PDA

View Full Version : Ctrl/Alt/Del



Thomas01
19-01-2006, 03:48 PM
I have used Ctrl/Alt/Del for years to see what my computer is up to. But suddenly Ctrl/Alt/Del no longer works. Absolutely nothing happens. What have I done? How do I get the thing back?
Tom

Speedy Gonzales
19-01-2006, 03:53 PM
Sometimes if this doesnt work, it may mean u have a trojan or some other nasty which has disabled it.

See if regedit works. If it doesnt then something has disabled it as well.

Post a hijackthis log (http://www.merijn.org/files/hijackthis.zip)

Unzip this file, and copy and paste the log here.

kingdragonfly
19-01-2006, 04:13 PM
I agree with Speedy Gonzales. I assume you've already tried another keyboard.

Ctrl-Alt-Del is a high-priority interrupt, so if it's not working, something bad's likely to have happened.

FoxyMX
19-01-2006, 04:14 PM
Does it still not work after a reboot?

Graham L
19-01-2006, 05:07 PM
Maybe he's trying to reboot through Ctrl/Alt/Del. :D

pctek
19-01-2006, 05:43 PM
I have used Ctrl/Alt/Del for years to see what my computer is up to.
Tom
Well you have been oblivious to half the stuff that goes on then. Once you've used a very good 3rd party process viewer you become enlightened to how much stuff Windows hides from you.

mark c
19-01-2006, 05:51 PM
Yes I agrree but it's still a quick and easy way to see if something has started running that you don't want to/don't know about.

Graham L
19-01-2006, 05:57 PM
Probably like me, Tom long ago acquired the habit of using Ctrl/Alt/Del not to find out what was going on, but to stop whatever was going on. It was the step before the big red key marked "ON/OFF".

mikebartnz
19-01-2006, 07:04 PM
I'm not on my box at the moment and aren't sure if it was Windows or Linux but I remember a setting to disable Ctrl/Alt/Del

Renmoo
19-01-2006, 07:42 PM
If you are running Windows XP, try applying the following keys to launch Windows Task Manager: Ctrl + Shift + Escape. Perhaps (highly unlikely) the keys on the keyboard are stuck?

Cheers :)

mark c
19-01-2006, 07:49 PM
If you are running Windows XP, try applying the following keys to launch Windows Task Manager: Ctrl + Shift + Escape. Perhaps (highly unlikely) the keys on the keyboard are stuck?

Cheers :)

perfick english JK

Renmoo
19-01-2006, 07:52 PM
perfick english JK
Sarcastically, or really?

mark c
19-01-2006, 07:56 PM
Really. :)

Terry Porritt
19-01-2006, 07:59 PM
Sarcastically, or really?

http://www.hebates.co.uk/HEbibliog.htm

Renmoo
19-01-2006, 08:04 PM
http://www.hebates.co.uk/HEbibliog.htm
Still don't quite get it, Terry. What does "perfick" mean? Answers.com didn't reveal much about it.

Cheers :)

Thomas01
19-01-2006, 08:39 PM
I thought I ought to try a good clean up of my computer. It was a mess. EWIDO SECURITY found 20 faults, SPYBOT 15, AdAware 47
Then Reg Mechanic 18
After all that I hoped Ctrl/Alt/Del would work. NO!
Rebooting makes no difference. Perhaps my keyboard is at fault but it is fairly new. I still feel that I have turned something off somewhere.
I have noticed the computer running extremely slowly at times and I get a Windows Message that my virtual image file(not sure about my wording here) is not big enough and it will be corrected
Tom

Terry Porritt
19-01-2006, 08:40 PM
H. E. Bates was an exceedingly fine English novellist, who wrote a series of books about the Larkin family set in rural England. "Perfick" was an expression used by 'Pop' Larkin. A television series called The Darling Buds of May was based on these books :

http://www.televisionheaven.co.uk/darling.htm

Speedy Gonzales
19-01-2006, 08:46 PM
I thought I ought to try a good clean up of my computer. It was a mess. EWIDO SECURITY found 20 faults, SPYBOT 15, AdAware 47
Then Reg Mechanic 18
After all that I hoped Ctrl/Alt/Del would work. NO!
Rebooting makes no difference. Perhaps my keyboard is at fault but it is fairly new. I still feel that I have turned something off somewhere.
Tom

Well post a hijackthis log as I said in a previous post. We'll see what else maybe on your system.

