PDA

View Full Version : AVG Results



Musikmn
2006-06-09, 19:11
Sorry, to be a bother, but could someone tell explain what this is about:

C:\WINDOWS\system32\shell32.dll
Result: Change
Status: Changed

I appear to have 2 copies of the above file, one with a change/changed result & one with ok/Quick Checked

Musikmn
2006-06-10, 06:16
I have a feeling that i might have virus, spy,mal, etc. As some of my icons on desktop are blackened out & i get error messages when login on.

One says something about 16bit something
The other is talking about bitWare

Additionally, with my Bigpond Toolbar i keep geting asked to enter login details & password, it saying its incorrect (which it isnt)

Also have an overheating problem

This is my HijackThis log.


Logfile of HijackThis v1.99.1
Scan saved at 1:08:20 PM, on 10/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DllHost.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\ET4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ANTIVIRUS PROGRAMS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uws.edu.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ecc] C:\Program Files\Telstra\BigPond Assist\assist.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O15 - Trusted Zone: http://elearning.uws.edu.au
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141368339765
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/controls/iptdweb/ikcntrls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8B88106-373D-46FE-A41C-B3C224012B6B}: Domain = nsw.bigpond.net.au
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Musikmn
2006-06-10, 08:33
I have a feeling that i might have virus, spy,mal, etc. As some of my icons on desktop are blackened out & i get error messages when login on.

One says something about 16bit something
The other is talking about bitWare



This is what is being displayed (just a Q, why is jpg not supported for upload? Is it unstable or likely to hold virus?)

Its in jpg in zip folder.

LonnyRJones
2006-06-10, 09:50
Hi

In windows control panel addremove program uninstall one of those antivirus programs, i suggest canning norton, its to common.
Restart the PC afterwards

For that startup error go here and use the appropriet fix for your system
http://www.tech-forums.net/computer/topic/29806.html


Sorry, to be a bother, but could someone tell explain what this is about:

C:\WINDOWS\system32\shell32.dll
Result: Change
Status: Changed

I appear to have 2 copies of the above file, one with a change/changed result & one with ok/Quick Checked

Not sure, if you suspect a file you can always get several opinions here
Submit a file--VirusTotal: http://www.virustotal.com/flash/index_en.html

Post another Hijackthis log

Musikmn
2006-06-12, 07:50
In addition when im turning my PC off, it occassionally comes up with the End program screens:

Hammer of Thor (& other variations on Thor)
MCI command handling window
MSASCui.exe
itype.exe

Musikmn
2006-06-12, 07:53
In addition when im turning my PC off, it occassionally comes up with the End program screens:

Hammer of Thor (& other variations on Thor)
MCI command handling window
MSASCui.exe
itype.exe

Also I have had several messages saying, something like: attempting to run a dll as a exe (?im not sure, but definatetly is dll & then sends long report to Microsoft.)

Musikmn
2006-06-12, 08:06
Also I dont know if this is error in new spybot update, or symptom of a virus:

3/06/2006 4:20:49 PM Allowed value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!
3/06/2006 4:21:01 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
3/06/2006 4:24:44 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
4/06/2006 11:55:25 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
5/06/2006 12:58:57 AM Allowed value "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}" (new data: "") deleted in Global browser toolbar!
5/06/2006 12:29:33 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
6/06/2006 8:10:13 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
6/06/2006 8:10:40 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
6/06/2006 11:30:52 PM Denied value "DataLayer" (new data: "") deleted in System Startup global entry!
6/06/2006 11:31:00 PM Denied value "LtMoh" (new data: "") deleted in System Startup global entry!
6/06/2006 11:31:03 PM Denied value "AGRSMMSG" (new data: "") deleted in System Startup global entry!
7/06/2006 7:42:03 PM Allowed value "nwiz" (new data: "") deleted in System Startup global entry!
7/06/2006 7:48:32 PM Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") added in System Startup global entry!
7/06/2006 7:48:35 PM Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") added in System Startup global entry!
7/06/2006 7:48:37 PM Allowed value "nwiz" (new data: "nwiz.exe /install") added in System Startup global entry!
7/06/2006 7:48:39 PM Allowed value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit") added in System Startup global entry!
7/06/2006 7:48:39 PM Allowed value "NvRegisterMCTrayNview" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp C:\WINDOWS\system32\nView.dll") added in System Startup global entry!
7/06/2006 7:48:40 PM Allowed value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
7/06/2006 7:48:43 PM Allowed value "NvRegisterMCTrayNview" (new data: "") deleted in System Startup global entry!
7/06/2006 7:55:14 PM Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") added in System Startup global entry!
7/06/2006 7:55:22 PM Allowed value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
8/06/2006 4:49:28 PM Allowed value "ecc" (new data: "C:\Program Files\Telstra\BigPond Assist\assist.exe") added in System Startup global entry!
9/06/2006 5:52:00 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
9/06/2006 5:52:12 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
9/06/2006 5:53:02 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
9/06/2006 5:55:48 PM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
11/06/2006 12:08:06 AM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
12/06/2006 1:42:43 AM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!


