Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pandy's hjt...


  • This topic is locked This topic is locked
16 replies to this topic

#1 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:32 AM

Posted 21 August 2004 - 11:11 AM

I'm not sure if anything is wrong here but I am running a little slow and there's some things that I don't know what they are. Like what are those "extra buttons". Do I need these stinking extra buttons LoL Also, I seem to have some things that are duplicated and I was curious about that too. Anyhoo, here's my hjt...
Logfile of HijackThis v1.98.0
Scan saved at 10:38:01 PM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\AWS\weatherbug\Weather.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\a2\a2guard.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Program Files\CallWave\IAM.exe
C:\Program Files\IMsecure\IMsecure.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.frontiernet.net/Default.asp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IBBHO - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\Program Files\IncrediBar\bin\IBBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\weatherbug\Weather.exe 1
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\Program Files\IncrediBar\bin\IBTBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FBBF1F0A-0D2E-4711-AB98-AB2F76520899} (File Class) - http://www.pedestalsoftware.com/products/s...can/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B8E6867-26B3-4AEA-AC60-D9B02BAED8EC}: NameServer = 170.215.255.114 66.133.128.138
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll

:thumbsup:

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


BC AdBot (Login to Remove)

 


#2 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:32 PM

Posted 21 August 2004 - 11:20 AM

-C:\WINDOWS\system32\winlogon.exe
If you are the only one using the computer, or you only have one user name when you log in, you could probably disable it. DO NOT let HiJack This do that-it is a different process. I will walk you through it, if you want me to.

-C:\WINDOWS\system32\cisvc.exe
This is part of your Index Service Helper. It is really only used if you use the search feature often.

-C:\WINDOWS\System32\nvsvc32.exe
This is the NVIDIA driver helper. I thought that you have intergrated graphics. Let me know if you have a seperate video card. If so, let me know what it is (ex: GeForce4 MX440 SE 64MG AGP is mine)

-C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
-C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
It concerns me that you have 2 identical postings of this. Restarting the computer may take care of it. Not really sure if it is good or not, or how to repair it otherwise.

-C:\Program Files\Microsoft Hardware\Mouse\point32.exe
This gives you an icon in the tray bar for mouse settings. Personally I find this pointless, but should not take up much memory anyway.

-C:\Program Files\AWS\weatherbug\Weather.exe
This one is famous for containing alot of spyware. If I remember correctly, you like this program though. All long as it stays clean, you should be ok.

-O4 - Startup: PowerReg Scheduler V3.exe
This one is a serious threat. Even if you have already done so, go ahead and run Spybot, and an online scan like Panda to see if it can be fixed from there. It is classified as a worm by some. It will take some time cleaning up, because it is designed to replicate itself with random letters everytime your computer restarts. From what I can tell, the first step is to have HiJack This fix it, restart computer, and run HJT again to see if it reappears. Most cases it will fix it for good, but if it doesnt, then let me know.

-O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
This one has the same CLSID number (number in brackets), as the one below it. You can have HJT fix this one.

-O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
I could not find any information on this entry. It does not have any name or file. It should be safe to fix this one too.

-O17 - HKLM\System\CCS\Services\Tcpip\..\{8B8E6867-26B3-4AEA-AC60-D9B02BAED8EC}: NameServer = 170.215.255.114 66.133.128.138
This one concerns me. According to BC's tutorial, 017 Section entries corresponds to Lop.com Domain Hacks. As suggested by the tutorial, I did a Who Is on the IP addys and came up with: 170.215.255.114 refers to an Australia link and can be found here, and the other one is identical. Unless you are hooked up to a company network (which Im pretty sure you are not), it is safe to have HJT fix this one.

-O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
This one could either be a CWS varient, or a legit system file. I cant really tell.