Renmoo
19-01-2006, 08:50 PM
I thought I ought to try a good clean up of my computer. It was a mess. EWIDO SECURITY found 20 faults, SPYBOT 15, AdAware 47
Then Reg Mechanic 18
After all that I hoped Ctrl/Alt/Del would work. NO!
Rebooting makes no difference. Perhaps my keyboard is at fault but it is fairly new. I still feel that I have turned something off somewhere.
Tom
... and how about Ctrl + Shift + Esc?

Terry Porritt
19-01-2006, 08:55 PM
I thought I ought to try a good clean up of my computer. It was a mess. EWIDO SECURITY found 20 faults, SPYBOT 15, AdAware 47
Then Reg Mechanic 18
After all that I hoped Ctrl/Alt/Del would work. NO!
Rebooting makes no difference. Perhaps my keyboard is at fault but it is fairly new. I still feel that I have turned something off somewhere.
Tom

Did you test to see if regedit will run, as Speedy suggested?

If it doesn't then you have probably got a virus.

If it does, then maybe for some reason taskmgr.exe is corrupted in some way.

So you could try running sfc /scannow to check for damaged system files.

The other thing you could try is a repair install, but I'd make really sure your system is free from nasties, by thorough AV scanning.

mark c
19-01-2006, 09:06 PM
I would give the machine a good hot scrub. Check out the FAQs.

PS yes Terry Porrit ,that's where I got it from. But I suppose it was in use in that area and epoch in britland.

Thomas01
19-01-2006, 09:24 PM
Regedit - I tried it and it doesn't work.
Neither does Ctrl/Shift/Esc
I enclose the log asked for


Logfile of HijackThis v1.99.1
Scan saved at 9:14:03 p.m., on 19/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\VIA Technologies, Inc\Audio Deck\ADeck.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picassa2\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\anti_troj.exe
C:\WINDOWS\system32\winlog.exe
C:\program files\Microsoft Money\System\reminder.exe
C:\WINDOWS\system32\anti_troj.exe
C:\WINDOWS\system32\winlog.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\DOCUME~1\Tom\LOCALS~1\Temp\_tc0\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA Technologies, Inc\Audio Deck\ADeck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picassa2\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKLM\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Reminder] C:\program files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKCU\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1061_XP.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

I will not do anything else until I get a reply etc.
Tom

Renmoo
19-01-2006, 09:37 PM
You can decipher your HijackThis log at this website: http://www.hijackthis.de/index.php

Cheers :)

mark c
19-01-2006, 09:42 PM
......or wait for super Speedy Gonzales, who is an ace at interpreting HJT logs.

Speedy Gonzales
19-01-2006, 09:48 PM
Yup, u have a trojan horse.

Namely this (http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodear.e.html) or one of its variants.

Boot into safe mode, and turn system restore OFF. Follow the instructions on the above site.

Run HJT again and tick these entries and tick fix checked

C:\WINDOWS\system32\anti_troj.exe

C:\WINDOWS\system32\anti_troj.exe

And this command is whats causing the prob.

O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe

O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe

O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binari...ESS_1061_XP.cab

You dont need these on bootup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe - Update this.

Uninstall this version first. Download the latest version from here (http://www.java.com:80/en/download/manual.jsp)

(The Windows offline install link - 16 mb).

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

Do you know what this is / belongs to?

C:\Program Files\MiniMind\MiniMind.exe

O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe

And install a firewall. It doesnt look like you've got one installed.

Speedy Gonzales
20-01-2006, 08:47 AM
This entry doesnt have to be in startup either

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

Unless you've got a remote control for it.

