Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Calm after the Storm 2

Status
Not open for further replies.
noellees1

noellees1

Programmer
Feb 2, 2004
383
GB
hi,
Had a large spyware and adware hit the other night left the pc with the kid somehow he turned off firewall, long story short ive used adaware and spybot to kill the problems
IE Search
Bargin Something
MSBB etc Lots of horrible thingys
Ran virus check and removed one.
Now my question is in my startup menu it looks nasty i have lots of processes told not to start up, and they dont even exist anymore.
Is their a way for me to delete these entrys?
 
Sort by date Sort by votes
If you mean "Startup group" by "Startup menu" then you can just right click on the icon and delete it, but if this is not what you meant, let me know where these are being loaded from, and the operating system that your computer is running and I will try to help further.

John
 
Upvote 0 Downvote
Windows XP
These are all in MSCONFIG
akxxplst
bridge
msbb
belt
They just look stupid being there when i go to it i like it to look neat.
Is there a way to remove them from this list
 
Upvote 0 Downvote
Each item is an entry in the registry, you can open the registry editor (regedt32.exe) and move to the appropriate section then delete the items you don't want.
I must recommend taking a backup of the registry before going ahead with this though because making mistakes with it can cause major problems with your whole system.
I also hope that you switched off the System Restore before going ahead with the removal because it is possible for Windows to restore the items if the system gets rolled back, undoing all your hard work.

HKLM is HKEY_Local_Machine
HKCU is HKEY_Current_User

All other keys are exactly the same in the registry.

John
 
Upvote 0 Downvote
spybot search and destroy has a tools option, one of the items in this is startup, and I believe it gives you the option to delete displayed items.
 
Upvote 0 Downvote
Cheers diogenes followed your advice worked a treat, just a note to say that you needed to enable it as a startup process then go into spybot and tell it not to start.
Will anyone just have a quick scan through my log and see if any nasties have been left undetected.
Logfile of HijackThis v1.97.7
Scan saved at 20:37:25, on 28/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Daniel Perry\My Documents\DSP Computer Sevices\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.xls
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) -
 
Upvote 0 Downvote
These are relativly hardmess entries, but they also don't need to be there wasting your resources. I would fix them.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
If you did not manually add this entry, you should fix it as well.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Otherwise, you look clean to me.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
426
2ffat
2ffat
2ffat
  • Locked
  • News
CNET/Download.com have cleaned up their act! 4
Replies
5
Views
181
kjv1611
kjv1611
goombawaho
  • Locked
  • Question
Does any A-V stop the FBI/MoneyPak malwar?
Replies
13
Views
248
goombawaho
goombawaho
jlockley
  • Locked
  • Helpful tip
The Crawler/Spyware terminator issue
Replies
5
Views
130
jlockley
jlockley
goombawaho
  • Locked
  • Question
PC monitoring - detecting the detectives
Replies
16
Views
118
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top