Yep, the registry search. I don't really get what Dave Taylor means by 'keys', I'm really not computer literate at all.which "it's"? the registry search?
How to detect existing antivirus software?
#16
Posted 10 September 2008 - 07:30 AM
#17
Posted 10 September 2008 - 07:32 AM
first try this http://support.microsoft.com/kb/910654 (just the first set of steps)
report any errors
second check in c:\program files and tell me if there are any other folders there related to AV software
#19
Posted 10 September 2008 - 07:39 AM
<----take that rick (heheheh i called him rick)and once you do those steps go here and download the Windows Installer Cleanup Utility package and run it according to the MS instructions...
#20
Posted 10 September 2008 - 07:57 AM
Edited by happyrock, 10 September 2008 - 07:57 AM.
#21
Posted 10 September 2008 - 08:06 AM
Ok, done the first bit and couldn't see any errors. Did a search in programme files for AV software and can't find anything.keys are what show up in that registry search...let's take a step back and try a couple of other things
first try this http://support.microsoft.com/kb/910654 (just the first set of steps)
report any errors
second check in c:\program files and tell me if there are any other folders there related to AV software
#22
Posted 10 September 2008 - 08:07 AM
#23
Posted 10 September 2008 - 08:19 AM
#24
Posted 10 September 2008 - 08:27 AM
uncheck everything ...if its a laptop you have to be careful about what you uncheck or your touch pad and wireless and things like that will not function for you..
google each start up item to decide if you need it to load with windows...unchecking them does not remove them ..they are still available to use...
#25
Posted 10 September 2008 - 08:31 AM
#26
Posted 10 September 2008 - 08:35 AM
however...for this issue that may not resolve things yet since there MIGHT still be part of another AV running on your system which will just cause further conflicts...let's try to clear that up before we try to force AVG in
to get into safe mode: While starting your computer tap the F8 key once every second during the memory count up, or during the system spash screen where you see the system maker's name (HP, COMPAQ, DELL....etc.)
This will result in a text based menu. Use the curors/arrorw keys to navigate to SAFE MODE and hit enter.
but first
Lets take a look at what is starting up when your computer does. Please download HiJackThis, install it, and double-click on the HiJackThis.exe icon. On the first screen click on Open the Misc Tools Section...On the next screen, click on the Generate StartupList log button and post a copy of the log here. You need not check either of the boxes next to this button
#27
Posted 10 September 2008 - 08:38 AM
#28
Posted 10 September 2008 - 08:38 AM
#29
Posted 10 September 2008 - 08:46 AM
StartupList report, 10/09/2008, 15:44:57
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16705)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Picture Package VCD Maker.lnk = ?
Picture Package Menu.lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroCheck = C:\WINDOWS\System32\\NeroCheck.exe
LtMoh = C:\Program Files\ltmoh\Ltmoh.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
AGRSMMSG = AGRSMMSG.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
OneCareUI = "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
vddbad7e = RUNDLL32.EXE w001e1b5.dll,n 001bad7d0000000a001e1b5
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=
SCRNSAVE.EXE=C:\WINDOWS\AQUATI~1.SCR
drivers=
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {1AB50067-BAAD-C573-82F3-C06930FB8694}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - (no file) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
Symantec NetDetect.job
MP Scheduled Quick Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab
[{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
CODEBASE = http://a1540.g.akama...meInstaller.exe
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.ma...ent/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 5,584 bytes
Report generated in 0.120 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
#30
Posted 10 September 2008 - 08:50 AM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users