| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 55184 | 2005-03-05 00:19:00 | Wierd Popup during startup | LilAznHobo (7513) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 330718 | 2005-03-05 00:19:00 | During startup on the winxp welcome page, a weird square window pops up. the popup started after my computer began acting freaky, all the icon dissappear into those winxp default one. and when i click on it it says (filename).ink is missing....well i got that fix by replacing some registry and using a program to fix the .exe files...OKAY! well the popup looks werid because it was in some chinese font, but when i type it into WORD it says the font type is arial unicode ms: 褐ã . well thats what it says both in the title and the body on the popup.. thnxs hope u can help.. :confused: | LilAznHobo (7513) | ||
| 330719 | 2005-03-05 00:27:00 | I would do a scan for spyware, a scan for viruses, or go to start/run, type msconfig, tell us whats in the startup tab here. Anything under all programs / in the startup menu? That shouldnt be there? |
Speedy Gonzales (78) | ||
| 330720 | 2005-03-05 06:01:00 | under start up i have these files checked: zlclient ccapp sndmon dlbubmgr memcard nvcpl aim adobe gamma loader digital line detect microsoft office if you want the location ill post if u ask . . thnxs . . . . hope this help . . . cause that chinese language pop up window is annoying . . . |
LilAznHobo (7513) | ||
| 330721 | 2005-03-05 06:07:00 | ccapp is often nortons antivirus tho would have exspected other norton entries there as well. did you leave those out? if so whats the whole list? if not it could be a virus or possibly you have had nortons and it hasn't been uninstalled properly. | tweak'e (69) | ||
| 330722 | 2005-03-05 06:25:00 | Hmm those programs in startup look OK. You have a photo printer? Thats what the memcard and dlbubmgr.exe file are. Can u post a pic of this popup, and your desktop??? Go here to see how pressf1.pcworld.co.nz |
Speedy Gonzales (78) | ||
| 330723 | 2005-03-05 07:02:00 | sal.neoburn.net sal.neoburn.net i think it might be a virus b/c the icon on my desktop is acting wierd i cant open them....says missing .lnk file missing. if u need my hijack this file i can post. and yes i do have a photo printer... rest of the files on startup: zlclient ccapp sndmon dlbubmgr memcard nvcpl aim adobe gamma loader digital line detect microsoft office mcagent qttasks realplay mcvsshield mcmnhdler speedupmypc |
LilAznHobo (7513) | ||
| 330724 | 2005-03-05 07:18:00 | Ta for the pics. Untick speedupmypc, and reboot. If this is in the startup tab in msconfig. That looks like spyware and looks like it mucks around with your system/CPU. Have u got spybot or adaware?? Do a scan see if they detect this and remove the entries for it and the folder. Did u install this program recently?? |
Speedy Gonzales (78) | ||
| 330725 | 2005-03-05 07:39:00 | Hmm this Speedupmypc might be OK, not too sure, yup post your hijackthis log please Lilan. We'll see whats in that. |
Speedy Gonzales (78) | ||
| 330726 | 2005-03-05 18:37:00 | ok here is my hijack this log, but i have just noticed that when ever i open adaware the icon on my desktop stop working and keeps saying cannot find (filename) . lnk or any other of those . exe . dat . bat . dll files . . . do u think its a virus? i can also post my adaware processwatch log too . . . Logfile of HijackThis v1 . 99 . 1 Scan saved at 12:28:55 PM, on 3/5/2005 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe C:\WINDOWS\system32\cisvc . exe C:\WINDOWS\system32\CTsvcCDA . EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon . exe C:\Program Files\Norton AntiVirus\navapsvc . exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor . exe C:\WINDOWS\system32\nvsvc32 . exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon . exe C:\WINDOWS\system32\MsPMSPSv . exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe C:\Program Files\Norton AntiVirus\SAVScan . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe C:\Program Files\Common Files\Symantec Shared\ccApp . exe C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr . exe C:\Program Files\Dell Photo AIO Printer 942\memcard . exe C:\Program Files\Dell Photo AIO Printer 942\dlbubmon . exe C:\Program Files\Digital Line Detect\DLG . exe C:\Program Files\Valve\Steam\Steam . exe C:\Program Files\AIM\aim . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Documents and Settings\Tai Nguyen\Local Settings\Temp\HijackThis . exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware . exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch . exe C:\Program Files\Messenger\msmsgs . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . dell4me . com/myway" target="_blank">www . dell4me . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6 . 