We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Strange messages started apearing - please help
Options
Comments
-
Hi pchelpman - I've just posted the updated log and these are a few notes. Thank you so much for your patience with this.
The Hdreg thing - there wasn't anything in the list that resembled it. It's still popping up. I remember that it started happening after tried to register PC and it came back with a message saying registration couldn't be completed.
The system 32 thing is sorted :T Did what you said - there was one blank entry and one entry that only had one " so unchecked them and it worked.
I didn't manage to download ERUNT and NTREGOPT - got to the page and couldn't work out what I was supposed to click to download it... :wall:
After checking to see if I've a 32 bit op system or 64 I've been left with a blue command prompt box in the Start up menu bit - how do I get rid of this?
I followed the instructions to kill C:\WINDOWS\System32\wccntfly.exe. It did not show up in safe mode (even with all the correct things checked /unchecked). I did see it however when not in safe mode - I was too scared to kill it though when not in safe mode - what should I do?
Got rid of everything on your list of things to Fix checked in HijackThis except could not see 04 HKLM\..\Run:[MyWebSearch Email Plugin]
I found 30 instances of either MyWebSearch or MyWayMyWebSearch combined - I got them into the recycle bin and then emptied the recycle bin. There were 6 MyWay ones that were in compressed zipped folders - Spybot Search and Destroy Recovery - I think I put these in recycle bin and deleted them too.
I've done another fresh Hijackthis log - I noticed there were a few with references to miniclip in them - should I get rid of them?
Computer seems to be running ok. While I was going through all of the above it did play up a bit by boxes sometimes replicating themselves over and over and I had to Ctrl Alt delete etc to get it to stop.
Thank you once again. I'll go off to bed now hoping I'm nearly there ....(Angus is my dog, not me ...)
0 -
Hi again
As I said before this is definitely something to do with the registration of the PC. Other than the advice I gave earlier all I can suggest is that it's probably best if you call the manufacturer who seem to be having trouble with your registration.angus1 wrote:The Hdreg thing - there wasn't anything in the list that resembled it. It's still popping up. I remember that it started happening after tried to register PC and it came back with a message saying registration couldn't be completed.
I believe this is the run key that may stop that pop up ....
O4 - HKLM\..\RunOnce: [HDReg] c:\Apps\HDReg\HDRegApp.exe -r
Scan with HJT, as you did before, put a tick mark in the box to the left of this entry only, CLOSE ALL WINDOWS INCLUDING BROWSERS then hit "Fix checked". Reboot. See if the Hdreg pop up stops. Let me know.
As the system32 folder "pop up" is now fixed don't worry about the ERUNT and NTREGOPT bit.angus1 wrote:The system 32 thing is sorted :T Did what you said - there was one blank entry and one entry that only had one " so unchecked them and it worked.
I didn't manage to download - got to the page and couldn't work out what I was supposed to click to download it... :wall:
Can you just delete it? "Drag and drop" to the recycle bin?angus1 wrote:After checking to see if I've a 32 bit op system or 64 I've been left with a blue command prompt box in the Start up menu bit - how do I get rid of this?
Thing is that safe mode stops most - if not ALL - your bad things loading up. As you found out. If you can see this baddie in "normal" mode delete it and empty your recycle bin.angus1 wrote:I followed the instructions to kill C:\WINDOWS\System32\wccntfly.exe. It did not show up in safe mode (even with all the correct things checked /unchecked). I did see it however when not in safe mode - I was too scared to kill it though when not in safe mode - what should I do?
Trouble is it may change its name each time you reboot. It may now be the file: C:\WINDOWS\system32\wscntfy.exe (mentioned later in this post).
If I suggest you remove something but it's not there it usually means it's been removed during one of the other "removals". Don't worry about it at this stage.angus1 wrote:Got rid of everything on your list of things to Fix checked in HijackThis except could not see 04 HKLM\..\Run:[MyWebSearch Email Plugin]
OK. We'll move on from there then. Unfortunately this stuff has a habit of returning.angus1 wrote:I found 30 instances of either MyWebSearch or MyWayMyWebSearch combined - I got them into the recycle bin and then emptied the recycle bin. There were 6 MyWay ones that were in compressed zipped folders - Spybot Search and Destroy Recovery - I think I put these in recycle bin and deleted them too.
Yes - Miniclip items can be deleted. As before, scan with HJT, put a tick mark next to the entries, close all windows & browsers then hit "Fix Checked". Reboot again.angus1 wrote:I've done another fresh Hijackthis log - I noticed there were a few with references to miniclip in them - should I get rid of them?
More log fixing to do (see below).
I hope this stops as we work on this. Let me know if this - or anything else odd - happens.angus1 wrote:Computer seems to be running ok. While I was going through all of the above it did play up a bit by boxes sometimes replicating themselves over and over and I had to Ctrl Alt delete etc to get it to stop.
On to the new log.
I want to run a check of some of the system32 files. These .....
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
Go here….
http://virusscan.jotti.org/
Click the "browse" button and browse to each of the above files one at a time then click the "submit" button to upload each file.
Post back the results to this thread if any of them are returned by Jotti as infected in some way or otherwise bad .
If they are "clean" Jotti will say so.
Also post another HJT log and let me know how the system is operating again.0 -
Just wanted to say I think you're really brilliant spending all this time helping me out and being so patient with it. Can't tell you how much I appreciate it!
I'm going to get right on with that list of things to do as soon as I get in from work. I've got them printed off and ready to do. Just a couple of silly questions -
When I get rid of the things through HJt like the miniclip entries - should I do that in safe mode or normal or does it not matter?
When I post the new hjt scan to you should that have been done in safe or normal mode?
On my PC there are 2 users - me and my son. I've being doing all of this through my user name when in normal mode and through administrator when in safe mode - does all of this work done also cover the stuff in my son's user account?
Thanks(Angus is my dog, not me ...)0 -
angus1 wrote:When I get rid of the things through HJt like the miniclip entries - should I do that in safe mode or normal or does it not matter?angus1 wrote:Things like miniclip and other non-malware stuff will go if you use HJT in normal mode.
Normal mode please.angus1 wrote:When I post the new hjt scan to you should that have been done in safe or normal mode?
Probably not. The creation of mutiple users is, in effect, like creating separate computers for each user. I've had this problem with parents before. I clean one "user" the have to work through all the others, one at a time. The cleansing process needs to be done on each user separately.angus1 wrote:On my PC there are 2 users - me and my son. I've being doing all of this through my user name when in normal mode and through administrator when in safe mode - does all of this work done also cover the stuff in my son's user account?
There is also the danger that, if one user is infected with malware, there could be cross-infection with the malware spreading throughout all users.
For this reason - and others - I wonder about the value of creating different users anyway. Why did you do that? I ask as I'm just curious.
Once you have your user acount as you want it you should examine your son's account. See what's lurking there (I dread to think).
All the best. Report back when you have time.0 -
pchelpman
Sorry for butting in here but I am just curious as to your comments on the spyware and Dell systems. Does this mean you wouldn't recommend Dell computers as sometime this year I might be buying a new one and was thinking of a Dell. Which would you recommend?Thanx
Lady_K0 -
pchelphman, feel very sick now - thought there was light at the end of the tunnel ... but no ... can't believe will have to go through all of that again! :eek:
Does it not help because in safe mode it's done through administrator - does that not cover both the users? (she asks hopefully)
The reason for the 2 separate users is that we all used the one user account and one son had his itunes on that. Then at christmas other son got an ipod so needed itunes as well. In our wisdom (!) thought only way they wouldn't clash with each other was if they were on separate users so set up another one for son ... really wish that hadn't done that - is it possible to have 2 separate itunes on one user?
Should I just not even look at his until this one's fixed ...?
Thanks(Angus is my dog, not me ...)0 -
Hi Lady_KLady_K wrote:pchelpman
Sorry for butting in here but I am just curious as to your comments on the spyware and Dell systems. Does this mean you wouldn't recommend Dell computers as sometime this year I might be buying a new one and was thinking of a Dell. Which would you recommend?
No, I'm not saying Dell is a good or bad idea. Just letting you know what's included in the package you're buying.
As to which other ... I have no firm suggestions as I build my own! I'm sure other folk will have other sugesstions BUT please could I ask you to start a new topic in this forum. A subject like this is going to provoke MANY comments and they will detract from and hijack angus1's problems.
Others reading this .... please don't post your comments here. Post to Lady_K's new topic on this in the forum.
Thanks.0 -
There IS light at the end of the provervbial tunnel. Let's get your user account fixed up first then see how the other user account(s) behave. We may have to go through the HJT process with other users separately but don't cross bridges till you come to them.angus1 wrote:pchelphman, feel very sick now - thought there was light at the end of the tunnel ... but no ... can't believe will have to go through all of that again! :eek:
Does it not help because in safe mode it's done through administrator - does that not cover both the users? (she asks hopefully)
Last question first ... don't know. Sorry. I'm not familiar with iTunes at all, I'm afraid. That's probably a good subject for a new discussion in the techie forum. I'm sure there will be others around with pertinent advice on that issue. You want to get the ball rolling?angus1 wrote:The reason for the 2 separate users is that we all used the one user account and one son had his itunes on that. Then at christmas other son got an ipod so needed itunes as well. In our wisdom (!) thought only way they wouldn't clash with each other was if they were on separate users so set up another one for son ... really wish that hadn't done that - is it possible to have 2 separate itunes on one user?
I'm not saying it's always a bad thing to have different users. You seem to have a good reason there. However, everyone must be aware that, in effect, they have their own little computer (as I said before). They should kit it out with antivirus, antispyware and so on as if each were a computer in its own right.
Some protection programs do protect the whole PC but most don't.
Have a go at those Jotti uploads and let me know how things are after that.0 -
Logfile of HijackThis v1.99.1
Scan saved at 19:20:50, on 07/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton GoBack\GBPoll.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1137432692\ee\AOLHostManager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\Common Files\AOL\1137432692\ee\AOLServiceHost.exe
C:\Program Files\AOL COMPANION\COMPANION.EXE
c:\program files\common files\aol\1137432692\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\Common Files\AOL\1137432692\ee\AOLServiceHost.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - !!9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - !!9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - !!0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - !!42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137432692\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: !!00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: !!0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: !!4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: !!4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138985198359
O16 - DPF: !!8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe(Angus is my dog, not me ...)0 -
Hi pchelpman
I've went through the last lot of things to do -
Hdreg - that 04-HKLM thing isn't showing now but the hdreg box is still popping up. I'll do as you say and ask the manufacturer - it's a Packard Bell - do you mean I should get in touch with them direct? At least I know it's not a nasty.
That command box prompt that was left in start menu - I right clicked and removed it from the list - i was just worried it was something important.
The system\32\wccntfly.exe file is not there - the wscntfy.exe one is but I didn't kill it - should I?
Got rid of 3 miniclip references through HJt.
Used jotti to scan all those files individually and they all came up OK. Even the wscntfy one that you were a bit dubious about (above).
The system seems ok - maybe a bit 'chuggy' and whirring up a bit for what it seems no reason but I could just be imagining that ... It hasn't been doing what it did last night - boxes replicating etc.
Thanks - feeling bit happier!(Angus is my dog, not me ...)0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards