AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Tech Support

Reply
 
Thread Tools
Old 2004-12-21, 05:23   Link #1
fuusen
Junior Member
 
Join Date: Jun 2004
HijackThis Output; What to remove? [Was: a little help please]

Logfile of HijackThis v1.99.0
Scan saved at 2:06:03 AM, on 12/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\documents and settings\sa\local settings\temp\XvdtBKvM.exe
C:\WINDOWS\System32\dp-him.exe
C:\documents and settings\sa\local settings\temp\Uct.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\scpni11.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\conime.exe
E:\My Shared Folder\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: 3466709097 sitefinder-idn.verisign.com
O1 - Hosts: 3466709097 www.your.com
O1 - Hosts: 3466709097 your.com
O1 - Hosts: 3466690378 ad.doubleclick.net
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\SA\Local Settings\Temp\AGAm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [G] C:\windows\temp\G.exe
O4 - HKLM\..\Run: [XvdtBKvM] C:\documents and settings\sa\local settings\temp\XvdtBKvM.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Uct] C:\documents and settings\sa\local settings\temp\Uct.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Zwv3RgH5W] scpni11.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

so i ran hijackthis and i know there is some stuff i don't need in here but i wanted to be sure before i delete anything so if anyone can tell me what i should get rid of it'll be very helpful thanks you
fuusen is offline   Reply With Quote
Old 2004-12-21, 06:15   Link #2
NightWish
Crushcrushcrush
*AnimeSuki Site Staff
*Moderator
 
 
Join Date: Mar 2003
Age: 34
I suggest you first run an ad-ware removal tool and scan your system with up-to-date anti-virus software. Most of this information I found by searching (ever used google?). Though it does take some prior knowledge to make sense of what you find when you search, a lot of it is just common sense. Really not that hard.

Anything loaded/run/running from a "Temp" location is likely to be dodgy unless you are installing something; even more so when it is in one of the system "Run" keys too. Anything with random characters in the name or key is also likley to be dodgy.
Quote:
C:\WINDOWS\System32\scpni11.exe
C:\documents and settings\sa\local settings\temp\XvdtBKvM.exe
C:\documents and settings\sa\local settings\temp\Uct.exe
C:\WINDOWS\System32\dp-him.exe
O4 - HKCU\..\Run: [Zwv3RgH5W] scpni11.exe
O4 - HKLM\..\Run: [XvdtBKvM] C:\documents and settings\sa\local settings\temp\XvdtBKvM.exe
O4 - HKLM\..\Run: [Uct] C:\documents and settings\sa\local settings\temp\Uct.exe
O4 - HKLM\..\Run: [G] C:\windows\temp\G.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\SA\Local Settings\Temp\AGAm.dll
I have no idea what to do with this information, having not used "HijackThis" before:
Quote:
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: 3466709097 sitefinder-idn.verisign.com
O1 - Hosts: 3466709097 www.your.com
O1 - Hosts: 3466709097 your.com
O1 - Hosts: 3466690378 ad.doubleclick.net
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
Can be a Trojan but can also be a legit Microsoft process; check its properties.
Probably legit stuff, but only run them if you use the product and really need their services.
Quote:
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
(Winamp; Pointless utility I don't run it myself ... should it be running from the "E" drive though?)
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
(AT&T Harware update; Keep if you use AT&T hardware... modem?)
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Adobe; I guess if you use their Creative Studio products...)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
(Microsoft; Yet another pointless utility)
PS. Slightly more meaningful thread titles are a good thing
__________________
Lay down on the ground, and let the tears run from you, crying to the grass and trees and heaven, finally on your knees; Let me live again…

Last edited by NightWish; 2004-12-21 at 06:39. Reason: Update... after more searching...
NightWish is offline   Reply With Quote
Old 2004-12-21, 07:10   Link #3
NoSanninWa
Weapon of Mass Discussion
*Fansubber
 
 
Join Date: Feb 2003
Location: New York, USA
You should post this at the HijackThis Forum. They've got a forum there devoted entirely to posting your log so that people who actually know this software can analyze it for you.

There's a very good chance that you can be helped over there. In this forum you're just getting pot-luck.
__________________

There's not that fine a line between willing suspension of disbelief and something just being stupid.
NoSanninWa is offline   Reply With Quote
Old 2004-12-21, 10:29   Link #4
bayoab
Senior Member
 
Join Date: Nov 2003
Nightwish basically got them all, just a small note to add:
Quote:
Originally Posted by fuusen
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
Ad-aware usually detects and removes this. I do not remeber what the detection name for it is though. You also probably should run cwshredder and windows updates in addition to what Nightwish listed above. There is also http://www.lavasoftsupport.com which does Hijackthis/Ad-aware log analysis. (Note that they require registration which takes about 24 hours.)

