Tom's Guide | Tom's Hardware | Tom's Games
![]() |
![]() |
![]() |
Hi, I recently re-installed my XP due to its many spware, malware, worm, etc...
But after that, I still find some of them in my system. How do I get rid of it? Especially spoolsvc.exe, and notifynotebook.
Below is my log from HiJackThis.
Thanks guys...
Logfile of HijackThis v1.98.2
Scan saved at 6:19:32 PM, on 9/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\winsysi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\inmwsktfi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~2\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\Andrew\My Documents\Roo\Programs\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.miw.com.sg/Mindef/Epay/eps/login/miw_mindef_eps.jsp
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-sg\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-sg\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [windowsupdate2] inmwsktfi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\RunServices: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunServices: [windowsupdate2] inmwsktfi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9A7D96-6520-49B7-B5DE-F87F22A9E8AF}: NameServer = 192.169.34.181 203.120.90.40
Follow the advice from the replies in this post:
http://www.computing.net/security/wwwboard/forum/13715.html
M
Report Offensive Follow Up For Removal
I'm surprised your HJT log has been allowed to stay?
http://hijackthis.de/index.php?langselect=english
Tt Lanfire
nf7-s v2.0
XP-m 2500@210x11
SP 97
512mb pc3200
Jou Jye 550w psu
FX5600
WDCaviar 60gb
Seagate Barracuda 80gb;~}
Report Offensive Follow Up For Removal
![]() |
![]() |
![]() |

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |