Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Blank Startup Items


  • Please log in to reply
9 replies to this topic

#1 Kandra

Kandra

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:New Mexico
  • Local time:07:12 PM

Posted 21 October 2006 - 12:59 AM

Hi,

Using msconfig, I noted 2 blank entries under the item name. They're both under the key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Using Autoruns, the only possibility I see is the msconfig.exe file itself to possibly account for one "blank" entry but under that key Autoruns lists everything else.



I have to say....in using Autoruns I was totally amazed at all the stuff running....under Services for example I must have around 40 different svchost.exe listings! Various functions all point to the same file...is it really necessary to have ALL these listings pointing to the same file? Guess I'll have to go through all those too :thumbsup:

Anyway, I digress...I would appreciate any help about my 2 blank entries and should I uncheck or leave alone?


K.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Bleep Bleep!


  • Admin
  • 39,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:12 PM

Posted 22 October 2006 - 02:19 PM

Not sure what those blank entries are. Click on File then Save as and save the log to your desktop. Then open that log with notepad and post the results.

The svchosts are fine. They are all wrappers for legitimate programs.

#3 Kandra

Kandra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:New Mexico
  • Local time:07:12 PM

Posted 23 October 2006 - 07:03 PM

autoruns generates a 65K saved file since it saved everything, not just the logon section...too big to paste over.

#4 Grinler

Grinler

    Bleep Bleep!


  • Admin
  • 39,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:12 PM

Posted 24 October 2006 - 10:13 AM

Lets see a hijackthis file:

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site

Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers, Malware, & Spyware

#5 Kandra

Kandra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:New Mexico
  • Local time:07:12 PM

Posted 25 October 2006 - 02:26 AM

Sorry this took so long for me to do...needed to go to the hospital ER. Anyway, here's the results of the file:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:27 AM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Panda Software\pavsrv51.exe
C:\Panda Software\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Panda Software\TPSrv.exe
C:\Nero\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
c:\panda software\firewall\PNMSRV.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Panda Software\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Panda Software\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\PhnxCDSvr.exe
C:\Panda Software\psimsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
c:\panda software\WebProxy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\windows\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shopnbc.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kandra
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.*;192.168.0.1;direcwaysupport.com;<local>
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.shopnbc.com"); (C:\Documents and Settings\Mary\Application Data\Mozilla\Profiles\default\raq4smzi.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mary\Application Data\Mozilla\Profiles\default\raq4smzi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\eBay Toolbar2\eBayTB.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8D0F7FF8-80BD-47A9-AF2D-309407B13EE5} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [APVXDWIN] "C:\Panda Software\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &eBay Search - res://C:\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download with GetRight - C:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127453854125
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Panda Software\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Panda Software\pavsrv51.exe
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\System32\PhnxCDSvr.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\panda software\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Panda Software\psimsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Panda Software\TPSrv.exe





Wow, EARTHLINK and shopnbc??? There's a bunch of stuff in there that needs to come out. yahoo is not my default anything etc. I don't use GetRight anymore and have it (I thought) disabled.

I see that under running processes that outlook is running and so is Nero...both of which shouldn't be. I rarely use Nero....need to find decent backup software. I see a file called slserv.exe which is for the modem which I don't use (I use satellite). No wonder my system is bogged down. Alot of these running processes are unnecessary and a couple I don't recognize and their names don't show up in your database.

Of side interest is that I tried to install IE 7. Installed just fine, no errors on install etc. But won't load...gives me a kernel32.dll error. I tried opening it w/o addons still can't run. Firefox and Opera run just fine.

Thanks for very much for the help. I am comfortable making any changes needed to get this system decent again.

Edited by Kandra, 25 October 2006 - 02:27 AM.


#6 Grinler

Grinler

    Bleep Bleep!


  • Admin
  • 39,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:12 PM

Posted 25 October 2006 - 08:44 AM

needed to go to the hospital ER


Hope you are all right.

Nothing bad in the log. As for the two blank entries, they may be default entries that were added for some reason. They pose absolutely zero harm and cause no performance issues so I would leave them alone rather than removing them.

As for the software you see above that should nto be there, have you uninstalled them from the Add or Remove Programs control panel?

#7 Kandra

Kandra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:New Mexico
  • Local time:07:12 PM

Posted 25 October 2006 - 03:08 PM

Thanks for asking, I'm fine....just an asthma problem :thumbsup:

As for the Yahoo and Earthlink stuff there's nothing in the Add/Remove Programs to uninstall and I'm now
going to uninstall Nero and GetRight.

Edited by Kandra, 25 October 2006 - 03:09 PM.


#8 Grinler

Grinler

    Bleep Bleep!


  • Admin
  • 39,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:12 PM

Posted 26 October 2006 - 10:11 AM

When done, you can fix these entries via hijackthis to clean up any remnants if they still exist:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shopnbc.com/
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\GetRight\xx2gr.dll
O2 - BHO: (no name) - {8D0F7FF8-80BD-47A9-AF2D-309407B13EE5} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\eBay Toolbar2\eBayTB.dll
O8 - Extra context menu item: &eBay Search - res://C:\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download with GetRight - C:\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\GetRight\GRbrowse.htm

#9 Kandra

Kandra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:New Mexico
  • Local time:07:12 PM

Posted 28 October 2006 - 10:22 PM

Thanks sooo much!! Again, sorry for the delayed reply. This week has not been good healthwise for me :thumbsup:

Now to figure out why in Device Manager my Processor is showing up twice and some other problems. I'll go to the appropriate forums :flowers:


K.

#10 Grinler

Grinler

    Bleep Bleep!


  • Admin
  • 39,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:12 PM

Posted 29 October 2006 - 03:51 PM

Your processor may be showing up twice because you are using a hyperthreading processor. When in this mode, your computer sees your processor as actually two cpus




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users