Edit: Found it, its PeopleonPage.
http://www.trendmicro.com/vinfo/viru...e=ADW_POPBAR.A
bayoab is offline   Reply With Quote
Old 2004-12-21, 11:19   Link #5
fuusen
Junior Member
 
Join Date: Jun 2004
problem solved ! thanks for the help =)
fuusen is offline   Reply With Quote
Old 2005-01-04, 19:55   Link #6
gurillaman
Junior Member
 
Join Date: Jan 2005
hijack this log

I scannned with hijack this and this is what it give me and it said if you dont know which one todelete show this to knowledable people and i came here please tell which one are bad so i can delete them.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101350145515
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

thank you
gurillaman is offline   Reply With Quote
Old 2005-01-04, 20:06   Link #7
NightWish
Crushcrushcrush
*AnimeSuki Site Staff
*Moderator
 
 
Join Date: Mar 2003
Age: 34
I've merged your thread with the existing one. Please check the previous posts for possible suggestions. If you think none of them help let me direct you to NoSanninWa's post that suggests you post in the "HijackThis Forum"... good luck.
__________________
Lay down on the ground, and let the tears run from you, crying to the grass and trees and heaven, finally on your knees; Let me live again…
NightWish is offline   Reply With Quote
Old 2005-01-04, 21:03   Link #8
bayoab
Senior Member
 
Join Date: Nov 2003
Quote:
Originally Posted by gurillaman
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
All these can go... you might want to run cwshredder first. And now it gets interesting.
Quote:
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
See: http://computercops.biz/startuplist-180.html
Quote:
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
If you have a HP multimedia keyboard, this is okay. Otherwise, this is a virus that needs to be purged. http://www.liutilities.com/products/...sslibrary/ps2/ and
http://forums1.itrc.hp.com/service/f...hreadId=763278

Also, Backweb is a "spyware" program. It is similar to alcxmntr.exe. But not really worth removing unless you want it out.

But, otherwise, there is nothing really wrong here....
bayoab is offline   Reply With Quote
Old 2006-01-06, 01:10   Link #9
guest
guess
 
 
Join Date: Nov 2003
All right, after running spybot, adware and one round of AVG anitvrus, this is what I got:

Can someone tell me what to remove? Thanks. Also, do you know where the logfile was saved? I did click on this option before I ran the program but I have no idea where the logfile is saved after this. Thank you

Logfile of HijackThis v1.99.1
Scan saved at 1:02:18 AM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Kalender\Kalender.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Slawdog Smart Shutdown] C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
__________________
guest is offline   Reply With Quote
Old 2006-01-10, 02:41   Link #10
guest
guess
 
 
Join Date: Nov 2003
Anyone, please?
__________________
guest is offline   Reply With Quote
Old 2006-01-10, 05:44   Link #11
Circular Logic
土は幻に
*Fansubber
 
 
Join Date: Dec 2005
As far as I can see, apart from a bit of clutter here and there, you seem to be fine. But I'm not very good at that kind of thing, so don't take my word for it
Circular Logic is offline   Reply With Quote
Old 2006-01-10, 08:07   Link #12
grey_moon
Yummy, sweet and unyuu!!!
 
 
Join Date: Dec 2004
Are you both running norton av and avg on-access scanners?
grey_moon is offline   Reply With Quote
Old 2006-01-10, 21:07   Link #13
guest
guess
 
 
Join Date: Nov 2003
Quote:
Originally Posted by grey_moon
Are you both running norton av and avg on-access scanners?
Yes, I am running Norton personal edition. I don't know what avg on-access scanner is but I am running Avg antivirus. I don't have a scanner. Hope this help.
__________________
guest is offline   Reply With Quote
Old 2006-01-11, 02:21   Link #14
grey_moon
Yummy, sweet and unyuu!!!
 
 
Join Date: Dec 2004
Quote:
Originally Posted by guest
Yes, I am running Norton personal edition. I don't know what avg on-access scanner is but I am running Avg antivirus. I don't have a scanner. Hope this help.
An on-access virus scanner is a anti-virus scanner that sits in your memory that scans files as you access them (on-demand scanners are ones you have to call up and tell it to scan ie NAI Stinger or ClamWin).

It looks like to me you do have 2 on-access scanners running which is a Bad Thing (TM), since both programs will try to access files which can cause nastiness.

To be sure check your preferences of each program and make sure only one of them is scanning files as you access them only. Personally I think its easier to only have one on-access scanner installed. When I want a second opinion I DL NAI Stinger or use one of those web pages thingies.
grey_moon is offline   Reply With Quote
Old 2006-01-11, 03:11   Link #15
guest
guess
 
 
Join Date: Nov 2003
Quote:
Originally Posted by grey_moon
An on-access virus scanner is a anti-virus scanner that sits in your memory that scans files as you access them (on-demand scanners are ones you have to call up and tell it to scan ie NAI Stinger or ClamWin).

It looks like to me you do have 2 on-access scanners running which is a Bad Thing (TM), since both programs will try to access files which can cause nastiness.

To be sure check your preferences of each program and make sure only one of them is scanning files as you access them only. Personally I think its easier to only have one on-access scanner installed. When I want a second opinion I DL NAI Stinger or use one of those web pages thingies.
I think I probably will have to choose AVG (or other free anti virus program) anyway because my Norton AV has expired for updated. I will have to buy a new one and I probably won't spend money on that. But I will check out the website and see what they have to say on the matter. Thank you.
__________________
guest is offline   Reply With Quote
Old 2006-01-11, 04:08   Link #16
grey_moon
Yummy, sweet and unyuu!!!
 
 
Join Date: Dec 2004
Quote:
Originally Posted by guest
I think I probably will have to choose AVG (or other free anti virus program) anyway because my Norton AV has expired for updated. I will have to buy a new one and I probably won't spend money on that. But I will check out the website and see what they have to say on the matter. Thank you.
I would recommend AVG, since I use both the Free and paid for versions and have been very happy with them for years. NAV home is very very clunky, unlike their corp version.

Apart from M$ OneCare beta (say OneCare really fast when drunk and it sounds like something beginning with wan...) does anyone know of another on-access av scanner that is free? The following website lists a few but I only have tried AVG myself...

http://www.k7v.com/nonags/antivirus.html
grey_moon is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:40.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
We use Silk.