The Official Malware/Antivirus Thread - Need help or general advice? Read this first!

[Fish]

I don't see anything malicious. Lots and lots of clutter. But nothing malicious. You could improve performance by turning off a bunch of stuff that's autostarting when it doesn't need to. But I don't see any bugs...

[OnTheWarpath15]

Quote:

Originally Posted by Fish

I don't see anything malicious. Lots and lots of clutter. But nothing malicious. You could improve performance by turning off a bunch of stuff that's autostarting when it doesn't need to. But I don't see any bugs...

Like?

Remember, I'm as green as it gets when it comes to these things.

[Fish]

Quote:

Originally Posted by OnTheWarpath58

Like?

Remember, I'm as green as it gets when it comes to these things.

I'll try and type up some instructions when I get the time.

[Fish]

Quote:

Originally Posted by OnTheWarpath58

Like?

Remember, I'm as green as it gets when it comes to these things.

OK... Registry Editing 101:

Click on the Start Menu.

Type regedit in the Search field. Click enter to open Registry Editor.

It will be listed in a folder-looking format.

The top most folders will be
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HEKY_USERS
HEKY_CURRENT_CONFIG

To keep it simple, you'll only focus on a few folder locations. These folder locations are:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

These locations are what correspond with the "HKLM\..\Run:" entries in your HijackThis log. Navigate to these folder locations. The following are what you can safely delete to increase performance without losing any functionality:

O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\*******\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BIBLauncher] C:\Program Files\Business-in-a-Box\BIBLauncher.exe
O4 - HKCU\..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\*********\AppData\Local\Akamai\netsession_win.exe"

Also remove this which is in Start Menu\Programs\Startup\

O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe

Close Registry Editor.

Click on Start Menu.

Type services.msc in Search Field.

Open Services.

This is a list of all services running on your system. Most entries have explanations. Different options for Autostart, Manual. Go through the list and see what you recognize as not necessary for loading auto.

For you, all of the following you can safely turned from autostart to manual start without losing any functionality:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe


O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

Hope that helps...