0\Reader\ActiveX\AcroIEHelper . dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx . dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt . dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt . dll O4 - HKLM\ . . \Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe" O4 - HKLM\ . . \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp . exe" O4 - HKLM\ . . \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon . exe O4 - HKLM\ . . \Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr . exe" O4 - HKLM\ . . \Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard . exe" O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKCU\ . . \Run: [AIM] C:\PROGRA~1\AIM\aim . exe -cnetwait . odl O4 - Global Startup: Adobe Gamma Loader . lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader . exe O4 - Global Startup: Digital Line Detect . lnk = ? O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office10\OSA . EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_01\bin\npjpi150_01 . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_01\bin\npjpi150_01 . dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim . exe O9 - Extra button: Real . com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee . com Operating System Class) - . mcafee . com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl . cab" target="_blank">download . mcafee . com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - . bay102 . hotmail . msn . com/resources/MsnPUpld . cab" target="_blank">by102fd . bay102 . hotmail . msn . com O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - . mcafee . com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr . cab" target="_blank">download . mcafee . com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - . macromedia . com/pub/shockwave/cabs/flash/swflash . cab" target="_blank">download . macromedia . com O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc . exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA . EXE O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms . exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon . exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc . exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan . exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon . exe __________________________________________________ ____________ Ad-Watch Logfile, exported on 3/5/2005 Total number of events:15 =============================================== 3/5/2005 12:26:53 PM - Definitions file SE1R28 16 . 02 . 2005 loaded successfully . Build:SE1R28 16 . 02 . 2005 Total Signatures :34787 Target Families :632 Target Categories :6 CSI data Size :42160 File Size :1300934 =============================================== 3/5/2005 12:26:53 PM - User preferences file loaded . Ad-Watch preference file loaded . Applying user settings C:\Documents and Settings\Tai Nguyen\Application Data\Lavasoft\Ad-Aware\awsettings . awc Initialization complete . =============================================== 3/5/2005 12:26:53 PM - Sites file loaded . Sites file loaded successfully . C:\PROGRA~1\Lavasoft\AD-AWA~1\sites . txt Total entries : 3229 =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_CURRENT_USER Key:Software\Microsoft\Windows\CurrentVersion\Run Value:AIM Data: C:\PROGRA~1\AIM\aim . exe -cnetwait . odl New Data: C:\Program Files\AIM\aim . exe -cnetwait . odl =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Microsoft\Windows\CurrentVersion\Run Value:Zone Labs Client Data: New Data: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe" =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . exe Value:ZAMailSafeExt Data: New Data: zl9 =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . lnk Value:ZAMailSafeExt Data: New Data: zlg =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . reg Value:ZAMailSafeExt Data: New Data: zlp =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . pif Value:ZAMailSafeExt Data: New Data: zlo =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . bat Value:ZAMailSafeExt Data: New Data: zl3 =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . scr Value:ZAMailSafeExt Data: New Data: zlq =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . com Value:ZAMailSafeExt Data: New Data: zl6 =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . exe Value: Data: New Data: exefile =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . lnk Value: Data: New Data: lnkfile =============================================== 3/5/2005 12:26:53 PM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Classes\ . exe Value:Content Type Data: New Data: application/x-msdownload =============================================== -thnxs |
LilAznHobo (7513) | ||
| 330727 | 2005-03-05 20:35:00 | Most of that log looks OK . I would remove cisvc . exe . Its part of windows, but doesnt have to run on bootup . I would remove Zonealarm, or Norton Internet Security / Norton Firewall . You dont need both . Is Zonealarm the latest version? One's good enough . I would remove Windows messenger . Go here . kellys-korner-xp . com/xp_tweaks2 . htm#util" target="_blank">www . kellys-korner-xp . com The last option - Utilities for XP . Scroll down to Disable or Remove Messenger from Windows and OE . Click on Click here to download selection, download it and run it . Get MSN Messenger 7 . Windows Messenger is hopeless . Is XP SP2's firewall enabled?? If it is disable it . Not a good idea having 3 firewalls running at the same time . |
Speedy Gonzales (78) | ||
| 1 2 | |||||