View Full Version : EXE's problem...
summond_skull
04-10-2005, 06:16 PM
Well I loaded up TaskManager and I seen a few unknown and unreconizable things, which I dunno are...
Apache.exe
NSvcIp.exe
NSvcLog.exe
wdrmgr.exe
I ran Ad-Ware and it didn't find anything to remove :(...
I was wonderin' it anyone knew what there were and what I had to do to remove them? (If I have to remove them)
{I}{K}{E}
04-10-2005, 06:28 PM
Apache.exe has something todo with webserver
NSvcIp.exe -> Nvidia
NSvcLog.exe -> Nvidia
wdrmgr.exe ??
peat moss
04-10-2005, 06:29 PM
This site is good for finding out what the exe. means .
http://www.auditmypc.com/process/apache.asp
It says there its related to : SpamAssassin Email Proxy. Apache exe. I mean .
summond_skull
04-10-2005, 06:38 PM
Ahh, I never use WebServers and stuff - How could I remove it?
peat moss
04-10-2005, 06:40 PM
Do you have or use SpamAssassin ?
summond_skull
04-10-2005, 06:45 PM
Nope, I use Ad-Ware Pro
peat moss
04-10-2005, 06:50 PM
I'd look in add/remove see if its there to uninstall .
summond_skull
04-10-2005, 07:09 PM
It isn't there :S...
I'll look in Program Files
peat moss
04-10-2005, 07:36 PM
I'm so stupid sometimes , I always assume the poster has done a virus and spyware scan first. Malware and virus's are know use the same names as legit processes . Have you done a virus scan ? Anouther good idea is to try :
http://www.hijackthis.de/ :)
summond_skull
04-10-2005, 07:45 PM
EDIT: Yeah I did a Scan with Zone Alarm Anti VIrus.
I got this?
Logfile of HijackThis v1.99.1
Scan saved at 20:37:42, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\DOCUME~1\Kazuya\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Kazuya\LOCALS~1\Temp\~e5d141.tmp
C:\Documents and Settings\Kazuya\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.com/
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D53C2D5-D9B3-4938-B2CD-0D7D4BB721F6}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D53C2D5-D9B3-4938-B2CD-0D7D4BB721F6}: NameServer = 205.188.146.145
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
peat moss
04-10-2005, 08:06 PM
I don't have enough experience , but AOL DIALER , aol tool bar is malware. And whats with the nvidia web sever ? Installed a new game ? Copy and paste the log in here: http://www.hijackthis.de/ Then click analyze.
You'll see ! But don't fix anything if your unsure !
Powered by vBulletin® Version 4.2.3 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.