K
kimiraikkonen
Sometimes and lately frequently, After system desktop and tray icons
are loaded successfuly, the computer freezes (Acer Aspire 3004WLCI)
and after that freeze i cannot launch apps like IE6,7, MSN 7.5, WLM8
etc also control panel.
Doing ctrl-alt-del does not help, the cpu usage is %0 or 1,
terminating some exe files does not help.
The only thing i can do is pressing power button more than 4 seconds
to close computer via emergency shutdown.
I couldn't find out. This problem will drive me crazy!!! I tried
plenty configuration of services(i set some services 'automatic'
which
are started although they are set to 'manual')
I simplified progams via add-remove.
I run updated version of McAfee8 and found no viruses.
My hijackThis report is this also:
[Y] Logfile of HijackThis v1.99.1 - This should be the newest version.
[WINXP] Platform: Windows XP SP2 (WinNT 5.01.2600) -
[Y] MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) - This should
be the newest version.
[Y] C:\WINDOWS\System32\smss.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\winlogon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\services.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\lsass.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\spoolsv.exe - This entry was classified from
our visitors as good.
[Y] C:\Program Files\Adobe\Photoshop Elements
4.0\PhotoshopElementsFileAgent.exe - Adobe Photoshop Elements
[Y] C:\Acer\eManager\anbmServ.exe - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Network Associates\Common Framework
\FrameworkService.exe -
[AVSCAN] C:\Program Files\Network Associates\VirusScan\mcshield.exe -
McAfee VirusScan
[Y] C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -
[Y] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -
Machine Debug Manager. Used by developers.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\Explorer.EXE - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -
[Y] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -
[Y] C:\WINDOWS\SOUNDMAN.EXE - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\AGRSMMSG.exe - SoftModem Messaging Applet
[Y] C:\WINDOWS\system32\Rundll32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\keyhook.exe -
[Y] C:\Program Files\Arcade\PCMService.exe - PowerCinema
[Y] C:\Program Files\Launch Manager\QtZgAcer.EXE - Acer Launch Manager
[Y] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe - Part
of Adobe Phothoshop
[Y] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE -
[Y] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
-
[Y] C:\Program Files\Common Files\Network Associates\TalkBack
\tbmon.exe - Network Associates / McAfee VirusScan Enterprise Corp.
Version
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\ctfmon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\sistray.exe - SIS Vga Card Driver
[Y] C:\Acer\Empowering Technology\eRecovery\Monitor.exe - Acer
eRecovery
[Y] C:\Program Files\Internet Explorer\iexplore.exe - This entry was
classified from our visitors as good.
[Y] C:\Documents and Settings\Kemal\Desktop\HijackThis.exe - Remember
that Hijackthis must be run in an own folder. Only if Hijackthis run
in an own folder it will create backups!Tool, mit dem sie dieses
Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:
\Programme\HijackThis\HijackThis.exe
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer
\Main,Default_Page_URL = http://global.acer.com - This page has been
identified as safe.
