Check Up

EASTER · August 03, 2005, 04:26:08 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:26:37 PM, on 8/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\program files\regprot\regprot.exe
C:\Program Files\Digital Timepiece\DigitalTimepiece.exe
C:\Program Files\Yzshadow\yzshadow.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Documents and Settings\Executive\My Documents\HoverSnap\HoverSnap.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\EXECUT~1\LOCALS~1\Temp\{6B0B8AE8-4CB6-4115-AB74-D934DA38F1C1}\Live Weather II App.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Executive\Desktop\SECURITY\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IESure.BHO - {79FCBF9D-044A-4D1C-A004-D3E4E2D12FB0} - C:\WINDOWS\iesure.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RegProt] c:\program files\regprot\regprot.exe /start
O4 - HKLM\..\Run: [DigitClock] C:\Program Files\Digital Timepiece\DigitalTimepiece.exe
O4 - HKLM\..\Run: [ShadowYZ] C:\Program Files\Yzshadow\yzshadow.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ObjectDock] C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Shortcut to YzDock.exe.lnk = C:\Program Files\YZdock\YzDock.exe
O4 - Startup: WinPoET v4.00 Broadband.lnk = C:\Program Files\WinPoET Broadband Connection\WrDialer.exe
O8 - Extra context menu item: &Google Search - res://c:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Internet Explorer Toolbar Integrator - {2108C2C2-B895-4533-81B4-D6F16A74B93E} - C:\Program Files\Internet Explorer Toolbar Integrator & Editor\Toolbar Integrator.exe
O9 - Extra 'Tools' menuitem: Internet Explorer Toolbar Integrator - {2108C2C2-B895-4533-81B4-D6F16A74B93E} - C:\Program Files\Internet Explorer Toolbar Integrator & Editor\Toolbar Integrator.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: msnmsgr - {667CA4E3-6E2A-4A47-A1DC-1735F1FC89C9} - C:\Program Files\MSN Messenger\msnmsgr.exe
O9 - Extra 'Tools' menuitem: msnmsgr - {667CA4E3-6E2A-4A47-A1DC-1735F1FC89C9} - C:\Program Files\MSN Messenger\msnmsgr.exe
O9 - Extra button: (no name) - {7BA16E9E-38C5-45e9-A2A4-9D50312F923C} - C:\WINDOWS\iesure.dll
O9 - Extra 'Tools' menuitem: IESure! (F2) - {7BA16E9E-38C5-45e9-A2A4-9D50312F923C} - C:\WINDOWS\iesure.dll
O9 - Extra button: MSN Messenger - {978ac263-6169-4969-9ca8-dc16fe0f45aa} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger - {978ac263-6169-4969-9ca8-dc16fe0f45aa} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A8C0900-E9B1-4AD6-AD3B-B3921DD275D5}: NameServer = 216.49.96.1 216.49.96.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A8C0900-E9B1-4AD6-AD3B-B3921DD275D5}: NameServer = 216.49.96.1 216.49.96.2
O18 - Filter: text/html - {A00FACD3-046C-41BA-8A36-83FB6669577B} - C:\WINDOWS\iesure.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

Die Hard · August 03, 2005, 06:32:01 AM

Easter :)

Maybe you should move this application to a permanent folder or it would be deleted as soon as you empty the temp folders:
C:\DOCUME~1\EXECUT~1\LOCALS~1\Temp\{6B0B8AE8-4CB6-4115-AB74-D934DA38F1C1}\Live Weather II App.exe
http://www.adni18.com/gallery/details.php?image_id=97

You should fix this with HJT:
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver

Regards

Die Hard :)

Corrine · August 03, 2005, 12:59:56 PM

If I may -- I also suggest that you install SP2.

EASTER · August 03, 2005, 05:46:34 PM

Thanks DieHard & Corrine. I been so busy with other things as of late i thought it in the best onterest for safety's sake to have our own Expert eyes to survey the lines.

Thank You very much: btw, I am very aware of the need to add SP2 but am holding off untill i copy off my modded files that affect the GUI skins and appearance as SP2 will re-write over the system files with no mercy for my efforts. LoL

EASTER · August 04, 2005, 10:10:15 PM

All of these you see are of course KONFABULATOR widgets. Better get your "free" copy while they last. It just went freebie since YAHOO! bought them out. LoL

C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

HJThis · August 15, 2005, 12:13:59 AM

Hey,To all

@EASTER

Not sure if you have done so yet but if you goto install Sp2
you be much better off downloading it to the desktop.

then install yes after you shutdown if using Cable/DSL
Unplug modem restart close all running programs then
install SP2 again shutdown replug Cable/DSL

i had big problems with installing Sp2 tell i did it
the way i just talked about just so you have one
more option

Thank you:)

EASTER · August 15, 2005, 08:53:17 AM

Thanks HJThis for the valuable tips. That is one reason i been reluctant to to install the Update just yet as well as i have to copy important system files which i modded to change visual styles and such as i know any Micro update whatsoever "overwrites" modifications and then there goes months of effort out the window, i don't think i could even remember all the nice attractive mod hacks i've applied just to get XP where it is comfortable for me to work with.

Again, thanks for the tips and i'll be sure when i do to SAVE the SP2 to Hard Drive "FIRST" then pull plug on internet completely so no connections interference can hamper the install.