unsure if these lines have to be fixed

Discussion in 'malware problems & news' started by adamx, Aug 3, 2003.

Thread Status:
Not open for further replies.
  1. adamx

    adamx Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    7
    I recently fixed my computer with Hijackthis. But I have a feeling these are new entries that were not there beofre and some I am a bit concerned about (the following excel macros one - because of its 3000 number which seemed odd to me). Can you pls advise me if I should fix these? Also, if I dont post here and merely fix in Hijackthis, does the Hijackthis delete these even though there are required/good entries or leaves them alone?

    My concern is regarding the following lines - Are there any spyware stuff in them and if not, do I need these? I appreciate your help. Thanks

    C:\WINNT\System32\SK9910DM.EXE
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
    O16 - DPF: Sametime Meeting Toolkit ST25 - file://C:\DOCUME~1\raoa\LOCALS~1\Temp\STMeeting25.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E1} (ShowSetupObj Class) - http://invite.mshow.com/ShowSetup.dll
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - hcp://system/XPLControl.CAB
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Adamx,

    Welcome to Wilders!

    I can't positively identify any of those entries as associated with spywarebut I would remove those three hcp:// entries in particular

    The first entry enables the use of multimedia buttons on your keyboard, if you do not use those functions the entry can be removed.

    The second is an IE plugin to Excel, again if you don't need it it can be removed.

    All of them are safe to remove (with the above mentioned provisos)

    Regards,

    Dan
     
Loading...
Thread Status:
Not open for further replies.