1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

error code = 80040154 ??

Discussion in 'Multimedia' started by giopippo, Apr 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. giopippo

    giopippo Thread Starter

    Joined:
    Apr 11, 2006
    Messages:
    32
    After troubleshooting a spyware attack everything worked again fine, except I can't install anymore my Yahoo music machine !
    It gives me always the following error message
    error code = 80040154

    Any idea how to fix it ??

    I copy here my Hijack updated log file, thanks for any help:

    Logfile of HijackThis v1.99.1
    Scan saved at 22.37.54, on 26/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Nero Ahead\InCD\InCD.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Symantec\Ghost\Agent\GhostTray.exe
    C:\PROGRA~2\Symantec\SYMANT~1\vptray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~2\NEROAH~1\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Bluetooth Software\BTTray.exe
    C:\Program Files\My Company Name\CheckMail\ClevoMailCheck.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~2\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Symantec\Symantec Antivirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Symantec\Symantec Antivirus\Rtvscan.exe
    C:\Program Files\Symantec\Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Giorgio\Archivi\Programmi new\antispyware softwares\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://google.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -

    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

    Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil

    /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE

    /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE

    /IMEName
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program

    Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -

    lang 1033
    O4 - HKLM\..\Run: [Menu] E:\Autorun.exe
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program

    Files\Symantec\Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~2\Symantec\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06

    \bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program

    Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash

    Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType

    Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft

    IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

    bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

    atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0

    \Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music

    Engine\YahooMusicEngine.exe" -preload
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\NEROAH~1

    \NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: CheckMail.lnk = C:\Program Files\My Company

    Name\CheckMail\ClevoMailCheck.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office

    XP\Office10\OSA.EXE
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF -

    res://C:\Program Files\Adobe\Acrobat 7.0

    \Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti destinazione link in file PDF esistente -

    res://C:\Program Files\Adobe\Acrobat 7.0

    \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti i link selezionati in Adobe PDF -

    res://C:\Program Files\Adobe\Acrobat 7.0

    \Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti i link selezionati in file PDF esistente

    - res://C:\Program Files\Adobe\Acrobat 7.0

    \Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in file PDF esistente -

    res://C:\Program Files\Adobe\Acrobat 7.0

    \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2

    \MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth

    Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

    C:\Program Files\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-

    5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O13 - WWW. Prefix: http://ehttp.cc/?
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_

    site.cab?1103987140511
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si

    te.cab?1132611349353
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

    Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32

    \Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program

    Files\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

    C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - C:\Program

    Files\Symantec\Symantec Antivirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program

    Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation

    - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Nero

    Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG -

    C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec

    Corporation - C:\Program Files\Symantec\Symantec Antivirus\Rtvscan.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program

    Files\Symantec\Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec

    Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86

    \3\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

    C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program

    Files\Speed Disk\nopdb.exe
     
  2. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,818
    First Name:
    James
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\system32\slserv.exe

    You still have something. The top one looks like the STOPED-A Trojan and the other is possibly the SDBOT Worm.

    I will get this moved to the Security forum so they can assist you better there.
     
  3. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,818
    First Name:
    James
    Also the error code seems to be generic as I have seen some people with the same error for WMP.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    both those are genuine files

    C:\WINDOWS\System32\RegSrvc.exe ...... Intel Communications Service
    C:\WINDOWS\system32\slserv.exe....smartlink modem

    no need to move to security

    just this one left over I can see

    run HJt & fix
    O13 - WWW. Prefix: http://ehttp.cc/?
     
  5. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,818
    First Name:
    James
    really? I saw this:

    regsrvc.exe - Added by the STOPED-A TROJAN!

    EDIT: I just saw the O23s... interesting
     
  6. giopippo

    giopippo Thread Starter

    Joined:
    Apr 11, 2006
    Messages:
    32
    Thanks both of you guys.
    I Highjack fixed the entry
    O13 - WWW. Prefix: http://ehttp.cc/?

    Looks nothing happened, still same error both when I start-up and when I try to run Yahoo music machine.

    Here a new Highjack scan log.

    Thaks again for your help

    Logfile of HijackThis v1.99.1
    Scan saved at 14.52.45, on 27/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Symantec\Symantec Antivirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Symantec\Symantec Antivirus\Rtvscan.exe
    C:\Program Files\Symantec\Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\1XConfig.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Nero Ahead\InCD\InCD.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Symantec\Ghost\Agent\GhostTray.exe
    C:\PROGRA~2\Symantec\SYMANT~1\vptray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    D:\Giorgio\Archivi\Eudora mails\Eudora.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~2\NEROAH~1\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Bluetooth Software\BTTray.exe
    C:\Program Files\My Company Name\CheckMail\ClevoMailCheck.EXE
    C:\PROGRA~2\BLUETO~1\BTSTAC~1.EXE
    C:\PROGRA~2\MOZILL~1\FIREFOX.EXE
    D:\Giorgio\Archivi\Programmi new\antispyware softwares\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Menu] E:\Autorun.exe
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~2\Symantec\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\NEROAH~1\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: CheckMail.lnk = C:\Program Files\My Company Name\CheckMail\ClevoMailCheck.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103987140511
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132611349353
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec\Symantec Antivirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Nero Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec\Symantec Antivirus\Rtvscan.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  8. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,818
    First Name:
    James
    O4 - HKLM\..\Run: [Menu] E:\Autorun.exe

    Still curious about this one. Are you using Quickbooks?
     
  9. giopippo

    giopippo Thread Starter

    Joined:
    Apr 11, 2006
    Messages:
    32
    Actually, I don't use quickbooks, but may be its something coming from Endnote ? or Reference manager ? Both installed on my computer...
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - error code 80040154
  1. LJFried
    Replies:
    4
    Views:
    363
  2. clonsilla
    Replies:
    1
    Views:
    377
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/462837

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice