msconfig>startup and hijack this logs
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: msconfig>startup and hijack this logs

  1. #1
    Senior Member
    Join Date
    Feb 2005
    Posts
    150

    msconfig>startup and hijack this logs

    I recenlty installed a program from this website here http://www.yenc32.com/download.php. I didn't think it would come with any spyware or adware, and im still not sure if it was the cause for me to have an extra line on my startup. You can see the picture in the attachment. Can someone tell me if thats supposed to be like that, and what it can be and what I can do to remove. I know it's not supposed to be like that obviosly. Also here is my hijack this log. Can someone please be kind enough to review it and see whats wrong. It is a really big annoyance having something in your startup when its not supposed to be there. Thank you in advance.

    Hijack this:
    Code:
    Logfile of HijackThis v1.98.2
    Scan saved at 1:46:23 PM, on 3/22/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitTorrent\btdownloadgui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Kyri0s\RN\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107813533452

  2. #2
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    I've seen those before and as far as I know, its just a blank entry. No harm in those. Were you having some sort of problems or just decided to run HJT and msconfig?

  3. #3
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    I agree with zENGER.

    Anyway you can have a look at your hijackthis log file report at http://www.hijackthis.de/logfiles/6f...490a74a0.html.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    Senior Member
    Join Date
    Feb 2005
    Posts
    150
    So both of you Zenger and ByteWrangler agree that it is okay for there to be a blank line in your startup??? It wasn't there yesterday and it is now. I don't think it is supposed to be there and I dont want it there.
    ByteWrangler: Your link did not work buddy.

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    why dont you just go ahead and take it out then.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Back it up, delete it and find out.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  7. #7
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    If its blank it can't do anything. My opinion is they come from poorly designed software that deletes the information rather than the entry. This in turn leaves a blank entry in your registry that does nothing. If you want to remove it I suggest using regedit and browsing to the key that is listed next to it in msconfig.

  8. #8
    Senior Member
    Join Date
    Feb 2005
    Posts
    150
    Originally posted here by XTC46
    why dont you just go ahead and take it out then.
    If thats all your going to post or reply, why reply at all. You should know better than that XTC46. OKay XTC46, how can I take it out? Could you be kind enough in telling me how. I know there is a way in going into regedit, but i dont recall the steps.

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Go to Google or Microsoft and type "how to edit registry" and pick your favorite.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Dont get all pissy kyrios .....

    Use Hijack this..and remove them

    Click the items you want to remove and click the fix checked items button down at the bottom

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •