV Live (HKLM) O9 - Extra button: Control Pad (HKLM) O9 - Extra 'Tools' menuitem: Control Pad (HKLM) O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin2.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?37956.5124074074 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312 O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwe...includes/vzWeb Ins.CAB Can anyone tell me what the two new programs are and or how to get rid of them? Thank You for your time LaVonne |
#3
|
|||
|
|||
System Configuration Utility, 2 new programs running on my system
I will try posting to the HJT site
I unchecked both of them in msconfig as soon as I found them. I still can not find the Reoe Registry (Per-User Run) C:\WINDOWS\ApplicationData\oecm.exe and even though I have the file Jfdcb Registry (Per-User Run) C:\WINDOWS\SYSTEM\nhrqgbf.exefile unchecked... I have been trying to delete this file but when I do I get the error message Cannot delete nhrqgbf: The specified file is being used by Windows this was the driving force that caused me to finaly post to the newsgroups. Can anyone come up with anything else? Thank You for your Time LaLamar -----Original Message----- IMO both files are probably malicious. I see you have also posted your HijackThis log to other newsgroups and been advised to post it to http://www.computercops.biz/forums.html, It might now be sensible for you to concentrate on that posting. Is either file actually running since neither appear in your HijackThis list of running applications. What happens if you boot to Safe Mode, uncheck the two entries in MSConfig | Startup and delete nhrqgbf.exe. Do the entries re-appear when you boot back into normal mode? You might also want to let HJT remove the O16 Webshots entry. -- Mike Maltby MS-MVP LaLamar wrote: After running the System Configuration Utility, I have found 2 new programs running on my system Reoe Registry (Per-User Run) C:\WINDOWS\ApplicationData\oecm.exe After doing a full Search I am unable to find this file on my computer. Here is the other file I am asking about Jfdcb Registry (Per-User Run) C:\WINDOWS\SYSTEM\nhrqgbf.exe I am able to find this file, in the SYSTEM folder but I am unable to remove it. (All of these programs have been fully updated) After doing a full Virus scan using Norton Internet Pro I am unable to find any virus. After doing a full Search using Ad-aware 6.0 I did not find any answers. After doing a full Search using Spybot Search & Destroy (advanced mode) using full search capabilities I was unable to find any answers here either. I also used Registry Mechanic I have not found any help there either. I have looked using the Microsoft Knowledge Base and the entire support site, with no luck I have looked using every search engine I could find (9) of them. I also ran Hijack This, here are the results Logfile of HijackThis v1.97.7 Scan saved at 8:27:10 AM, on 3/3/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\CCPXYSVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE C:\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=search&LC=0409 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp? region=all&bw=dsl&cd=5.1&bm=ho_home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...rs/presario/de skredir.dll?c=3c00&s=consumer&LC=0409 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=searchbar&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=searchbar&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=search&LC=0409 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R3 - Default URLSearchHook is missing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238- 8AD1- 7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1 \NORTON~1\ADVTOOLS\ADVCHK.EXE O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1 \ADVTOOLS\NPROTECT.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security Professional\NISUM.EXE O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1 \NORTON~2 \CCPXYSVC.EXE O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1 \MSN\MSNIA\MSNIASVC.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O9 - Extra button: Translate (HKLM) O9 - Extra 'Tools' menuitem: AV &Translate (HKLM) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM) O9 - Extra 'Tools' menuitem: AV Live (HKLM) O9 - Extra button: Control Pad (HKLM) O9 - Extra 'Tools' menuitem: Control Pad (HKLM) O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin2.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?37956.5124074074 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312 O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwe...includes/vzWeb Ins.CAB Can anyone tell me what the two new programs are and or how to get rid of them? Thank You for your time LaVonne . |
#4
|
|||
|
|||
System Configuration Utility, 2 new programs running on my system
Mike:
I relized after sending the last post that I had forgotten about deleteing in safe mode. went in and deleted the file, restarted searched for it and it was gone. I then went in to msconfig and did a cleanup both entries disapeared and I am hoping they are gone for good. I am wondering if I should'nt go in now and use one of those wipe programs that Madmax posted about on the virus list. any sugestions? Thank You again for joging my memory LaLamar -----Original Message----- IMO both files are probably malicious. I see you have also posted your HijackThis log to other newsgroups and been advised to post it to http://www.computercops.biz/forums.html, It might now be sensible for you to concentrate on that posting. Is either file actually running since neither appear in your HijackThis list of running applications. What happens if you boot to Safe Mode, uncheck the two entries in MSConfig | Startup and delete nhrqgbf.exe. Do the entries re-appear when you boot back into normal mode? You might also want to let HJT remove the O16 Webshots entry. -- Mike Maltby MS-MVP LaLamar wrote: After running the System Configuration Utility, I have found 2 new programs running on my system Reoe Registry (Per-User Run) C:\WINDOWS\ApplicationData\oecm.exe After doing a full Search I am unable to find this file on my computer. Here is the other file I am asking about Jfdcb Registry (Per-User Run) C:\WINDOWS\SYSTEM\nhrqgbf.exe I am able to find this file, in the SYSTEM folder but I am unable to remove it. (All of these programs have been fully updated) After doing a full Virus scan using Norton Internet Pro I am unable to find any virus. After doing a full Search using Ad-aware 6.0 I did not find any answers. After doing a full Search using Spybot Search & Destroy (advanced mode) using full search capabilities I was unable to find any answers here either. I also used Registry Mechanic I have not found any help there either. I have looked using the Microsoft Knowledge Base and the entire support site, with no luck I have looked using every search engine I could find (9) of them. I also ran Hijack This, here are the results Logfile of HijackThis v1.97.7 Scan saved at 8:27:10 AM, on 3/3/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\CCPXYSVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE C:\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=search&LC=0409 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp? region=all&bw=dsl&cd=5.1&bm=ho_home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...rs/presario/de skredir.dll?c=3c00&s=consumer&LC=0409 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=searchbar&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=searchbar&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...s/presario/src hredir.dll?c=3c00&s=search&LC=0409 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R3 - Default URLSearchHook is missing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238- 8AD1- 7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1 \NORTON~1\ADVTOOLS\ADVCHK.EXE O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1 \ADVTOOLS\NPROTECT.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security Professional\NISUM.EXE O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1 \NORTON~2 \CCPXYSVC.EXE O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1 \MSN\MSNIA\MSNIASVC.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O9 - Extra button: Translate (HKLM) O9 - Extra 'Tools' menuitem: AV &Translate (HKLM) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM) O9 - Extra 'Tools' menuitem: AV Live (HKLM) O9 - Extra button: Control Pad (HKLM) O9 - Extra 'Tools' menuitem: Control Pad (HKLM) O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1 \PLUGINS\npqtplugin2.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?37956.5124074074 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312 O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwe...includes/vzWeb Ins.CAB Can anyone tell me what the two new programs are and or how to get rid of them? Thank You for your time LaVonne . |
#5
|
|||
|
|||
System Configuration Utility, 2 new programs running on my system
LaLamar,
I'm glad to read you've now got rid of both those the unwanted entries in MSConfig and the files(s). What next to do has to rather depend on what you have done already and what problems you might be experiencing. You will have to decide for yourself as to whether to use the unnamed program recommended to you - again it depends on what problems you are trying to solve. -- Mike Maltby MS-MVP LaLamar wrote: Mike: I relized after sending the last post that I had forgotten about deleteing in safe mode. went in and deleted the file, restarted searched for it and it was gone. I then went in to msconfig and did a cleanup both entries disapeared and I am hoping they are gone for good. I am wondering if I should'nt go in now and use one of those wipe programs that Madmax posted about on the virus list. any sugestions? Thank You again for joging my memory |
#6
|
|||
|
|||
System Configuration Utility, 2 new programs running on my system
I am concerned that the program could come back...
considering I feel it was an attack from a hacker. I took from the information contained from this part of the post from Madmax -snippage- To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html that one of the info wipers would make sure that the program(s)would be taken off my hard drive considering that windows I hear does not actually delete information when we hit the delete key, or at least not all of it. This was the perpus that I was intending to use the wipe program for. Thank You for your time LaLamar -----Original Message----- LaLamar, I'm glad to read you've now got rid of both those the unwanted entries in MSConfig and the files(s). What next to do has to rather depend on what you have done already and what problems you might be experiencing. You will have to decide for yourself as to whether to use the unnamed program recommended to you - again it depends on what problems you are trying to solve. -- Mike Maltby MS-MVP LaLamar wrote: Mike: I relized after sending the last post that I had forgotten about deleteing in safe mode. went in and deleted the file, restarted searched for it and it was gone. I then went in to msconfig and did a cleanup both entries disapeared and I am hoping they are gone for good. I am wondering if I should'nt go in now and use one of those wipe programs that Madmax posted about on the virus list. any sugestions? Thank You again for joging my memory . |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
System Configuration Utility | bcobb1 | Setup & Installation | 1 | July 21st 04 06:45 AM |
System configuration Utility | Tammie | General | 2 | July 15th 04 04:20 PM |
Please help! Display settings !! | Mitzi | Monitors & Displays | 12 | July 11th 04 05:19 AM |
Major Problem | Matty | General | 3 | July 4th 04 05:02 PM |
System Configuration Utility Invisible | jcs | Improving Performance | 1 | May 30th 04 07:08 PM |