1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Anything to worry about here?

Discussion in 'Windows XP' started by darkdelta, Oct 12, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. darkdelta

    darkdelta Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    19
    My computer is ok (I think) It's IE 6 )SP1 and latest updates installed), is acting a little quirky. I sometimes have to refresh a page before it contines to load. It is a small glitch.

    Win 2K with all updates installed. I run behind a router and a firewall (ATGuard) old, but I like it for its features.

    Thanks



    Logfile of HijackThis v1.97.2
    Scan saved at 05:19:53, on 10/12/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\WINNT\System32\drivers\CDAC11BA.EXE
    E:\Program Files\NavNT\defwatch.exe
    D:\WINNT\System32\svchost.exe
    e:\Program Files\Atguard\iamserv.exe
    E:\Program Files\NavNT\rtvscan.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\System32\mspmspsv.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\MsgSys.EXE
    D:\WINNT\Explorer.EXE
    E:\Program Files\Phone Plus\Phone.exe
    E:\Program Files\Phone Plus\Phone.exe
    E:\Program Files\Microsoft Hardware\Mouse\point32.exe
    E:\PROGRA~1\MICROS~1\GAMECO~1\Common\SWTrayV4.exe
    D:\WINNT\System32\qttask.exe
    E:\Program Files\Ahead\incd\InCD.exe
    D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb02.exe
    D:\WINNT\Registry.exe
    E:\PROGRA~1\Atguard\iamapp.exe
    E:\Program Files\NavNT\vptray.exe
    E:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    E:\QUICKENW\QWDLLS.EXE
    E:\Program Files\WinBatch\System\popmenu.exe
    E:\Program Files\SpywareGuard\sgmain.exe
    E:\Program Files\SpywareGuard\sgbhp.exe
    e:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    E:\AAINSTALL\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///L:/grafix/webcal/html/wc072003.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - e:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - D:\WINNT\System32\nzdd.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Phone Plus] e:\Program Files\Phone Plus\Phone.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] E:\PROGRA~1\MICROS~1\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [QuickTime Task] D:\WINNT\System32\qttask.exe
    O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\incd\InCD.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [Registry services] D:\WINNT\Registry.exe
    O4 - HKLM\..\Run: [iamapp] e:\PROGRA~1\Atguard\iamapp.exe
    O4 - HKLM\..\Run: [vptray] E:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [Popup Ad Filter] e:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\RunOnce: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Quicken Startup.lnk = E:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: PopMenu exe.lnk = E:\Program Files\WinBatch\System\popmenu.exe
    O8 - Extra context menu item: Allow Popups - e:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Power Search - res://D:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://activex.liveupdate.com/controls/cres.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37881.1547916667
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{58D71D26-37FB-4CAA-B85F-BC9A2445FC3D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{58D71D26-37FB-4CAA-B85F-BC9A2445FC3D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{58D71D26-37FB-4CAA-B85F-BC9A2445FC3D}: NameServer = 192.168.0.1
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
  3. darkdelta

    darkdelta Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    19
    Hello and thanks a lot! Funny Norton wouldn't find the executable, but nothing is perfect. I used regedit and took care of the registry entry. Again thanks
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
  5. darkdelta

    darkdelta Thread Starter

    Joined:
    Oct 5, 2003
    Messages:
    19
    I used trendmicro's scanner and came back with a clean bill of health. By the way Widows Explorer reports registry.exe file size as 42 kb. I still have the executable file. Thanks again
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171367

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice