1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[solved]Stopguard etc

Discussion in 'Virus & Other Malware Removal' started by bsmith5, Sep 15, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. bsmith5

    bsmith5 Thread Starter

    Joined:
    Sep 15, 2004
    Messages:
    6
    Hello,
    I keep getting the stopguard and winfirewall pop-ups and since they first showed, my system has been sluggish. I ran HijackThis (and also tried the AdAware, Spybot, and Symantec scans) to no avail. Please help.

    Thanks in advance!!!


    Logfile of HijackThis v1.98.2
    Scan saved at 10:25:46, on 15/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton Personal Firewall\NISUM.EXE
    D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    D:\WINDOWS\System32\nvsvc32.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    D:\progra~1\scansoft\paperp~1\pptd40nt.exe
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    D:\WINDOWS\assembly\NativeImages1_v1.0.3705\bakkb.exe
    D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    D:\WINDOWS\System32\msdtc.exe
    D:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
    D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
    D:\PROGRA~1\SONYER~1\MOBILE\MOBILE~1\EPMWOR~1.EXE
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\BrushGroup\FS WebSearch 4\ws.exe
    D:\Documents and Settings\Bob\My Documents\HighJackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - D:\DOCUME~1\Bob\LOCALS~1\Temp\bkkab.dat
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - D:\PROGRA~1\BRUSHG~1\FSWEBS~1\ieband3.dll
    O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TotalRecorderScheduler] D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [PaperPort PTD] d:\progra~1\scansoft\paperp~1\pptd40nt.exe
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [MSNSysRestore] D:\WINDOWS\System32\pc32.exe bg
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    O4 - HKLM\..\Run: [*bakkb] D:\WINDOWS\assembly\NativeImages1_v1.0.3705\bakkb.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [FastTVSync] "D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
    O4 - HKLM\..\RunOnce: [*bakkb] D:\WINDOWS\assembly\NativeImages1_v1.0.3705\bakkb.exe rerun
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\RunOnce: [*MS Setup] D:\WINDOWS\Config\kbvga.exe ren
    O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: InterVideo Scheduler server.lnk = D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Cloudmark SpamNet for OE.lnk = ?
    O4 - Global Startup: Phone Connection Monitor.lnk = D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
    O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi bsmith5, Welcome to TSG!!

    I was sure I answered your post this morning...mmmm... wonder who got it? :D

    Run HJT again and put a check in the following:

    O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - D:\DOCUME~1\Bob\LOCALS~1\Temp\bkkab.dat
    O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
    O4 - HKLM\..\Run: [MSNSysRestore] D:\WINDOWS\System32\pc32.exe bg
    O4 - HKLM\..\RunOnce: [*bakkb] D:\WINDOWS\assembly\NativeImages1_v1.0.3705\bakkb.exe rerun

    Close all applications and browser windows before you click "fix checked".

    Some of this is viral so please do this:
    Go here http://forums.techguy.org/t110854/s.html and run at least 2 of the on-line virus scanners.

    Reboot and post another log.
     
  3. bsmith5

    bsmith5 Thread Starter

    Joined:
    Sep 15, 2004
    Messages:
    6
    Thanks for your reply, I have done as you suggested although I had to boot in safe mode to get HJT to fix the selected lines. All seems well except I now have what I think is WinAntiVirus still running which I beleave is part of StopGuard. I have tried everything but the the file just recreates itself even when booting computer in safe mode.

    I have a P4 running XP Home SP2

    Logfile of HijackThis v1.98.2
    Scan saved at 12:48:24, on 17/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\msagent\antisvc.exe
    D:\Documents and Settings\Bob\My Documents\HighJackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - D:\DOCUME~1\Bob\LOCALS~1\Temp\cvsitna.dat
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - D:\PROGRA~1\BRUSHG~1\FSWEBS~1\ieband3.dll
    O4 - HKLM\..\Run: [TotalRecorderScheduler] D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PaperPort PTD] d:\progra~1\scansoft\paperp~1\pptd40nt.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [FastTVSync] "D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    O4 - HKLM\..\RunOnce: [*antisvc] D:\WINDOWS\msagent\antisvc.exe rerun
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?
    O4 - Global Startup: Phone Connection Monitor.lnk = D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: InterVideo Scheduler server.lnk = D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Cloudmark SpamNet for OE.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll


    This the latest log

    Thanks again

    Bob
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - D:\DOCUME~1\Bob\LOCALS~1\Temp\cvsitna.dat

    Close all applications and browser windows before you click "fix checked".


    Restart in Safe Mode

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Empty these folders:
    C:\Documents and Settings\bob\local settings\temp
    c:\temp
    c:\windows\temp

    Empty the recycle bin, reboot and let me know if that gets rid of it.
     
  5. bsmith5

    bsmith5 Thread Starter

    Joined:
    Sep 15, 2004
    Messages:
    6
    Tried what you suggested and have found that the offending file still loads in safe mode, it's a bit fiddly but this is what I have ended up doing, open filemanager, going to Windows\msagent selecting the antisvc.exe file. Then open task manage selecting tasks, highlighting antisvc.exe clicking on end task and a split second after delete the file highlighted in windows\msagent, had to try this several times before succeeding. once the file had been deleted carry out all your suggestions plus before rebooting rerun HJT and have it remove the offending entries.

    It all now seems to be gone, will let you know if I get any problems, one thing though has stopguard moved on as I did'nt think it would still be loading in safe mode which it obviously was doing on my machine.

    Thanks for all your help

    Bob
     
  6. bsmith5

    bsmith5 Thread Starter

    Joined:
    Sep 15, 2004
    Messages:
    6
    Forgot to post the HJT log

    Logfile of HijackThis v1.98.2
    Scan saved at 07:47:13, on 18/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton Personal Firewall\NISUM.EXE
    D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    D:\WINDOWS\System32\nvsvc32.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wdfmgr.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\progra~1\scansoft\paperp~1\pptd40nt.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    D:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
    D:\WINDOWS\system32\wuauclt.exe
    d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
    D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
    D:\PROGRA~1\SONYER~1\MOBILE\MOBILE~1\EPMWOR~1.EXE
    D:\Documents and Settings\Bob\My Documents\HighJackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - D:\PROGRA~1\BRUSHG~1\FSWEBS~1\ieband3.dll
    O4 - HKLM\..\Run: [TotalRecorderScheduler] D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PaperPort PTD] d:\progra~1\scansoft\paperp~1\pptd40nt.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [FastTVSync] "D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?
    O4 - Global Startup: Phone Connection Monitor.lnk = D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: InterVideo Scheduler server.lnk = D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Cloudmark SpamNet for OE.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

    Thanks again

    Bob
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/274189

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice