0

Please have a look on the attached screenshots. Look at the entries that don't have the name as the startup item and also don't have any location. I have two such entries one that is selected and the other one is just below the AppleSyncNotifier.

Please chare your mastery with me.

Thanks
chand

Attachments HKCU_registry_Location.PNG 39.32 KB msconfig-startup.PNG 65.31 KB registryLocation.PNG 57.22 KB
4
Contributors
23
Replies
24
Views
8 Years
Discussion Span
Last Post by chand.
0

Have seen this before, and is not always a red alarm.

Still, DL and run HJT. DON'T attempt a fix yet - Once run, will provide a scan log... post FULL results here for us to look over

0

Before running HJT, download Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

0

Before running HJT, download Malwarebytes' Anti-Malware to your desktop.

Thanks RIC, But Anti-Malware is not an opensource program, it is shareware, so how I can use it to scan and get results from my computer.

0

Have seen this before, and is not always a red alarm.

Still, DL and run HJT. DON'T attempt a fix yet - Once run, will provide a scan log... post FULL results here for us to look over

I hope this is what you suggest me. Please check the attachments and help me with your expertise.

I want to tell you one more thing that often my system stuck at startup and come in the working position after several minutes like 5, 7 sometimes it takes 10 minutes. However my processor working goes to 100% and sudden leaps from 50 to 100 or near about meanwhile. Hardware wise I don't think it is a weak computer because it has
Intel centrino core 2 Duo 2.10 GHz [T8100 processor Model]
3MB L2 cache
3 GB RAM

Thanks

Attachments
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:38 PM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
D:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
D:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
D:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
D:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
D:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Mioplanet Battery Meter\Mioplanet Battery Meter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Mioplanet Battery Meter.lnk = D:\Program Files\Mioplanet Battery Meter\Mioplanet Battery Meter.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246840184968
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC17B203-FF77-4E06-9963-41280E098E1D}: NameServer = 203.99.163.240,202.125.132.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD1188B9-B09A-433F-8185-48C62EF3114F}: NameServer = 203.99.163.240,202.125.132.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjou
0

Mbam is free to use. Plenty of people on here use it every day to remove malware problems.

0

Sir please have a look on my hijack log I upload it on this same thread just scroll above one entry.

0

It is better to run Mbam before attempting to sort anything via HJT. Mbam can save having to do a long and complicated fix often.

0

Thanks RIC, But Anti-Malware is not an opensource program, it is shareware, so how I can use it to scan and get results from my computer.

It is not shareware but a free to use program. Where did you get the idea it is shareware? Follow Rik's advice and run the program.

0

It is not shareware but a free to use program. Where did you get the idea it is shareware? Follow Rik's advice and run the program.

I follow RIK and scan mbam it takes almost an hour to scan, at the end I got the 0 malware results or 0 infections. Now what to do.

0

Then it looks as though it is not a malware issue, so you can take a deep breath.

One possible cause I forgot to mention can be orphaned registry entries (although is quite normal for those "default" registry entries to be value-free) left after updating or uninstalling software applications. DL CCleaner and run the registry repair

0

Actually, it isn't causing any harm, there is nothing in Command so nothing will happen with it. If you want to just leave it alone you can.

0

Actually, it isn't causing any harm, there is nothing in Command so nothing will happen with it. If you want to just leave it alone you can.

Then what could be the reason that it halts at the startup. and often I got the problem that my ethernet is not detected by computer, however after some hours it detects it automatically. I shut down it, and then again I came back it is ok. Like last night it gives me the same problem of ethernet at the very start when you just power on the system, and this problem occurs after many shut downs and restart. because after scanning I want to check the performance. Now my caps lock also don't show onscreen notification of it, either it is on or off.

0

Then disable them if you wish and see if that makes a difference. If it does then leave them disabled. That's a lot easier to do then playing with the registry.

0

Take a look in event viewer to see if it gives any indications of problems.

Event viewer instructions can be found HERE.

0

Take a look in event viewer to see if it gives any indications of problems.

Event viewer instructions can be found HERE.

Most of the errors are about as listed below.

