[solved]Stopguard etc

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bsmith5

Thread Starter
Joined
Sep 15, 2004
Messages
6
Hello,
I keep getting the stopguard and winfirewall pop-ups and since they first showed, my system has been sluggish. I ran HijackThis (and also tried the AdAware, Spybot, and Symantec scans) to no avail. Please help.

Thanks in advance!!!


Logfile of HijackThis v1.98.2
Scan saved at 10:25:46, on 15/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
D:\progra~1\scansoft\paperp~1\pptd40nt.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\WINDOWS\assembly\NativeImages1_v1.0.3705\bakkb.exe
D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
D:\WINDOWS\System32\msdtc.exe
D:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
D:\PROGRA~1\SONYER~1\MOBILE\MOBILE~1\EPMWOR~1.EXE
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\BrushGroup\FS WebSearch 4\ws.exe
D:\Documents and Settings\Bob\My Documents\HighJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - D:\DOCUME~1\Bob\LOCALS~1\Temp\bkkab.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - D:\PROGRA~1\BRUSHG~1\FSWEBS~1\ieband3.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [PaperPort PTD] d:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MSNSysRestore] D:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [*bakkb] D:\WINDOWS\assembly\NativeImages1_v1.0.3705\bakkb.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FastTVSync] "D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\RunOnce: [*bakkb] D:\WINDOWS\assembly\NativeImages1_v1.0.3705\bakkb.exe rerun
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [*MS Setup] D:\WINDOWS\Config\kbvga.exe ren
O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Cloudmark SpamNet for OE.lnk = ?
O4 - Global Startup: Phone Connection Monitor.lnk = D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi bsmith5, Welcome to TSG!!

I was sure I answered your post this morning...mmmm... wonder who got it? :D

Run HJT again and put a check in the following:

O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - D:\DOCUME~1\Bob\LOCALS~1\Temp\bkkab.dat
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [MSNSysRestore] D:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\RunOnce: [*bakkb] D:\WINDOWS\assembly\NativeImages1_v1.0.3705\bakkb.exe rerun

Close all applications and browser windows before you click "fix checked".

Some of this is viral so please do this:
Go here http://forums.techguy.org/t110854/s.html and run at least 2 of the on-line virus scanners.

Reboot and post another log.
 

bsmith5

Thread Starter
Joined
Sep 15, 2004
Messages
6
Thanks for your reply, I have done as you suggested although I had to boot in safe mode to get HJT to fix the selected lines. All seems well except I now have what I think is WinAntiVirus still running which I beleave is part of StopGuard. I have tried everything but the the file just recreates itself even when booting computer in safe mode.

I have a P4 running XP Home SP2

Logfile of HijackThis v1.98.2
Scan saved at 12:48:24, on 17/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\msagent\antisvc.exe
D:\Documents and Settings\Bob\My Documents\HighJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - D:\DOCUME~1\Bob\LOCALS~1\Temp\cvsitna.dat
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - D:\PROGRA~1\BRUSHG~1\FSWEBS~1\ieband3.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PaperPort PTD] d:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [FastTVSync] "D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\RunOnce: [*antisvc] D:\WINDOWS\msagent\antisvc.exe rerun
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?
O4 - Global Startup: Phone Connection Monitor.lnk = D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Cloudmark SpamNet for OE.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll


This the latest log

Thanks again

Bob
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - D:\DOCUME~1\Bob\LOCALS~1\Temp\cvsitna.dat

Close all applications and browser windows before you click "fix checked".


Restart in Safe Mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Empty these folders:
C:\Documents and Settings\bob\local settings\temp
c:\temp
c:\windows\temp

Empty the recycle bin, reboot and let me know if that gets rid of it.
 

bsmith5

Thread Starter
Joined
Sep 15, 2004
Messages
6
Tried what you suggested and have found that the offending file still loads in safe mode, it's a bit fiddly but this is what I have ended up doing, open filemanager, going to Windows\msagent selecting the antisvc.exe file. Then open task manage selecting tasks, highlighting antisvc.exe clicking on end task and a split second after delete the file highlighted in windows\msagent, had to try this several times before succeeding. once the file had been deleted carry out all your suggestions plus before rebooting rerun HJT and have it remove the offending entries.

It all now seems to be gone, will let you know if I get any problems, one thing though has stopguard moved on as I did'nt think it would still be loading in safe mode which it obviously was doing on my machine.

Thanks for all your help

Bob
 

bsmith5

Thread Starter
Joined
Sep 15, 2004
Messages
6
Forgot to post the HJT log

Logfile of HijackThis v1.98.2
Scan saved at 07:47:13, on 18/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\progra~1\scansoft\paperp~1\pptd40nt.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
D:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
D:\WINDOWS\system32\wuauclt.exe
d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
D:\PROGRA~1\SONYER~1\MOBILE\MOBILE~1\EPMWOR~1.EXE
D:\Documents and Settings\Bob\My Documents\HighJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - D:\PROGRA~1\BRUSHG~1\FSWEBS~1\ieband3.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PaperPort PTD] d:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [FastTVSync] "D:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: e-Backup 1.42 Scheduler.lnk = ?
O4 - Global Startup: Phone Connection Monitor.lnk = D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = D:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Cloudmark SpamNet for OE.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: Acronis*Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - D:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

Thanks again

Bob
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top