Thomas01
20-01-2006, 11:32 AM
Amazing really. I followed the advice given and rebooted to get into safe mode and do all the very complicated stuff that I was dreading. But I was distracted for a moment and missed the safe mode and ended up with an ordinary boot. This time there was a MS message - WINXP had found I had a Trojan horse program and had removed it. There was even a link to read all about it (which shocked me somewhat when I read it). But now everything worked well and no problems any longer.
When I think of all the times I have cursed MS and its obsession with security I felt really awful.
Sorry Bill G. I love you and all of MS
Tom

Sync_88k
20-01-2006, 02:13 PM
Try reinstalling windows, that happend to me before,

Graham L
20-01-2006, 02:26 PM
H. E. Bates was an exceedingly fine English novellist, who wrote a series of books about the Larkin family set in rural England. "Perfick" was an expression used by 'Pop' Larkin. A television series called The Darling Buds of May was based on these books :

http://www.televisionheaven.co.uk/darling.htm

Isn't the phonetic spelling puffick?

Fler
27-01-2006, 06:55 AM
Oh!
It is look like u have problem with Speicher.

fluhlej
10-02-2006, 09:06 PM
I just ran the hijackthis.zip file here is my log
Logfile of HijackThis v1.99.1
Scan saved at 1:59:58 AM, on 2/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\WINDOWS\system32\Ftolzk.exe
C:\Program Files\Pumlbl\Dsug.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winlog.exe
C:\PROGRA~1\PicoZip\PicoZipTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\DOCUME~1\fluhler\LOCALS~1\Temp\Temporary Directory 3 for Repair.zip\Repair.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\fluhler\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RadarSync] C:\Program Files\DFI\RadarSync\RadarSync.exe -au
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe

-hide
O4 - HKLM\..\Run: [xvOnc5w] C:\WINDOWS\prsro.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Tegneq.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ftolzk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bmriof] C:\Program Files\Pumlbl\Dsug.exe
O4 - HKLM\..\Run: [auto__hloader__key] C:\WINDOWS\system32\hloader_exe.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P26 "EPSON Stylus CX4800 Series"

/O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programs\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [auto__hloader__key] C:\WINDOWS\system32\hloader_exe.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKCU\..\Run: [sysformat] C:\WINDOWS\system32\sysformat.exe
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common

Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and

Settings\fluhler\Desktop\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) -

http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) -

http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) -

http://www.mindavenue.com/downloads/AXELPlayerAX_Win32.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) -

http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) -

http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

tweak'e
10-02-2006, 09:12 PM
fluhlej......go make a new thread. dragging up old posts is not good.

and go get antivirus, anti spyware and a firewall.

Renmoo
11-02-2006, 09:57 AM
Check out this thread: http://pressf1.pcworld.co.nz/faq.php?faq=pressf1_faqs_security#faq_pressf1_faq_ 16 for more information on how to remove malwares and viruses.

Cheers :)

SurferJoe46
11-02-2006, 05:36 PM
James......don't make "malware" into a plural as it isn't proper. I know it looks like it ought to be pluralized like the word viruses, but the word itself can be either singular or plural as it stands.

...and here's something kinda neat too: "virii" is the more correct plural of "virus".

"Viruses" has become a sloppy transliteration and has gained some acceptance in common English form, but "virii" is a better plural and it complies with the Latin from which the word was coined.

from Wikidictionary: # In the English language, the normal plural of virus is viruses. This form of the plural is correct, and used most frequently, both when referring to a biological virus and when referring to a computer virus. The forms viri and virii are also used as a plural, although less frequently. There is disagreement among users of the Internet over whether these forms should be considered correct. No reputable printed dictionary includes them as correct forms.

...but then again, we are dealing with a dumbed-down situation here...the internet does not dictate correct language form or structure no matter how many internetheads say so. (Shame on Wikidictionary and Answers.com for making such a snippy reference...they copy/pasted each other!).