----Service Control Manager [relevant to panda anti virus.] last night I uninstall it completely from my system. It wastes my money.
----PlugPlayManager
The device 'Intel(R) 82562GT 10/100 Network Connection #2' (PCI\VEN_8086&DEV_10C4&SUBSYS_30D8103C&REV_03\3&b1bfb68&0&C8) disappeared from the system without first being prepared for removal.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----PSched
QoS [Adapter {DD1188B9-B09A-433F-8185-48C62EF3114F}]:
The netcard driver failed the query for OID_GEN_LINK_SPEED.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----DHCP
The IP address lease 192.168.1.2 for the Network Card with network address 0022644D6D2C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

If I rate the errors frequency then the top one is
1-ServiceControlManager
2-PlugPlayManager
3-DHCP
4-PSched

I hope you could get the idea. Now If I don't install Panda again then what you suggest me to have for the protection of the system. Normally my use is very sophisticated like I never go on crappy websites most of the time I stay on forums for help or some globally recognized websites.

0

Throw Avast on there, its free. http://www.avast.com/eng/download-avast-home.html

You should also update your network card driver.

And now after installing avast. Should I uninstall mbam and Hijackthis from my laptop or its not a problem. And they are 100% safe programs.

RIK I'm very grateful to you for helping me last couple of days.

Thanks
chand

0

No need to uninstall HJT or MBA - an AV is protective, those other apps are more "fix-its".

Just as a tip, if you are having multiple issues, is best to post them ALL at the beginning, as it makes diagnosing the issue a lot easier :)

0

As kaninelupus say's, you may as well keep them both. Run regular scans with Mbam after updating it and it will help to keep your pc clean.

I also recommend WOT to help avoid infections in the future.

0

As kaninelupus say's, you may as well keep them both. Run regular scans with Mbam after updating it and it will help to keep your pc clean.

I also recommend WOT to help avoid infections in the future.

Dear RIK, I want to know one thing here. You and Kanineplus recommends me almost same suggestion for mbam and Hijackthis. But now here is little confusion for me is just that, as you suggest me to read the user guide for Hijackthis, and they warn there time and again that don't take any action without the help of an Advanced user. Now I have installed mbam and Hijackthis. In your last message you told me to Install Avast too. Now please tell me, I keep mbam, hijackthis and Avast too. Am I right...? Moreover WOT is a plugin for firefox, but I used chrome browser, Is there any chrome plugin such like WOT.

Thanks
chand

0

HJT should never ever be used without supervision as you quite rightly say. Leaving it on your pc will do no harm as long as you do not attempt to use it by yourself.

Avast is a free antivirus program, keep it, it's one of the best free ones there is.
Mbam is without a doubt the best antimalware program available at the moment and is free to use unless you want to pay for it to be automated, keep it.
HJT, although you should not use it by yourself, is just about the best bit of "professional" cleanup software, keep it just in case.

Sorry, I didn't know WOT wasn't available for google chrome. Keep an eye out as it may well be available in the near future.

0

I would recommend Uninstalling HiJackThis. There is no reason to keep it after using it. If needed again it can be downloaded again. HiJackThis does have updates occasionally and one is better off uninstalling after work with it is totally completed. It is not a general use program but for use when looking for malware or infection and as Rik says, not for use without direction.
Any cleaning you are advised to do with HJT is usually the LAST step done after running other programs, never to be considered a clean up program really but a program to give you a "snapshot" of what is going on with the computer. Uninstall it. If somebody TELLS you to use it then install it again.

Please note this Warning concerning HiJackThis use given in the Tutorial on it's usage:

HijackThis should only be used if your browser or computer is still having problems after running Spybot or another Spyware/Hijacker remover. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself. You should also attempt to clean the Spyware/Hijacker/Trojan with all other methods before using HijackThis. If you allow HijackThis to remove entries before another removal tool scans your computer, the files from the Hijacker/Spyware will still be left on your computer and future removal tools will not be able to find them.

Uninstall HiJackThis. Leave MBA-M on the computer. Update and use the Quick Scan (which is sufficient for regular weekly usage) option at least weekly. If something is found then Remove whatever is found. Reboot, Update again and run the Full Scan.

0

I do the quick scan and nothing found malicious to mba-m. Now I'm restarting my machine and go for full scan.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.