It is currently Tue Dec 11, 2018 9:03 pm


services.exe HELP!

Discuss security related topics in here (Hacking, Cracking, and Protecting)
Do not post HJT Logs here

Moderator: PCguy

services.exe HELP!

Postby Noli » Fri Apr 23, 2004 7:30 am

Could somebody help me with how to get rid of these entries in my HijackThis log:
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\services.exe
F1 - win.ini: load=C:\WINDOWS\services.exe
F1 - win.ini: run=C:\WINDOWS\services.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Services Controller] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [Services Controller] C:\WINDOWS\services.exe


I press FIX in HJT but once I restart they come back over & over again!

PLEASE HELP!
User avatar
Noli
Geek in Training
Geek in Training
 
Posts: 16
Joined: Fri Apr 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Postby brad » Fri Apr 23, 2004 11:12 am

Could be a couple of reasons for this.
Close all Windows except the HiJack This Window and then choose Fix.
If your Operating System has System Restore turn it off first.
You may be missing some of the other entries. It would be easier if we could see your current Log File.
brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top

Postby Gecko » Fri Apr 23, 2004 12:05 pm

I did some checking and it looks like you have a virus and/or Trojan.
That is why the entries comeback after deleting them.
As brad said it would be best if you posted your full HiJack This log.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Postby Noli » Fri Apr 23, 2004 6:59 pm

Thanks guy...I figured out that I have a file C:\windows\services.exe that I cannot delete in any way! and it has a *.rar icon and no signature on it of any company....just a "g"

here is my full log:

Logfile of HijackThis v1.97.7
Scan saved at 10:11:07 PM, on 22/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Documents and Settings\Owner\Desktop\El Noli\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.24-7media.de/forum/index.php
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\services.exe
F1 - win.ini: load=C:\WINDOWS\services.exe
F1 - win.ini: run=C:\WINDOWS\services.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\services.exe
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Corel Painter 8f] C:\Program Files\Common Files\Corel\Registration\EN\Registration.exe /title="Corel Painter 8" /date=050404 serial=PF08CTD-9999999-KHN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Services Controller] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Services Controller] C:\WINDOWS\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: IEB: Browser: Resize Window - C:\Program Files\IE Booster\window-size.html
O8 - Extra context menu item: IEB: Frame: Open in &New Window - C:\Program Files\IE Booster\frame-open-in-new-window.html
O8 - Extra context menu item: IEB: Frame: Open in &This Window - C:\Program Files\IE Booster\frame-open-in-this-window.html
O8 - Extra context menu item: IEB: Image: Copy Path to Clipboard - C:\Program Files\IE Booster\image-copy-path-to-clipboard.html
O8 - Extra context menu item: IEB: Image: Show Image Data - C:\Program Files\IE Booster\image-view-image-data.html
O8 - Extra context menu item: IEB: Link: Copy as <A href="URL">caption</A> - C:\Program Files\IE Booster\link-copy.html
O8 - Extra context menu item: IEB: Link: Open in New Minimized Window - C:\Program Files\IE Booster\link-open-minimized.html
O8 - Extra context menu item: IEB: Page: Copy Title as <A href="URL">Title</a> - C:\Program Files\IE Booster\page-copy-title.html
O8 - Extra context menu item: IEB: Page: Show Forms and Applets - C:\Program Files\IE Booster\page-show-forms.html
O8 - Extra context menu item: IEB: Page: Show Hyperlinks - C:\Program Files\IE Booster\page-view-hyperlinks.html
O8 - Extra context menu item: IEB: Page: Show Images - C:\Program Files\IE Booster\page-show-images.html
O8 - Extra context menu item: IEB: Page: Show Source - C:\Program Files\IE Booster\page-view-source.html
O8 - Extra context menu item: IEB: Page: Show Stylesheets - C:\Program Files\IE Booster\page-view-stylesheets.html
O8 - Extra context menu item: IEB: Selection: Copy as plain text - C:\Program Files\IE Booster\selection-copy-plaintext.html
O8 - Extra context menu item: IEB: Selection: Open in Browser - C:\Program Files\IE Booster\selection-open-in-browser.html
O8 - Extra context menu item: IEB: Selection: Show Partial Source - C:\Program Files\IE Booster\selection-show-source.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... /swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdat ... t/opuc.cab
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://h71025.www7.hp.com/support/sndetect/CSND_AX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
User avatar
Noli
Geek in Training
Geek in Training
 
