Start Up

:huh: I love this program...Have a question, though. In the Tools/Start Up can I delete programs like Quicken, Office and Adobe from that list. They don't need to start when Windows open do they? I know the more things you have on start up, the longer it takes, but what I don't know is if I remove these am I removing them completely or just they won't start and when I want to use them, would I have to do anything more than just click and open them? I know it is probably a dumb question...but I am trying to get windows to open quicker....

if u remove then u are just preventing them from starting at startup. u just have to start then manually. i dont know about quicken as i have no idea what that is but u dont need office and adobe auto starting. for example i only have my modem software, nvidia stuff and norton auto starting

Post a HijackThis log, as it tells the full information of startup items as well.

How in the heck do I go about doing that? :(

Download HijackThis, run it and save a log, then post it here.

Download HijackThis, run it and save a log, then post it here.

Logfile of HijackThis v1.99.1

Scan saved at 12:53:22 PM, on 8/26/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe

C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\WallpaperToy\Wallpapertoy.Exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe

C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN\MSNCoreFiles\msn.exe

C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Owner\My Documents\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;;www.costco.com;www.msnusers.com;photo.walmart.com;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [uSB] C:\WINDOWS\system32\usb.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [POINTER] c:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [PS2] c:\hp\drivers\keyboard\PS2.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe

O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {5CAD44F7-50E5-4761-84A9-7C84F8EC2158} (Napster inforeader control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab

O16 - DPF: {5EFF8B09-B211-42B7-805E-C4670BF8C830} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121206446812

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123635856234

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.broderbund.com/IFW/Cabs/isetup.cab

O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2729.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{222B3F84-A801-4660-9D02-5E9715A2FFE9}: NameServer = 205.171.3.65 205.171.2.65

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hope this will help

Registry startup items you can remove

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [POINTER] c:\Program Files\Microsoft Hardware\Mouse\point32.exe

Start > (All) Programs > Startup folder contents:

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

If you use this actively, keep it. Else remove it. :)

O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe

thanks...should I delete them using hijack this or from the task manager start up items? Or the CCleaner?

Sorry, but I am so afraid of deleting something I shouldn't, I am going to wait till I get your answer. thanks for having patience...

thanks...should I delete them using hijack this or from the task manager start up items? Or the CCleaner?

I would personally disable what Tarun stated was safe to disable via the Task Manager, that way if you want to undo the disabling of an item you won't have to figure out what a startup parameter exactly is such as "nwiz.exe /install", this can eliminate having to reinstalling an application that may not necessarily have a way to configure it to start when Windows does.

Note: If you have a more than basic/standard Microsoft Mouse such as IntelliMouse Explorer, etc., disabling point32.exe "may" or "will" disable some of its functionality, e.g.; the extra buttons, however if you don't use those extra functions it won't harm anything to disable it.

Task Manager

MsConfig :)

Lol, as if the Task Manager would do anything. I'm slipping.

Download HijackThis, run it and save a log, then post it here.

Tarun

You did a fantastic job helping the other fellow who--like I--wasn't sure what can be disabled from the startup menu.

I've already disabled some things, but I'm afraid to delete others.

If you can find time to analyze my log, I would be forever grateful.

Thanks,

Staninfr

--------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 7:52:13 PM, on 27/08/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

C:\Program Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-

LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security

Center\SymWSC.exe

C:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Virtual Account Numbers\CitiUCS.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\system32\nosign.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Free Spyware Scanner\SpyWatcher.exe

C:\WINDOWS\TPPALDR.EXE

C:\Program Files\WinguardPro\wgp.exe

C:\Program Files\WinPatrol\winpatrol.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Wanadoo\taskbaricon.exe

D:\Program Files\RAM Idle\RAM_XP.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

D:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\EditPad Lite\EditPad.exe

C:\Program Files\CCleaner\CCleaner.exe

E:\Download 7\Hijack this\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://us.f533.mail.yahoo.com/ym/login?.rand=3mhppvac5jbok

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://home.free.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext =

http://www.ontrack.com/registration/index.asp?product=erp6

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title

= Wanadoo

R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-

0A63660E0FE3} - (no file)

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-

BE1A89362C85} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-

7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2

\ycomp5_3_18_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -

C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

(no file)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -

C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-

298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec

Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-

FADC6B084872} - C:\Program Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll

O2 - BHO: XBTB09580 - {E9CFF983-9580-4d74-A7BD-FBF10BB2672A} -

D:\PROGRA~1\WORDRE~2\WORDRE~1.DLL

O2 - BHO: UCSBrowserHelper Class - {F1D49A84-8656-43ce-AE3D-

AABC1A12243E} - C:\WINDOWS\System32\BhoUCS.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-

A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec

Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-

7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a}

- C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2

\ycomp5_3_18_0.dll

O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-

E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL

O3 - Toolbar: WordReferenceEnFr - {5776A2BC-D803-47F6-9DC0-

8344DB8D604C} - D:\Program

Files\WordReferenceEnFr\wordreferenceEnFr.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers

communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account

Numbers\CitiUCS.exe /dontopenmycards

O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe

/hidden

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32

\NeroCheck.exe

O4 - HKLM\..\Run: [Nosign_JL2005] nosign TRUST

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program

Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [spy Watcher] "C:\Program Files\Free Spyware

Scanner\SpyWatcher.exe" -S

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1

\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton

Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep

0 -u

O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32

\VOBREGCheck.exe -CheckReg

O4 - HKLM\..\Run: [WinGuard Pro] C:\Program

Files\WinguardPro\wgp.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program

Files\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program

Files\Wanadoo\taskbaricon.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32

\PSDrvCheck.exe

O4 - HKLM\..\Run: [RAM Idle Professional] D:\Program Files\RAM

Idle\RAM_XP.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2

\pg2.exe

O4 - HKCU\..\Run: [CCleaner] "C:\Program

Files\CCleaner\CCleaner.exe" /AUTO

O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &ieSpell Options -

res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &Translate English Word -

res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Check &Spelling - res://C:\Program

Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Customize Menu - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: ImTranslator - C:\PROGRA~1

\SMARTL~1\IMTRAN~1\startup.html

O8 - Extra context menu item: Personnaliser -

C:\WINDOWS\PCHealth\HelpCtr\System\blurbs\options.htm

O8 - Extra context menu item: Rechercher sur Internet -

E:\Downloads\Software\Utilities\Printer Software\ENGLISH Epson

82 Installer\MANUAL\REF_G\REF_G\SEARCH.HTM

O8 - Extra context menu item: Save Forms - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Search Using Copernic Agent -

res://C:\Program Files\Copernic

Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English -

res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-

4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-

CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6

-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-

ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-

4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-

8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-

7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-

C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-

ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49}

- file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-

ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422}

- C:\Program Files\Virtual Account Numbers\CitiUCS.exe

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-

00400523e39a} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-

11d4-9908-00400523e39a} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-

A9046DEA8A21} - C:\Program Files\Microsoft

Money\System\mnyside.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-

C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-

45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html

(HKCU)

O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4

-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html

(HKCU)

O12 - Plugin for .TIF: C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin5.dll

O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall

Control) - http://housecall-

beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec

AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedC.../vc/bin/AvSniff.

cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}

(PatchInstaller.Installer) -

file://F:\content\include\XPPatchInstaller.CAB

O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-

Webster Online Toolbar) - http://www.m-

w.com/toolbar/webinstall.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class)

- http://software-

dl.real.com/123365b68a1053506a18/netzip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://v5.windowsupdate.microsoft.com/v5co...V5Controls/en/x

86/client/wuweb_site.cab?1097405935453

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec

RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedC...common/bin/cabs

a.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microsoftupdat...Controls/en/x86

/client/muweb_site.cab?1124443342609

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai.net/7/840/537/2004061...secall.trendmic

ro.com/housecall/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline

Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB}

(MSSecurityAdvisorCD Class) -

file://F:\Content\include\msSecUcd.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage

Class) - http://84.96.27.199/activex/AxisCamControl.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image

Uploader 3.5 Control) - http://www.wisup.net/album-

photo/wistiti/Upload/ImageUploader35.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline

Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player

Class) - http://www.live365.com/players/play365.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7914921E-CA56-4019-

B31E-259884609AFB}: NameServer = 80.10.246.1 80.10.246.132

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C:\Program Files\Fichiers communs\Symantec

Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec

Corporation - C:\Program Files\Fichiers communs\Symantec

Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) -

Symantec Corporation - C:\Program Files\Fichiers

communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Fichiers communs\Symantec

Shared\ccSetMgr.exe

O23 - Service: Cepstral License Server - Cepstral, LLC -

C:\Program Files\Cepstral\lib\LicenseServer.exe

O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks -

C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc.

- C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc)

- Symantec Corporation - C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program

Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Symantec Corporation - C:\Program Files\Fichiers

communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation -

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-

LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Fichiers communs\Symantec Shared\Security

Center\SymWSC.exe

Generated by Tarun's HijackThis Converter v0.43 Beta.

Changed registry value. Safe to remove:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f533.mail.yahoo.com/ym/login?.rand=3mhppvac5jbok

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

Created registry value. Safe to remove:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ontrack.com/registration/index.asp?product=erp6

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

Created extra registry value where only one should be. Safe to remove:

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

Enumeration of existing IE's BHO's. Safe to remove:

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_18_0.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: XBTB09580 - {E9CFF983-9580-4d74-A7BD-FBF10BB2672A} - D:\PROGRA~1\WORDRE~2\WORDRE~1.DLL

O2 - BHO: UCSBrowserHelper Class - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\System32\BhoUCS.dll

Enumeration of existing IE's toolbars. Safe to remove:

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_18_0.dll

O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL

O3 - Toolbar: WordReferenceEnFr - {5776A2BC-D803-47F6-9DC0-8344DB8D604C} - D:\Program Files\WordReferenceEnFr\wordreferenceEnFr.dll

Enumeration of suspicious auto-loading registry entries. Safe to remove:

O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nosign_JL2005] nosign TRUST

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKLM\..\Run: [RAM Idle Professional] D:\Program Files\RAM Idle\RAM_XP.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe - Not needed, here's how to bypass it.

IE plugins for file extensions or MIME types. Safe to remove:

O12 - Plugin for .TIF: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

Changing of IERESET.INF. Safe to remove:

O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/

Downloaded Program Files item. Safe to remove:

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://F:\content\include\XPPatchInstaller.CAB

O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/123365b68a1053...ip/RdxIE601.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://F:\Content\include\msSecUcd.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImageClass) - http://84.96.27.199/activex/AxisCamControl.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/U...eUploader35.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnlineObject) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365PlayerClass) - http://www.live365.com/players/play365.cab

RAM idle apps never work. Also, get Firefox. ;)

Wow!

You're really fast and efficient. Thank you very much.

I'm amazed at how you can understand some of that stuff.

Thanks again.

Staninfr

Not a problem. I was actually slower in reply as I'm trying to get my website up and working, to the point where I like it. ;)