-
March 22nd, 2005, 08:47 PM
#1
msconfig>startup and hijack this logs
I recenlty installed a program from this website here http://www.yenc32.com/download.php. I didn't think it would come with any spyware or adware, and im still not sure if it was the cause for me to have an extra line on my startup. You can see the picture in the attachment. Can someone tell me if thats supposed to be like that, and what it can be and what I can do to remove. I know it's not supposed to be like that obviosly. Also here is my hijack this log. Can someone please be kind enough to review it and see whats wrong. It is a really big annoyance having something in your startup when its not supposed to be there. Thank you in advance.
Hijack this:
Code:
Logfile of HijackThis v1.98.2
Scan saved at 1:46:23 PM, on 3/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kyri0s\RN\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107813533452
-
March 22nd, 2005, 08:50 PM
#2
I've seen those before and as far as I know, its just a blank entry. No harm in those. Were you having some sort of problems or just decided to run HJT and msconfig?
-
March 22nd, 2005, 08:56 PM
#3
I agree with zENGER.
Anyway you can have a look at your hijackthis log file report at http://www.hijackthis.de/logfiles/6f...490a74a0.html.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
March 22nd, 2005, 09:06 PM
#4
So both of you Zenger and ByteWrangler agree that it is okay for there to be a blank line in your startup??? It wasn't there yesterday and it is now. I don't think it is supposed to be there and I dont want it there.
ByteWrangler: Your link did not work buddy.
-
March 22nd, 2005, 09:09 PM
#5
why dont you just go ahead and take it out then.
-
March 22nd, 2005, 09:10 PM
#6
Back it up, delete it and find out.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
March 22nd, 2005, 09:11 PM
#7
If its blank it can't do anything. My opinion is they come from poorly designed software that deletes the information rather than the entry. This in turn leaves a blank entry in your registry that does nothing. If you want to remove it I suggest using regedit and browsing to the key that is listed next to it in msconfig.
-
March 22nd, 2005, 09:15 PM
#8
Originally posted here by XTC46
why dont you just go ahead and take it out then.
If thats all your going to post or reply, why reply at all. You should know better than that XTC46. OKay XTC46, how can I take it out? Could you be kind enough in telling me how. I know there is a way in going into regedit, but i dont recall the steps.
-
March 22nd, 2005, 09:20 PM
#9
Go to Google or Microsoft and type "how to edit registry" and pick your favorite.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
March 22nd, 2005, 09:22 PM
#10
Dont get all pissy kyrios .....
Use Hijack this..and remove them
Click the items you want to remove and click the fix checked items button down at the bottom
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|