My notebook works fine in the safe mode but not in the normal
- Thread starter hgd7833
- Start date
Everything is fine, if you didn't need something loading at startup I would tell you.
Actually your startup items are the 04 entries in hijackthis. for example.
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"
You can have hijackthis fix these 2 entries if you wish.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: OneNote Table Of Contents.onetoc2
You also have services that start on bootup, you can either disable them or change them to manual startup. not knowing what you use and don't use, i'm not gonna recommend anything there.
Actually your startup items are the 04 entries in hijackthis. for example.
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"
You can have hijackthis fix these 2 entries if you wish.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: OneNote Table Of Contents.onetoc2
You also have services that start on bootup, you can either disable them or change them to manual startup. not knowing what you use and don't use, i'm not gonna recommend anything there.
Hey. I ran avira rootikt tool, and it detects 3 files in the registry.
the report is:
Avira AntiRootkit Tool (1.1.0.1)
========================================================================================================
- Scan started Wednesday, July 28, 2010 - 21:27:09 PM
========================================================================================================
--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 220.97 GB
- Working disk free size : 162.07 GB (73 %)
--------------------------------------------------------------------------------------------------------
Results:
Hidden value : HKEY_USERS\S-1-5-21-883753229-2986850252-1660446485-1000\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 -> 8762648d8ec23a496ee3e8316d0454bf77797e1d26
Hidden value : HKEY_USERS\S-1-5-21-883753229-2986850252-1660446485-1000\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 -> 95f4e391831e9a19bbb7aca64df53c6d457fff7134
Hidden key : HKEY_LOCAL_MACHINE\Software\DigitalPersona\DB\Cache\AMMAR-PC\users
Hidden key : HKEY_LOCAL_MACHINE\Software\DigitalPersona\DB\MainDB\users
--------------------------------------------------------------------------------------------------------
Files: 0/233929
Registry items: 4/595520
Processes: 0/69
Scan time: 00:13:36
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- svchost.exe (PID 1924)
- svchost.exe (PID 1128)
- svchost.exe (PID 1004)
- DpHostW.exe (PID 1828)
- oasrv.exe (PID 1604)
- explorer.exe (PID 3360)
- prevx.exe (PID 2640)
- svchost.exe (PID 1440)
- svchost.exe (PID 1168)
- svchost.exe (PID 1336)
- smss.exe (PID 476)
- prevx.exe (PID 2056)
- csrss.exe (PID 560)
- oacat.exe (PID 1592)
- lsm.exe (PID 676)
- avguard.exe (PID 732)
- winlogon.exe (PID 956)
- svchost.exe (PID 1156)
- wininit.exe (PID 612)
- svchost.exe (PID 780)
- services.exe (PID 656)
- csrss.exe (PID 624)
- lsass.exe (PID 668)
- audiodg.exe (PID 1256)
- nvvsvc.exe (PID 1328)
- mDNSResponder.exe (PID 1116)
- svchost.exe (PID 828)
- nvvsvc.exe (PID 964)
- oaui.exe (PID 760)
- svchost.exe (PID 2684)
- AAWTray.exe (PID 1088)
- SearchIndexer.exe (PID 4092)
- QPCapSvc.exe (PID 2744)
- svchost.exe (PID 1272)
- SLsvc.exe (PID 1292)
- AppleMobileDeviceService.exe (PID 568)
- taskeng.exe (PID 3740)
- AAWService.exe (PID 1700)
- spoolsv.exe (PID 1800)
- sched.exe (PID 1884)
- taskeng.exe (PID 1448)
- SBPIMSvc.exe (PID 3876)
- McciCMService.exe (PID 2464)
- IAANTmon.exe (PID 2196)
- hpqWmiEx.exe (PID 3984)
- LSSrvc.exe (PID 2324)
- SeaPort.exe (PID 4048)
- HPHC_Service.exe (PID 5068)
- WLIDSVC.EXE (PID 3308)
- svchost.exe (PID 2652)
- dwm.exe (PID 3256)
- mfpmp.exe (PID 6348)
- QPSched.exe (PID 3900)
- Athan.exe (PID 3108)
- avgnt.exe (PID 1248)
- DpAgent.exe (PID 3048)
- svchost.exe (PID 3072)
- HPKBDAPP.exe (PID 3076)
- WmiPrvSE.exe (PID 4668)
- SBAMTray.exe (PID 3428)
- oahlp.exe (PID 2904)
- alg.exe (PID 4268)
- unsecapp.exe (PID 4284)
- WLIDSVCM.EXE (PID 4724)
- SBAMSvc.exe (PID 4840)
- plugin-container.exe (PID 5392)
- kksqygqz.exe (PID 9140) (Avira AntiRootkit Tool)
- avirarkd.exe (PID 8896)
========================================================================================================
- Scan finished Wednesday, July 28, 2010 - 21:40:46 PM
========================================================================================================
I am afraid these 3 files are rootkits and cause the recent problem I have in my comuter
what do you think ?
the report is:
Avira AntiRootkit Tool (1.1.0.1)
========================================================================================================
- Scan started Wednesday, July 28, 2010 - 21:27:09 PM
========================================================================================================
--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 220.97 GB
- Working disk free size : 162.07 GB (73 %)
--------------------------------------------------------------------------------------------------------
Results:
Hidden value : HKEY_USERS\S-1-5-21-883753229-2986850252-1660446485-1000\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 -> 8762648d8ec23a496ee3e8316d0454bf77797e1d26
Hidden value : HKEY_USERS\S-1-5-21-883753229-2986850252-1660446485-1000\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 -> 95f4e391831e9a19bbb7aca64df53c6d457fff7134
Hidden key : HKEY_LOCAL_MACHINE\Software\DigitalPersona\DB\Cache\AMMAR-PC\users
Hidden key : HKEY_LOCAL_MACHINE\Software\DigitalPersona\DB\MainDB\users
--------------------------------------------------------------------------------------------------------
Files: 0/233929
Registry items: 4/595520
Processes: 0/69
Scan time: 00:13:36
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- svchost.exe (PID 1924)
- svchost.exe (PID 1128)
- svchost.exe (PID 1004)
- DpHostW.exe (PID 1828)
- oasrv.exe (PID 1604)
- explorer.exe (PID 3360)
- prevx.exe (PID 2640)
- svchost.exe (PID 1440)
- svchost.exe (PID 1168)
- svchost.exe (PID 1336)
- smss.exe (PID 476)
- prevx.exe (PID 2056)
- csrss.exe (PID 560)
- oacat.exe (PID 1592)
- lsm.exe (PID 676)
- avguard.exe (PID 732)
- winlogon.exe (PID 956)
- svchost.exe (PID 1156)
- wininit.exe (PID 612)
- svchost.exe (PID 780)
- services.exe (PID 656)
- csrss.exe (PID 624)
- lsass.exe (PID 668)
- audiodg.exe (PID 1256)
- nvvsvc.exe (PID 1328)
- mDNSResponder.exe (PID 1116)
- svchost.exe (PID 828)
- nvvsvc.exe (PID 964)
- oaui.exe (PID 760)
- svchost.exe (PID 2684)
- AAWTray.exe (PID 1088)
- SearchIndexer.exe (PID 4092)
- QPCapSvc.exe (PID 2744)
- svchost.exe (PID 1272)
- SLsvc.exe (PID 1292)
- AppleMobileDeviceService.exe (PID 568)
- taskeng.exe (PID 3740)
- AAWService.exe (PID 1700)
- spoolsv.exe (PID 1800)
- sched.exe (PID 1884)
- taskeng.exe (PID 1448)
- SBPIMSvc.exe (PID 3876)
- McciCMService.exe (PID 2464)
- IAANTmon.exe (PID 2196)
- hpqWmiEx.exe (PID 3984)
- LSSrvc.exe (PID 2324)
- SeaPort.exe (PID 4048)
- HPHC_Service.exe (PID 5068)
- WLIDSVC.EXE (PID 3308)
- svchost.exe (PID 2652)
- dwm.exe (PID 3256)
- mfpmp.exe (PID 6348)
- QPSched.exe (PID 3900)
- Athan.exe (PID 3108)
- avgnt.exe (PID 1248)
- DpAgent.exe (PID 3048)
- svchost.exe (PID 3072)
- HPKBDAPP.exe (PID 3076)
- WmiPrvSE.exe (PID 4668)
- SBAMTray.exe (PID 3428)
- oahlp.exe (PID 2904)
- alg.exe (PID 4268)
- unsecapp.exe (PID 4284)
- WLIDSVCM.EXE (PID 4724)
- SBAMSvc.exe (PID 4840)
- plugin-container.exe (PID 5392)
- kksqygqz.exe (PID 9140) (Avira AntiRootkit Tool)
- avirarkd.exe (PID 8896)
========================================================================================================
- Scan finished Wednesday, July 28, 2010 - 21:40:46 PM
========================================================================================================
I am afraid these 3 files are rootkits and cause the recent problem I have in my comuter
what do you think ?
Hi. I made a scan using DrWeb, and it was unbelievable. It took a long time, and I could't
complete it. I completed the express scan ( using the enhanced protection mode )and found nothing. I did a complete scan after that but it took a very long time, so I have stopped it. It found something that I don't really think it is a virus.
The report log is too long to be posted here, but I can post the statistics here:
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 958135
Infected: 11
Modifications: 0
Suspicious: 3
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 9
Ignored: 0
Scan speed: 49 Kb/s
Scan time: 18:03:23
-----------------------------------------------------------------------------
Scanning interrupted by user! - viruses found
C:\Program Files\ATT\nullsoft\aace.EXE - moved
C:\Program Files\ATT-PRT22-WISE\nullsoft\prt22.EXE - moved
C:\Program Files\Common Files\Motive\InstallHelper.exe - moved
=============================================================================
Total session statistics
=============================================================================
Scanned: 1044427
Infected: 11
Modifications: 0
Suspicious: 3
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 12
Ignored: 0
Scan speed: 47 Kb/s
Scan time: 19:35:11
=============================================================================
complete it. I completed the express scan ( using the enhanced protection mode )and found nothing. I did a complete scan after that but it took a very long time, so I have stopped it. It found something that I don't really think it is a virus.
The report log is too long to be posted here, but I can post the statistics here:
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 958135
Infected: 11
Modifications: 0
Suspicious: 3
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 9
Ignored: 0
Scan speed: 49 Kb/s
Scan time: 18:03:23
-----------------------------------------------------------------------------
Scanning interrupted by user! - viruses found
C:\Program Files\ATT\nullsoft\aace.EXE - moved
C:\Program Files\ATT-PRT22-WISE\nullsoft\prt22.EXE - moved
C:\Program Files\Common Files\Motive\InstallHelper.exe - moved
=============================================================================
Total session statistics
=============================================================================
Scanned: 1044427
Infected: 11
Modifications: 0
Suspicious: 3
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 12
Ignored: 0
Scan speed: 47 Kb/s
Scan time: 19:35:11
=============================================================================