Lost,tried everything i know.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

DummFounded

Thread Starter
Joined
Sep 5, 2004
Messages
13
Ok, for 4 days now i cant get rid of this "searchmyrequest" thingy. Does not take over my homepage, but does add into my favorites. Also started getting critical error on shut down now...


Logfile of HijackThis v1.98.2
Scan saved at 1:54:25 PM, on 9/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Barry Sanders\Desktop\HiJackThis\HijackThis19802.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [BCWipeTM Startup] "F:\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysA] C:\windows\system32\winvlt32.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

please any help would be greatly appreciated.
also ive run adaware6.0 ,spybot search, CWShredder and norton pro 2004.
do have sp2 loaded also.

keep getting rid of the infection only to start comp back up and it is their again.
 

DummFounded

Thread Starter
Joined
Sep 5, 2004
Messages
13
this is log file before i take searchmyrequest out.




Logfile of HijackThis v1.98.2
Scan saved at 6:44:44 PM, on 9/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Barry Sanders\Desktop\HiJackThis\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [BCWipeTM Startup] "F:\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysA] C:\windows\system32\winvlt32.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 
Joined
Oct 13, 2003
Messages
2,367
Run CWShredder.

CWShredder download link

Under "Official Downloads" download "CWShredder".

Unzip the program to a permanent folder of your choosing. Close ALL (except CWShredder ;) )browser windows and click "FIX".

After it's done running click on "How do I prevent re-infection?" and, at a minimum, click on "Go Download the ByteVerifier patch on Microsoft.com"

If you have problems running CWShredder, then get the SmartKiller removal tool on this page:

http://www.spywareinfo.com/~merijn/downloads.html

Re-start your computer and post another HJT log.
 

DummFounded

Thread Starter
Joined
Sep 5, 2004
Messages
13
I am running XP SP2 so all updates should be in. Do not have MS VM installed. still cannot get rid of damn thing. driving me crazy. thanks for your reply though.
 

DummFounded

Thread Starter
Joined
Sep 5, 2004
Messages
13
Ok, here it is.

Keeps coming back.



Logfile of HijackThis v1.98.2
Scan saved at 7:13:29 PM, on 9/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Barry Sanders\Desktop\HiJackThis\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SysA] C:\windows\system32\winvlt32.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: ZoneAlarm Pro.lnk = F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 

DummFounded

Thread Starter
Joined
Sep 5, 2004
Messages
13
this line i see on my HJT log, but have not noticed it on others? Any ideas?

O4 - HKLM\..\Run: [SysA] C:\windows\system32\winvlt32.exe
 
Joined
Oct 13, 2003
Messages
2,367
Did you run CWShredder?


Run CWShredder.

CWShredder download link

Under "Official Downloads" download "CWShredder".

Unzip the program to a permanent folder of your choosing. Close ALL (except CWShredder )browser windows and click "FIX".

After it's done running click on "How do I prevent re-infection?" and, at a minimum, click on "Go Download the ByteVerifier patch on Microsoft.com"

If you have problems running CWShredder, then get the SmartKiller removal tool on this page:

http://www.spywareinfo.com/~merijn/downloads.html

Re-start your computer and post another HJT log.
 

DummFounded

Thread Starter
Joined
Sep 5, 2004
Messages
13
Link for smartkiller is down.

Ive done everything else. CWShredder,spybot,adaware, online virus scan.....
 
Joined
Oct 13, 2003
Messages
2,367
Before we start, let's disable your System Restore. After the infection's been cleaned re-enable system restore.
Disabling System Restore in Windows XP Disable System Restore in Windows ME

IF, for some reason, you lose the ability to use IE or lose your internet connection...open HJT-->"Config"-->"Backups"-->"Restore".


Open HiJackThis. Click "Scan". Put a checkmark next to these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php

O4 - HKLM\..\Run: [SysA] C:\windows\system32\winvlt32.exe






Close ALL browser windows (except HiJackThis ;) ) and click "Fix checked."


Re-start your computer.


NEXT:


Re-start your computer into safe mode:

How to start your computer in Safe Mode

NEXT:

Because XP will not always show you hidden files and folders by default, Go to Start > Search under "More advanced search options", make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on "My Computer". Go to "Tools" ---> "Folder Options". Click on the "View" tab and make sure that "Show hidden files and folders" is checked. Also, uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"

Click "Apply" then "OK".


NEXT:

Find and delete:

winvlt32.exe




Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

http://www.computerhope.com/issues/ch000225.htm

Next navigate to the C:\Documents and Settings\ <user's name>\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Now click the "Delete Cookies" button and click OK.


Empty the Recycle Bin

Re-enable System Restore.

Re-start your computer and post another HJT log.
 

DummFounded

Thread Starter
Joined
Sep 5, 2004
Messages
13
Great, seems to have worked... thanks for the help....


winvlt32.exe was the problem from what i could tell...


HJT follows

Logfile of HijackThis v1.98.2
Scan saved at 8:25:29 PM, on 9/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Barry Sanders\Desktop\HiJackThis\HijackThis19802.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: ZoneAlarm Pro.lnk = F:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
 
Joined
Oct 13, 2003
Messages
2,367
Yes, sometimes an entry won't be shown until after a reboot or two. At least it's been killed. ;)

The anvshell.exe gave me a few hits on CoolWebSearch. Then I was concerned that you may have switched to Sun, but had MS Java, at one time, and it was still in the log. Oh well. Live and learn. :D

Glad it's straightened out. (y)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top