Re: Computer saga (continued)
- From: "bg" <bg@xxxxxxxxxx>
- Date: Sun, 17 May 2009 22:59:24 -0600
RichL wrote in message ...
bg <bg@xxxxxxxxxx> wrote:I can't say if dvpapi.exe is part of McAfee but a quick google search says
RichL wrote in message ...
Sorry to keep posting on this but there are a lot of folks in thisTo find which programs are running - -
group who seem to know a lot about computers and I do appreciate
their advice.
As a result of all the hoops I've jumped through, it appears that
CoolWebSearch (CWS) is no longer present on my system. If I had to
guess, based on the sequence of operations I performed and in-between
checks using McAfee, a combination of cleaning up my temporary
internet folders and running Combofix did the trick.
I ran McAfee earlier this morning in quick-scan mode (which was
previously sufficient to identify CWS although it couldn't remove
it), and it came up showing the system as clean. McAfee didn't
update its virus definition files since the last time it identified
CWS, so it's not like CWS redirected McAfee to a faulty set of
definition files or anything.
Afterwards I started a full scan of *everything* using McAfee. That
scan has now completed on my C: drive and is now scanning my D:
(mirror) drive, and so far it's come back with everything clean.
The internet connectivity issue is still present, and thus I have to
conclude that it didn't have anything to do with CWS. I'm guessing
it's a faulty network card.
Click start - run - type in MSINFO32.EXE click OK
Go to SOFTWARE ENVIRONMENT - RUNNING TASKS
This is a good place to see what is running and which company wrote
the program.
Below that section is STARTUP PROGRAMS - this section shows which
programs fire up when windows boots.
If the STARTUP programs show something a bit fishy, you can disable
that program from automatically starting up by -
Click start - run - type in msconfig
Go to the startup tab and uncheck the suspected item. Reboot.
Some spyware or undesirables will reactivate the item you just
deactiveted, so go back to msconfig and make sure the item is still
unchecked.
You can remove any of the startup tab items by going into the
registry.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
There should be several keys grouped together in this same area such
as run services, run once etc ---
All of these keys have the potential to start and run a program when
windows boots.
I've seen some undesirables, reactivate the startup keys, and even
rewrite the startup keys so that their spyware/?? can't be prevented
from running. If this is the case, go back to MSINFO32.EXE and look
for something suspicious that ends with EXE. Most likely, the author
of the program will not be listed, or it might be software from a
company you don't recognize. You will have to find the EXE and rename
it or delete it to prevent it from rewriting the startup keys. If you
are lucky enough to find an offending EXE, delete the file, and then
go back into the registry and use FIND to search for the EXE file.
Delete those keys that mention the file name.
OK, thanks.
I learned something new today!
The only thing in "Running Programs" that I can't identify (outside of
stuff associated with Win2K proper) is a file called dvpapi.exe, which
is run from c:\program files\common files\authentium\antivirus. Now I
did a quick search on authentium and it appears to be a legitimate
software company, but I don't recall ever installing anything from them.
Is it possible that it's an appendage to McAfee antivirus?
In Startup Programs I don't recognize what cftmon.exe is, or
NvCplDaemon, or nwiz, or mobsync, or REGSHAVE. I did a quick google
search on each but I honestly don't know enough to tell. To my novice
eyes each looks legitimate except possibly REGSHAVE.
Thanks!
it is part of authentium and that other antivirus programs also use it.
cftmon.exe has something to do with windows office.
NvCplDaemon and nwiz are related to Nvidea products. Anything "Cpl " is
associated with Control Panel. Nvidea tends to add things to the control
panel to operate their VGA cards so I wouldn't be concerned about that.
According to google mobsync has to do with internet explorer syncing offline
web pages.
Regshave has something to do with cleaning up the registry after you
uninstall Fuji Camera drivers.
So basically , everything you have running in the backround looks legit.
This is not to say that they couldn't be causing a problem, but none of
those programs seem to come from the "underworld". You can try to disable
these programs in the startup tab, except for the nvidea, and see what
happens.
Basically , all this info is just an attempt to see what might be running in
the backround, but it doesn't catch everything. I'll have to look at the
other posts you've sent to see if I can come up with a better idea.
bg
.
- Follow-Ups:
- Re: Computer saga (continued)
- From: RichL
- Re: Computer saga (continued)
- References:
- OT: Computer saga (continued)
- From: RichL
- Re: Computer saga (continued)
- From: bg
- Re: Computer saga (continued)
- From: RichL
- OT: Computer saga (continued)
- Prev by Date: Re: dvaoa critiques
- Next by Date: Re: Computer saga (continued)
- Previous by thread: Re: Computer saga (continued)
- Next by thread: Re: Computer saga (continued)
- Index(es):
Relevant Pages
|
