PDA

View Full Version : Wierd Popup during startup



LilAznHobo
05-03-2005, 01:19 PM
During startup on the winxp welcome page, a weird square window pops up. the popup started after my computer began acting freaky, all the icon dissappear into those winxp default one. and when i click on it it says (filename).ink is missing....well i got that fix by replacing some registry and using a program to fix the .exe files...OKAY! well the popup looks werid because it was in some chinese font, but when i type it into WORD it says the font type is arial unicode ms: 褐 . well thats what it says both in the title and the body on the popup.. thnxs hope u can help.. :confused:

Speedy Gonzales
05-03-2005, 01:27 PM
I would do a scan for spyware, a scan for viruses, or go to start/run, type msconfig, tell us whats in the startup tab here.

Anything under all programs / in the startup menu? That shouldnt be there?

LilAznHobo
05-03-2005, 07:01 PM
under start up i have these files checked:

zlclient
ccapp
sndmon
dlbubmgr
memcard
nvcpl
aim
adobe gamma loader
digital line detect
microsoft office

if you want the location ill post if u ask..thnxs....hope this help...cause that chinese language pop up window is annoying...

tweak'e
05-03-2005, 07:07 PM
ccapp is often nortons antivirus tho would have exspected other norton entries there as well. did you leave those out? if so whats the whole list? if not it could be a virus or possibly you have had nortons and it hasn't been uninstalled properly.

Speedy Gonzales
05-03-2005, 07:25 PM
Hmm those programs in startup look OK. You have a photo printer?

Thats what the memcard and dlbubmgr.exe file are.

Can u post a pic of this popup, and your desktop???


Go here to see how

http://pressf1.pcworld.co.nz/faq.php?faq=faq_pressf1_root#faq_pressf1_faq_07

LilAznHobo
05-03-2005, 08:02 PM
http://sal.neoburn.net/imagef1/files/desktop2.jpg

http://sal.neoburn.net/imagef1/files/error.jpg

i think it might be a virus b/c the icon on my desktop is acting wierd i cant open them....says missing .lnk file missing. if u need my hijack this file i can post.
and yes i do have a photo printer...

rest of the files on startup:
zlclient
ccapp
sndmon
dlbubmgr
memcard
nvcpl
aim
adobe gamma loader
digital line detect
microsoft office
mcagent
qttasks
realplay
mcvsshield
mcmnhdler
speedupmypc

Speedy Gonzales
05-03-2005, 08:18 PM
Ta for the pics.

Untick speedupmypc, and reboot. If this is in the startup tab in msconfig.

That looks like spyware and looks like it mucks around with your system/CPU.

Have u got spybot or adaware?? Do a scan see if they detect this and remove the entries for it and the folder.

Did u install this program recently??

Speedy Gonzales
05-03-2005, 08:39 PM
Hmm this Speedupmypc might be OK, not too sure, yup post your hijackthis log please Lilan.

We'll see whats in that.

LilAznHobo
06-03-2005, 07:37 AM
ok here is my hijack this log, but i have just noticed that when ever i open adaware the icon on my desktop stop working and keeps saying cannot find (filename).lnk or any other of those .exe .dat .bat .dll files...do u think its a virus? i can also post my adaware processwatch log too...

Logfile of HijackThis v1.99.1
Scan saved at 12:28:55 PM, on 3/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tai Nguyen\Local Settings\Temp\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

__________________________________________________ ____________

Ad-Watch Logfile, exported on 3/5/2005
Total number of events:15
===============================================
3/5/2005 12:26:53 PM - Definitions file SE1R28 16.02.2005 loaded successfully.
Build:SE1R28 16.02.2005
Total Signatures :34787
Target Families :632
Target Categories :6
CSI data Size :42160

File Size :1300934

===============================================
3/5/2005 12:26:53 PM - User preferences file loaded.
Ad-Watch preference file loaded.
Applying user settings
C:\Documents and Settings\Tai Nguyen\Application Data\Lavasoft\Ad-Aware\awsettings.awc
Initialization complete.