Posts: 16
Joined: Fri Apr 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Postby brad » Fri Apr 23, 2004 10:33 pm

Log is like you said. The first thing I'd do is Turn off System Restore and update your AV Program and run a through scan.
Then I'd stop all the mentioned Services from running in Windows Task Manager. (Ctrl/Alt/Del)
Then I'd run HiJack This (Leave System Restore off) and close all other open Windows. Then select the following and click Fix/Remove.
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\services.exe
F1 - win.ini: load=C:\WINDOWS\services.exe
F1 - win.ini: run=C:\WINDOWS\services.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Services Controller] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [Services Controller] C:\WINDOWS\services.exe

brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top

Postby Noli » Sat Apr 24, 2004 12:20 am

Thank you for the instructions...this is exactly what I have been doing for the last 3 days but NO JOY!
In fact I could not stop services.exe in my Task Manager...it always says: "ACCESS DENIED"

Is there anyway to delete that services.exe from my PC?
User avatar
Noli
Geek in Training
Geek in Training
 
Posts: 16
Joined: Fri Apr 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Postby brad » Sat Apr 24, 2004 12:39 am

Are you logged on as administrator?
What about running in Safe Mode?
brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top

Postby Noli » Sun Apr 25, 2004 10:22 am

This is the log file I got after tackling the problem in Safe Mode...what do you think of it?

Logfile of HijackThis v1.97.7
Scan saved at 10:08:51 AM, on 25/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\El Noli\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.24-7media.de/forum/index.php
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Corel Painter 8f] C:\Program Files\Common Files\Corel\Registration\EN\Registration.exe /title="Corel Painter 8" /date=050404 serial=PF08CTD-9999999-KHN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: IEB: Browser: Resize Window - C:\Program Files\IE Booster\window-size.html
O8 - Extra context menu item: IEB: Frame: Open in &New Window - C:\Program Files\IE Booster\frame-open-in-new-window.html
O8 - Extra context menu item: IEB: Frame: Open in &This Window - C:\Program Files\IE Booster\frame-open-in-this-window.html
O8 - Extra context menu item: IEB: Image: Copy Path to Clipboard - C:\Program Files\IE Booster\image-copy-path-to-clipboard.html
O8 - Extra context menu item: IEB: Image: Show Image Data - C:\Program Files\IE Booster\image-view-image-data.html
O8 - Extra context menu item: IEB: Link: Copy as <A href="URL">caption</A> - C:\Program Files\IE Booster\link-copy.html
O8 - Extra context menu item: IEB: Link: Open in New Minimized Window - C:\Program Files\IE Booster\link-open-minimized.html
O8 - Extra context menu item: IEB: Page: Copy Title as <A href="URL">Title</a> - C:\Program Files\IE Booster\page-copy-title.html
O8 - Extra context menu item: IEB: Page: Show Forms and Applets - C:\Program Files\IE Booster\page-show-forms.html
O8 - Extra context menu item: IEB: Page: Show Hyperlinks - C:\Program Files\IE Booster\page-view-hyperlinks.html
O8 - Extra context menu item: IEB: Page: Show Images - C:\Program Files\IE Booster\page-show-images.html
O8 - Extra context menu item: IEB: Page: Show Source - C:\Program Files\IE Booster\page-view-source.html
O8 - Extra context menu item: IEB: Page: Show Stylesheets - C:\Program Files\IE Booster\page-view-stylesheets.html
O8 - Extra context menu item: IEB: Selection: Copy as plain text - C:\Program Files\IE Booster\selection-copy-plaintext.html
O8 - Extra context menu item: IEB: Selection: Open in Browser - C:\Program Files\IE Booster\selection-open-in-browser.html
O8 - Extra context menu item: IEB: Selection: Show Partial Source - C:\Program Files\IE Booster\selection-show-source.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... /swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdat ... t/opuc.cab
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://h71025.www7.hp.com/support/sndetect/CSND_AX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
User avatar
Noli
Geek in Training
Geek in Training
 
Posts: 16
Joined: Fri Apr 23, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Postby brad » Sun Apr 25, 2004 11:08 am

Looks Great.
brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top


Return to Security

Who is online

Users browsing this forum: No registered users and 3 guests

cron