[Y] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll - AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat
reader, http://www.adobe.com/products/acrobat/re adstep2.html
[Y] O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar1.dll -
googletoolbar.dll, googletoolbar*.dll (* = number),
googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. -
Google toolbar, http://toolbar.google.com/
[Y] O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Toolbar\01.01.2607.0\tr-tr\msntb.dll -
Msntb.dll - MSN Toolbar, http://toolbar.msn.com/
[Y] O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar1.dll - googletoolbar.dll,
googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll,
googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll -
Google Toolbar
[Y] O4 - HKLM\..\Run: [LaunchApp] Alaunch - Unknown application.This
entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP
\SynTPLpr.exe - Synaptics touchpad driver helper. Required for
touchpad features to work
[Y] O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP
\SynTPEnh.exe -
[Y] O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - Not dangerous, but
unnecessary.This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe - IBM AMR modem driver
[Y] O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent -
Dynamic link library for setting Power Scheme
[Y] O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS
\system32\keyhook.exe -
[Y] O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME
\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - Not dangerous,
but unnecessary.Part of MS Input Method Editor which is used to ease
the input of Asian characters in MS Office (Chinese, Korean and this
one is Japanese)
[Y] O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT
\ImScInst.exe /SYNC -
[Y] O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /SYNC - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /IMEName - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade
\PCMService.exe" - In a Dell\Media Experience sub-directory
[Y] O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager
\QtZgAcer.EXE - Acer Launch Manager - on Acer laptops it allows users
to configure shortcut keys and to set the operating state of the WLAN
module and the (optional) Bluetooth radio
[Y] O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology
\eRecovery\Monitor.exe - Acer Empowering Technology eRecovery
[Y] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
\Photoshop Elements 4.0\apdproxy.exe" - Not dangerous, but
unnecessary.Part of Adobe's Photoshop Album or Photoshop Elements
packages - starts each time you connect an external image device to
your PC (see here)
[Y] O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates
\VirusScan\SHSTAT.EXE" /STANDALONE - From McAfee VirusScan NT 4.x.
Handles program communication among VShield components, displays
VShield icon. Can be started automatically or available via Start ->
Programs
[Y] O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey -
Associated with McAfee Enterprise 7.0.0. Updater for McAfee anti-virus
and security programs.
[Y] O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:
\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" -
Network Associates Error Reporting Tool - tool traps errors and
requests submission to NAI for the purpose of betatesting new
software
[?] O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe
P0870Pin.dll,RunDLL32EP 513 - Unknown application.
[?] O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe
V0060Pin.dll,RunDLL32EP 513 - Unknown application.
[Y] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime - Not dangerous, but unnecessary.QuickTime
[Y] O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe -
Office related
[Y] O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 -
AdobeUpdateManager
[Y] O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS
\system32\sistray.exe - System Tray icon for SiS based graphics. Note
- this resides in C:\Windows\System
[Y] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files
\Microsoft Office\Office10\OSA.EXE - Not dangerous, but
unnecessary.Application which launches common MS Office components to
help speed up the launch of Office programs. It's somewhat of a
resource hog
[Y] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - Not dangerous, but
unnecessary.Speeds up the time it takes to load the Adobe Reader
application. Your choice
[Y] O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program
Files\Common Files\Autodesk Shared\acstart16.exe - Preloads some
libraries that are used by AutoCAD in order to make the software load
faster
[Y] O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html - The entry &Google
Search has been identified as safe.
[Y] O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html - The entry
&Translate English Word has been identified as safe.
[Y] O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html - The entry Backward
Links has been identified as safe.
[Y] O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html - The entry Cached
Snapshot of Page has been identified as safe.
[Y] O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 - The entry E&xport
to Microsoft Excel has been identified as safe.
[Y] O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html - The entry Similar
Pages has been identified as safe.
[Y] O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html - The
entry Translate Page into English has been identified as safe.
[N] O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file
missing) - Unnecessary (deactivated) entry that can be fixed.The entry
has been identified as safe.
[N] O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
\xpnetdiag.exe (file missing) - Unnecessary (deactivated) entry that
can be fixed.The entry @xpsp3res.dll, has been identified as safe.
[Y] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe - The entry
Messenger has been identified as safe.
[Y] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -
The entry Windows Messenger has been identified as safe.
[?] O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF}
(SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX
Basic) - http://bes.anadoluhayat.com.tr/emeklilik/ScriptX.cab - Check
if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O16 - DPF: {1CD42208-BDFD-42DB-BCAD-25A25F91B1C6} (FinAChart
Control) - http://www.ataonline.com.tr/program/achart/FinAChartPro.cab
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[Y] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/
x86/client/muweb_site.cab?1152362812843 - This entry has been
identified as safe.
[Y] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/
swflash.cab - This entry has been identified as safe.
[?] O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920}
(JaguarEditControl-ISBANK) - https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISB.CAB
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O17 - HKLM\System\CCS\Services\Tcpip\..\{5DF78559-
A647-4B58-9492-0DEF721E66C8}: NameServer = 195.175.39.39,195.175.39.40
- Do you know the IP or Domain '195.175.39.39,195.175.39.40'? If not,
fix this entry.
[?] O17 - HKLM\System\CCS\Services\Tcpip\..\{6B84EBD8-34BD-436F-
A0A2-9CA8D13DF654}: NameServer = 193.140.83.251 - Do you know the IP
or Domain '193.140.83.251'? If not, fix this entry.
[Y] O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) - This entry has
been identified as safe.This entry was classified from our visitors as
good.
[Y] O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
- Windows Genuine Advantage Notification
[Y] O23 - Service: Adobe Active File Monitor V4
(AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe
\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe - This service
(PhotoshopElementsFileAgent.exe) was identified as a good one.
[Y] O23 - Service: Notebook Manager Service (anbmService) - OSA
Technologies Inc. - C:\Acer\eManager\anbmServ.exe - This service
(anbmServ.exe) was identified as a good one.
[Y] O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe - This
service (AdskScSrv.exe) was identified as a good one.
[Y] O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common Files\InstallShield
\Driver\11\Intel 32\IDriverT.exe - This service (IDriverT.exe) was
identified as a good one.
[Y] O23 - Service: McAfee Framework Service (McAfeeFramework) -
Network Associates, Inc. - C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe - This service (FrameworkService.exe)
was identified as a good one.
[AVSCAN] O23 - Service: Network Associates McShield (McShield) -
Network Associates, Inc. - C:\Program Files\Network Associates
\VirusScan\mcshield.exe - This service (mcshield.exe) was identified
as a good one.
[Y] O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates, Inc. - C:\Program Files\Network Associates
\VirusScan\vstskmgr.exe - This service (vstskmgr.exe) was identified
as a good one.
Any useful help is appreciated.
Thank you...
are loaded successfuly, the computer freezes (Acer Aspire 3004WLCI)
and after that freeze i cannot launch apps like IE6,7, MSN 7.5, WLM8
etc also control panel.
Doing ctrl-alt-del does not help, the cpu usage is %0 or 1,
terminating some exe files does not help.
The only thing i can do is pressing power button more than 4 seconds
to close computer via emergency shutdown.
I couldn't find out. This problem will drive me crazy!!! I tried
plenty configuration of services(i set some services 'automatic'
which
are started although they are set to 'manual')
I simplified progams via add-remove.
I run updated version of McAfee8 and found no viruses.
My hijackThis report is this also:
[Y] Logfile of HijackThis v1.99.1 - This should be the newest version.
[WINXP] Platform: Windows XP SP2 (WinNT 5.01.2600) -
[Y] MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) - This should
be the newest version.
[Y] C:\WINDOWS\System32\smss.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\winlogon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\services.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\lsass.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\spoolsv.exe - This entry was classified from
our visitors as good.
[Y] C:\Program Files\Adobe\Photoshop Elements
4.0\PhotoshopElementsFileAgent.exe - Adobe Photoshop Elements
[Y] C:\Acer\eManager\anbmServ.exe - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Network Associates\Common Framework
\FrameworkService.exe -
[AVSCAN] C:\Program Files\Network Associates\VirusScan\mcshield.exe -
McAfee VirusScan
[Y] C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -
[Y] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -
Machine Debug Manager. Used by developers.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\Explorer.EXE - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -
[Y] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -
[Y] C:\WINDOWS\SOUNDMAN.EXE - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\AGRSMMSG.exe - SoftModem Messaging Applet
[Y] C:\WINDOWS\system32\Rundll32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\keyhook.exe -
[Y] C:\Program Files\Arcade\PCMService.exe - PowerCinema
[Y] C:\Program Files\Launch Manager\QtZgAcer.EXE - Acer Launch Manager
[Y] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe - Part
of Adobe Phothoshop
[Y] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE -
[Y] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
-
[Y] C:\Program Files\Common Files\Network Associates\TalkBack
\tbmon.exe - Network Associates / McAfee VirusScan Enterprise Corp.
Version
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\ctfmon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\sistray.exe - SIS Vga Card Driver
[Y] C:\Acer\Empowering Technology\eRecovery\Monitor.exe - Acer
eRecovery
[Y] C:\Program Files\Internet Explorer\iexplore.exe - This entry was
classified from our visitors as good.
[Y] C:\Documents and Settings\Kemal\Desktop\HijackThis.exe - Remember
that Hijackthis must be run in an own folder. Only if Hijackthis run
in an own folder it will create backups!Tool, mit dem sie dieses
Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:
\Programme\HijackThis\HijackThis.exe
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer
\Main,Default_Page_URL = http://global.acer.com - This page has been
identified as safe.
[Y] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll - AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat
reader, http://www.adobe.com/products/acrobat/re adstep2.html
[Y] O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar1.dll -
googletoolbar.dll, googletoolbar*.dll (* = number),
googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. -
Google toolbar, http://toolbar.google.com/
[Y] O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Toolbar\01.01.2607.0\tr-tr\msntb.dll -
Msntb.dll - MSN Toolbar, http://toolbar.msn.com/
[Y] O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar1.dll - googletoolbar.dll,
googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll,
googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll -
Google Toolbar
[Y] O4 - HKLM\..\Run: [LaunchApp] Alaunch - Unknown application.This
entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP
\SynTPLpr.exe - Synaptics touchpad driver helper. Required for
touchpad features to work
[Y] O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP
\SynTPEnh.exe -
[Y] O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - Not dangerous, but
unnecessary.This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe - IBM AMR modem driver
[Y] O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent -
Dynamic link library for setting Power Scheme
[Y] O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS
\system32\keyhook.exe -
[Y] O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME
\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - Not dangerous,
but unnecessary.Part of MS Input Method Editor which is used to ease
the input of Asian characters in MS Office (Chinese, Korean and this
one is Japanese)
[Y] O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT
\ImScInst.exe /SYNC -
[Y] O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /SYNC - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /IMEName - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade
\PCMService.exe" - In a Dell\Media Experience sub-directory
[Y] O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager
\QtZgAcer.EXE - Acer Launch Manager - on Acer laptops it allows users
to configure shortcut keys and to set the operating state of the WLAN
module and the (optional) Bluetooth radio
[Y] O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology
\eRecovery\Monitor.exe - Acer Empowering Technology eRecovery
[Y] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
\Photoshop Elements 4.0\apdproxy.exe" - Not dangerous, but
unnecessary.Part of Adobe's Photoshop Album or Photoshop Elements
packages - starts each time you connect an external image device to
your PC (see here)
[Y] O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates
\VirusScan\SHSTAT.EXE" /STANDALONE - From McAfee VirusScan NT 4.x.
Handles program communication among VShield components, displays
VShield icon. Can be started automatically or available via Start ->
Programs
[Y] O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey -
Associated with McAfee Enterprise 7.0.0. Updater for McAfee anti-virus
and security programs.
[Y] O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:
\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" -
Network Associates Error Reporting Tool - tool traps errors and
requests submission to NAI for the purpose of betatesting new
software
[?] O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe
P0870Pin.dll,RunDLL32EP 513 - Unknown application.
[?] O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe
V0060Pin.dll,RunDLL32EP 513 - Unknown application.