& the attachment

Musikmn
2006-06-12, 12:29
Hi
Not sure, if you suspect a file you can always get several opinions here
Submit a file--VirusTotal: http://www.virustotal.com/flash/index_en.html


What exactly does this site do with the information submited to them? Isnt the file I would need to upload from my registry? From everything ive ever heard it is a bad idea to share registry and system folder files and access. So how do I know I can trust this site?

dont mean to sound offensive, in anyway.

LonnyRJones
2006-06-12, 16:32
I dont understand why you denied all those
basicly you should allow them if in doubt then go do some research to be sure.
Do not use the remember desicion option in tea timer.

Turn off Tea Timer (right-click its icon in the tray area near the windows clock and choose exit)
If it is not in the tray area open SpyBot > mode > Advanced > tools >
resident page and uncheck Tea Timer
Close SpyBot if open.
Download ResetTeaTimer.bat
http://downloads.subratam.org/ResetTeaTimer.bat
To your desktop, run ResetTeaTimer.bat.
Since it will not be needed again delete ResetTeaTimer.bat.
Turn Tea timer back on again via SpyBots tools resident page.

I trust virustotal, does that help ?

Those errors, I see them once and awhile to, not exactly the same ones.
they are somewhat normal, unless you are seeing them all the times i suggest ignoring.

Musikmn
2006-06-15, 06:32
I dont understand why you denied all those
basicly you should allow them if in doubt then go do some research to be sure.
Do not use the remember desicion option in tea timer.

Turn off Tea Timer (right-click its icon in the tray area near the windows clock and choose exit)
If it is not in the tray area open SpyBot > mode > Advanced > tools >
resident page and uncheck Tea Timer
Close SpyBot if open.
Download ResetTeaTimer.bat
http://downloads.subratam.org/ResetTeaTimer.bat
To your desktop, run ResetTeaTimer.bat.
Since it will not be needed again delete ResetTeaTimer.bat.
Turn Tea timer back on again via SpyBots tools resident page.

I trust virustotal, does that help ?

Those errors, I see them once and awhile to, not exactly the same ones.
they are somewhat normal, unless you are seeing them all the times i suggest ignoring.


I dont understand, denied what?? Im just using basic spybot, and I used the immunise function.

I also had probs with hpqtra08.exe. Is that just a hewett packard app or some virus (or whatnot) disguised as HP?

Do you happen to know what those closing functions were?

I Think that:
itype: is MS keyboard software

Musikmn
2006-06-15, 07:05
Quote:
Originally Posted by Musikmn
Sorry if this has been asked before, but could someone tell me what these results mean (i think they are spyware, but wanna make sure) also what is the best way of dealing with them?

Avenue A, Inc
BFast
CasaleMedia
CoreMetrics
DoubleClick
Download Accelerator Plus Ads
DyFuCA.InternetOptimizer
FastClick
ISearchTech.ISTactiveX
ISearchTech.ISTbar
ISearchTech.YSB
LinkSynergy
SexTracker
SurfAccuracy
TargetNet
Unknown
ValueClick
Web3000
WebInstall
WebTrends live
Windows Security Centre.AntivirusDisableNotify
Windows Security Centre.AntivirusOverride
Windows Security Centre.FirewallDisableNotify


Thanks for any assistance that the experts can provide


I just used spybot to fix DoubleClick & CoreMetrics, & got a lot of registery errors, I'm thinking of restoring to prior restore point. (should I & how do I fix this).
If im not mistaken the errors where you get "... error at ...." are reg.