===============================================
3/5/2005 12:26:53 PM - Sites file loaded.
Sites file loaded successfully.
C:\PROGRA~1\Lavasoft\AD-AWA~1\sites.txt
Total entries : 3229





===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:AIM
Data:C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
New Data:C:\Program Files\AIM\aim.exe -cnetwait.odl



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:Zone Labs Client
Data:
New Data:"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.exe
Value:ZAMailSafeExt
Data:
New Data:zl9



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.lnk
Value:ZAMailSafeExt
Data:
New Data:zlg



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.reg
Value:ZAMailSafeExt
Data:
New Data:zlp



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.pif
Value:ZAMailSafeExt
Data:
New Data:zlo



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.bat
Value:ZAMailSafeExt
Data:
New Data:zl3



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.scr
Value:ZAMailSafeExt
Data:
New Data:zlq



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.com
Value:ZAMailSafeExt
Data:
New Data:zl6



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.exe
Value:
Data:
New Data:exefile



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.lnk
Value:
Data:
New Data:lnkfile



===============================================
3/5/2005 12:26:53 PM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes\.exe
Value:Content Type
Data:
New Data:application/x-msdownload



===============================================


-thnxs

Speedy Gonzales
06-03-2005, 09:35 AM
Most of that log looks OK.

I would remove cisvc.exe. Its part of windows, but doesnt have to run on bootup.

I would remove Zonealarm, or Norton Internet Security / Norton Firewall.

You dont need both. Is Zonealarm the latest version?

One's good enough. I would remove Windows messenger.

Go here

http://www.kellys-korner-xp.com/xp_tweaks2.htm#util

The last option - Utilities for XP.

Scroll down to Disable or Remove Messenger from Windows and OE.

Click on Click here to download selection, download it and run it.

Get MSN Messenger 7. Windows Messenger is hopeless.

Is XP SP2's firewall enabled?? If it is disable it. Not a good idea having 3 firewalls running at the same time.

LilAznHobo
06-03-2005, 09:52 AM
ok i removed windows messanger...i didnt want it in the first place..ok how do i remove cisvc.exe. and i dont have norton internet security or firewall...i have norton antivirus. and yes i have the latest version of zone alarm... Do you know why my icon keeps changing and doesnt open? error = (filename).lnk is missing and couldnot open, all .exe, .bat, .dat, .dll couldnt open either...

Logfile of HijackThis v1.99.1
Scan saved at 2:45:49 PM, on 3/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Tai Nguyen\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Speedy Gonzales
06-03-2005, 10:21 AM
Umm this C:\WINDOWS\system32\CTsvcCDA.EXE

Have u got a creative cd?? Or something?? This file has something to do with a creative cd, BUT according to Google, it is also spyware.

Have u got a Creative Soundblaster Audigy soundcard??

tweak'e
06-03-2005, 10:22 AM
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll suspicious

also it looks like ZA mailsafe is turned on. turn it off as it will conflict with nortons antvirus.

16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...84/mcinsctl.cab possibly unneeded
O4 - Global Startup: Digital Line Detect.lnk = ? proberly the thing at startup. your dsl modem software seems to have a bit removed.

LilAznHobo
06-03-2005, 10:36 AM
ok i have turned off zone alarm mail safe...and yes i do have creative soundblaster 24bit...now does anyone know how to get rid of tat pop up with the chinese lettering?( i posted some pictures a few post ago.) did i change something in the registry ? possible the .ink files or .exe becuase those r the only two registry i touched.. ok i will remove the mcafee thing because it was a trial and what do u mean by this "your dsl modem software seems to have a bit removed." -thnxs

tweak'e
06-03-2005, 10:53 AM
O4 - Global Startup: Digital Line Detect.lnk = ?

if i remeber correctly digital line detect is part of the software for pci/usb modems. in your case the link dosn't seem to go to a file at all, hence something is possibly broken or uninstalled.

btw do you have hide file settings turned off?

LilAznHobo
06-03-2005, 01:50 PM
o00o0o so how would i reinstall this digital line detect? and i have hiddne file turn on so i can c them....what should i do now smart one..?

Speedy Gonzales
06-03-2005, 03:21 PM
This

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

I have a feeling has something to do with it. This is part of Adobe Photoshop CS, (to do with its activation). And I think it runs in the background, examines your hardware for any changes (like XP), and will ask you to
re-activate it if it notices any changes.

This file is also used to MAKE SURE you're not using a pirated version of Photoshop CS. And I think it also "phones home" if u give it access to the net. Have u got Photoshop CS installed, and is it a "legal version"?

LilAznHobo
06-03-2005, 05:13 PM
it might be adobe, but i dont think it is because i downloaded adobe when i just receive my comp, and this message happen 6 months after. and it might be legal, just wondering what happen if it is a il "legal version."

FoxyMX
06-03-2005, 06:02 PM
....well i got that fix by replacing some registry and using a program to fix the .exe files...

did i change something in the registry ? possible the .ink files or .exe becuase those r the only two registry i touched.. Might pay to let us know exactly what you "replaced" or fiddled with in the registry and what program you used to "fix the .exe files".



o00o0o so how would i reinstall this digital line detect? Do you have an installation disc from your internet provider?