[Y] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime - Not dangerous, but unnecessary.QuickTime
[Y] O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe -
Office related
[Y] O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 -
AdobeUpdateManager
[Y] O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS
\system32\sistray.exe - System Tray icon for SiS based graphics. Note
- this resides in C:\Windows\System
[Y] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files
\Microsoft Office\Office10\OSA.EXE - Not dangerous, but
unnecessary.Application which launches common MS Office components to
help speed up the launch of Office programs. It's somewhat of a
resource hog
[Y] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - Not dangerous, but
unnecessary.Speeds up the time it takes to load the Adobe Reader
application. Your choice
[Y] O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program
Files\Common Files\Autodesk Shared\acstart16.exe - Preloads some
libraries that are used by AutoCAD in order to make the software load
faster
[Y] O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html - The entry &Google
Search has been identified as safe.
[Y] O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html - The entry
&Translate English Word has been identified as safe.
[Y] O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html - The entry Backward
Links has been identified as safe.
[Y] O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html - The entry Cached
Snapshot of Page has been identified as safe.
[Y] O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 - The entry E&xport
to Microsoft Excel has been identified as safe.
[Y] O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html - The entry Similar
Pages has been identified as safe.
[Y] O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html - The
entry Translate Page into English has been identified as safe.
[N] O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file
missing) - Unnecessary (deactivated) entry that can be fixed.The entry
has been identified as safe.
[N] O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
\xpnetdiag.exe (file missing) - Unnecessary (deactivated) entry that
can be fixed.The entry @xpsp3res.dll, has been identified as safe.
[Y] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe - The entry
Messenger has been identified as safe.
[Y] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -
The entry Windows Messenger has been identified as safe.
[?] O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF}
(SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX
Basic) - http://bes.anadoluhayat.com.tr/emeklilik/ScriptX.cab - Check
if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O16 - DPF: {1CD42208-BDFD-42DB-BCAD-25A25F91B1C6} (FinAChart
Control) - http://www.ataonline.com.tr/program/achart/FinAChartPro.cab
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[Y] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/
x86/client/muweb_site.cab?1152362812843 - This entry has been
identified as safe.
[Y] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/
swflash.cab - This entry has been identified as safe.
[?] O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920}
(JaguarEditControl-ISBANK) - https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISB.CAB
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O17 - HKLM\System\CCS\Services\Tcpip\..\{5DF78559-
A647-4B58-9492-0DEF721E66C8}: NameServer = 195.175.39.39,195.175.39.40
- Do you know the IP or Domain '195.175.39.39,195.175.39.40'? If not,
fix this entry.
[?] O17 - HKLM\System\CCS\Services\Tcpip\..\{6B84EBD8-34BD-436F-
A0A2-9CA8D13DF654}: NameServer = 193.140.83.251 - Do you know the IP
or Domain '193.140.83.251'? If not, fix this entry.
[Y] O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) - This entry has
been identified as safe.This entry was classified from our visitors as
good.
[Y] O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
- Windows Genuine Advantage Notification
[Y] O23 - Service: Adobe Active File Monitor V4
(AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe
\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe - This service
(PhotoshopElementsFileAgent.exe) was identified as a good one.
[Y] O23 - Service: Notebook Manager Service (anbmService) - OSA
Technologies Inc. - C:\Acer\eManager\anbmServ.exe - This service
(anbmServ.exe) was identified as a good one.
[Y] O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe - This
service (AdskScSrv.exe) was identified as a good one.
[Y] O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common Files\InstallShield
\Driver\11\Intel 32\IDriverT.exe - This service (IDriverT.exe) was
identified as a good one.
[Y] O23 - Service: McAfee Framework Service (McAfeeFramework) -
Network Associates, Inc. - C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe - This service (FrameworkService.exe)
was identified as a good one.
[AVSCAN] O23 - Service: Network Associates McShield (McShield) -
Network Associates, Inc. - C:\Program Files\Network Associates
\VirusScan\mcshield.exe - This service (mcshield.exe) was identified
as a good one.
[Y] O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates, Inc. - C:\Program Files\Network Associates
\VirusScan\vstskmgr.exe - This service (vstskmgr.exe) was identified
as a good one.
Any useful help is appreciated.
Thank you...