Musikmn
2006-06-15, 07:21
Sorry, about the millionth post, but there doesnt appear to be an edit post button.

I'm wondering what the following programs are & if they should be uninstalled, and best method of doing so (ie; whether control/Add-Remove OR internal uninstall):

Cleaner 5 EZ
Cult 3D ActiveX Player
Cult 3D Designer
DKLM
DKSV
Download Accelerator Plus
FREE Equation Illustrator Editor version 1.7.3.0 (I know what it is & have
used, but not sure if its any good, or if there are safer &
better apps that do the same thing)
General 4.5b
GPSoftware Directory Opus
Graph
iPodder 2.0.5 (dont have an ipod)
MSN Music Assistant
MSXML4 Parser
MUSICMATCH Jukebox
Shockwave
Speed Demons
Werkkzeug1
Ad-aware 6 Personal (I have had very bad experience with this one)
Ai Picture Explorer v7
Anvil Studio

LonnyRJones
2006-06-15, 09:54
Ad-Aware 6 is an old version, It is ad-Aware SE (second edition)

As for the other programs you mention its up to you . im not familur with those, basicly uninstall what you dont use, not including updates and windows tools such as MSXML4 Parser.

The item's you mention in the SpyBot results are mostly just cookies, fix them.
Why does Spybot-S&D flag changes in the Windows Security Center?
http://www.safer-networking.org/en/faq/46.html
http://forums.spybot.info/showthread.php?t=250

I just used spybot to fix DoubleClick & CoreMetrics, & got a lot of registery errors, I'm thinking of restoring to prior restore point. (should I & how do I fix this).
If im not mistaken the errors where you get "... error at ...." are reg.
Be more specific about the error please,. details are important.

You should read more about what Tea Timer is and does before using it
basicly click allow for known good items and not for others, do not use the remember desicion box.
http://forums.spybot.info/showthread.php?t=281
=========================
Yes hpqtra08.exe is a HP program

Musikmn
2006-06-15, 11:21
Ad-Aware 6 is an old version, It is ad-Aware SE (second edition)

As for the other programs you mention its up to you . im not familur with those, basicly uninstall what you dont use, not including updates and windows tools such as MSXML4 Parser.

The item's you mention in the SpyBot results are mostly just cookies, fix them.
Why does Spybot-S&D flag changes in the Windows Security Center?
http://www.safer-networking.org/en/faq/46.html
http://forums.spybot.info/showthread.php?t=250

Be more specific about the error please,. details are important.

You should read more about what Tea Timer is and does before using it
basicly click allow for known good items and not for others, do not use the remember desicion box.
http://forums.spybot.info/showthread.php?t=281
=========================
Yes hpqtra08.exe is a HP program



Be more specific about the error please,. details are important.

Errors shown in zip file, (well I restored and openned spybot and then closed it & got these error messages)



Why does Spybot-S&D flag changes in the Windows Security Center?
http://www.safer-networking.org/en/faq/46.html
http://forums.spybot.info/showthread.php?t=250


Yes, I realise that the ones refering to windows are fine (the you replied to was from another thread, from which I qouted myself)



You should read more about what Tea Timer is and does before using it
basicly click allow for known good items and not for others, do not use the remember desicion box. When did I use it? As a basic user, isnt it auto set up by spybot?

LonnyRJones
2006-06-15, 12:08
Curious why you would want to restore what spybot has removed ?

Im unsure of why the errors, let us know if you see them again

I suggest you turn tea timer back OFF and leave it off untill you read more about it, It is not enabled by default when we install SpyBot.

tashi
2006-06-20, 21:06
Musikmn do you still require assistance?

tashi
2006-06-22, 10:08
This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.