| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64255 | 2005-12-08 23:10:00 | Startup Files | Lurking (218) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 411212 | 2005-12-09 23:15:00 | Speedy, this is the other part of the Log: Nos. R0 to 16 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - Startup: Viralock.lnk = C:\Program Files\Sentrybay Corp\Viralock\ViraLock.exe O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - www.lizardtech.com O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - www-307.ibm.com Speedy you probably understand this section much more than I. Anything need it's box ticked off!. Thanks, Lurking. |
Lurking (218) | ||
| 411213 | 2005-12-09 23:50:00 | Hmm this entry doesnt look too friendly. It looks like some worms use this command/program which boots on startup. On the symantec site, it says it overwrites this file? A bit hard to overwrite, if it doesnt exist, in the first place! (In XP). O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun If you use XP, I dont think is an XP file. This file isnt on my system. Up to you, whether you want to fix this entry. And this entry seems to be a valid program, it looks like it encrypts emails. O4 - Startup: Viralock.lnk = C:\Program Files\Sentrybay Corp\Viralock\ViraLock.exe The rest of the log looks OK by me. |
Speedy Gonzales (78) | ||
| 411214 | 2005-12-10 00:33:00 | Terry, thnks for your reply. Yes Scanregistry is ticked. Have also ticked the firewall again, that would have with the Kerio download no doubt. Regards, Lurking. |
Lurking (218) | ||
| 411215 | 2005-12-10 00:42:00 | Thanks Speedy. Will leave log in place. A search on Google for that small window: Unable to Start the Application, seems to refer to Java script. Having to close the sml window everytime is a nark. Regards, Lurking. |
Lurking (218) | ||
| 1 2 | |||||