| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60114 | 2005-07-23 01:14:00 | File Array Sharing Notes | Shiner (6676) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 374653 | 2005-07-23 01:14:00 | I am running Windows XP Pro and have two accounts on the computer. Every time I boot, a small box appears stating "FileArraySharingNotes: dwuserid==0". I press OK and the box disappears with no discernable consequences. Changing to the other account evokes a similar result, the small box appears I've never seen it before I added the account (my wife's) and wonder if anyone can suggest how I prevent this happening. |
Shiner (6676) | ||
| 374654 | 2005-07-23 06:31:00 | You may have some annoying spyware or just a badly written program that is starting up as you log in. Use Hijack this (www.spywareinfo.com) to generate a log file of what programs are starting up and post the results here. |
gibler (49) | ||
| 374655 | 2005-07-23 06:47:00 | Many thanks for your response. Hijack logfile posted below as suggested. Logfile of HijackThis v1.99.1 Scan saved at 5:43:28 PM, on 7/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\WFXSVC.EXE C:\Program Files\WinFax\WFXMOD32.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Dynalink\Adsl\dslstat.exe C:\Program Files\Dynalink\Adsl\dslagent.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Qualcomm\Eudora\Eudora.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e C:\Program Files\Jetico\BestCrypt\BCResident.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\NewsRover\NewsRover.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\GJW\Local Settings\Temp\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_39cd.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Sygate Personal Firewall] Sygate.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Dynalink\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Dynalink\Adsl\dslagent.exe O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_39cd.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DCPPaid] C:\WINDOWS\system32\DCPPaid.exe /P O4 - HKLM\..\RunServices: [Sygate Personal Firewall] Sygate.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_39cd.dll" O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Startup: Shortcut to Eudora.lnk = C:\Program Files\Qualcomm\Eudora\Eudora.exe O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: HushEncryptionEngine - mailserver2.hushmail.com O16 - DPF: {9C134253-E8A3-4759-9F98-302B7981922E} (MaxViewer Class) - support.scansoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{22C16B94-1B11-4BC6-92B3-8BFD90539249}: NameServer = 203.97.33.14 203.97.37.14 O17 - HKLM\System\CS1\Services\Tcpip\..\{22C16B94-1B11-4BC6-92B3-8BFD90539249}: NameServer = 203.97.33.14 203.97.37.14 O20 - AppInit_DLLs: hplun.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE |
Shiner (6676) | ||
| 374656 | 2005-07-23 06:49:00 | There is certainly stuff there that I didn't know was starting, for instance, I don't use Hushmail anymore! | Shiner (6676) | ||
| 374657 | 2005-07-23 07:05:00 | Tick these entries. And click on fix checked. Then reboot. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_39cd.dll O4 - HKLM\..\Run: [Sygate Personal Firewall] Sygate.exe This might be this www.sophos.com O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe Is Sygate installed? O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_39cd.dll" O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_39cd.dll" O4 - HKLM\..\Run: [DCPPaid] C:\WINDOWS\system32\DCPPaid.exe /P This looks like its part of drivecrypt, but this is telling u it has expired. Uninstall it. O16 - DPF: HushEncryptionEngine - mailserver2.hushmail.com Since u dont use Hushmail, this can be ticked Java should be updated its now up to v 04. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime This is OK, but isnt needed on startup. |
Speedy Gonzales (78) | ||
| 374658 | 2005-07-23 20:44:00 | Thanks Speedy, I did all that, but the original problem, the FileArraySharingNotes, still persists. :-) Anent Java, can you point me to the download site. At Sun Systems a search did not bring up version .04. Does it live under a different name? |
Shiner (6676) | ||
| 374659 | 2005-07-23 21:38:00 | Hmm cant say, I've heard of that error / message. Here's the download site for Java sdlcweb1a.sun.com:443 9C32E1F781F Tick accept licence agreement. Then the first download. 15.54mb. |
Speedy Gonzales (78) | ||
| 1 | |||||