Please wait for confirmation from someone else, before you take some of my suggestions.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#3 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:32 AM

Posted 21 August 2004 - 04:00 PM

:thumbsup: bump :flowers:

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#4 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:32 PM

Posted 21 August 2004 - 06:15 PM

:thumbsup:


:flowers: I just wanted you to see a cam shot when I seen the 'bump' post.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:32 PM

Posted 21 August 2004 - 11:25 PM

Sorry PAndy..I saw your post right as I was leaving tonight, and I couldn't get to it. Since nobody else has gotten to it, I'll take it on right now :thumbsup:

Before I get too in depth though, I will need you to update your version of HJT. The version you are running has a few glitches. Get the newest version here:
http://www.downloads.subratam.org/hijackthis.zip

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\weatherbug\Weather.exe 1
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll

***********************************************************************

Open notepad and paste in the following lines:

del c:\ *.tmp
del %temp%\*.tmp /f
del %windir%\prefetch\*.*
del %windir%\temp\*.* /f

Save to desktop as 'clean.bat' , file types as 'all-files'.

DoubleClick on the icon, and say yes when prompted.

************************************************************************

If you have anything disabled in MSConfig, please re-enable it. Also, when you create a new HJT log, have IE open. Since you are running Mozilla, you may have an infection just sitting there waiting for you to open IE before it fully blossoms. I would llike whatever you may have to fully take hold (if anything).

Reboot and post a new log. :D

#6 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:32 AM

Posted 22 August 2004 - 12:02 AM

Well Groovicus I hope I did this right. As far as I can remember I didn't disable anything in my msconfig.

Logfile of HijackThis v1.98.2
Scan saved at 12:59:25 AM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\IMsecure\IMsecure.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~2\bin\IBMain.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.frontiernet.net/Default.asp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IBBHO - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\Program Files\IncrediBar\bin\IBBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBTBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\Program Files\IncrediBar\bin\IBTBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FBBF1F0A-0D2E-4711-AB98-AB2F76520899} (File Class) - http://www.pedestalsoftware.com/products/s...can/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B8E6867-26B3-4AEA-AC60-D9B02BAED8EC}: NameServer = 170.215.255.114 66.133.128.138

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:32 PM

Posted 22 August 2004 - 09:58 AM

Everything looks good Pandy. How is your system performance right now? You have a couple optional start-up items we could do without that would enhance system performance a little...

#8 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:32 AM

Posted 22 August 2004 - 10:04 AM

Yes. I know have have some unnecessary things there. I would be interested in getting them out if you'd be so kind as to enlighten me... :thumbsup:

Edited by Pandy, 22 August 2004 - 10:04 AM.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#9 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:32 AM

Posted 22 August 2004 - 10:07 AM

Yes. I know have have some unnecessary things there. I would be interested in getting them out if you'd be so kind as to en lighten me... :flowers: And yes, my computer seems to be much smoother and a bit quicker.

Sorry~ my bad for the double post there :thumbsup:

Edited by Pandy, 22 August 2004 - 10:08 AM.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:32 PM

Posted 22 August 2004 - 10:27 AM

Ok, let's do this:

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.


O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

***********************************************************************

THose programs will still be available through their icons. The Dell one for update notices, you can leave it if you want, but if you are diligent about checking for updates, there is no need to have it running.

How is everything working now?

#11 Pandy

Pandy

    Bleepin'

  • Topic Starter

  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:32 AM

Posted 22 August 2004 - 02:49 PM

Oh excellent groovicus. Things are much better. The pages I want come right up and there's less hanging.

:thumbsup: All Hail Groovicus!

Thank you too JE Services. :flowers:

:inlove:

Thank-you so much :trumpet:

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#12 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:32 PM

Posted 22 August 2004 - 08:18 PM

I may not be as experienced as others, but I do like to help when I have the time

You are very welcome for my opinions-I hope that I gave good advice.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#13 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:32 PM

Posted 22 August 2004 - 08:45 PM

C:\WINDOWS\system32\winlogon.exe
If you are the only one using the computer, or you only have one user name when you log in, you could probably disable it. DO NOT let HiJack This do that-it is a different process. I will walk you through it, if you want me to.


JE, the answer to that question is yes...in my case. I'd like to take that walk, too.

BTW... Puttin' a smile on Pandy-O's posts does the same thing thing for me. :flowers:

Your help is much appreciated.

and I second the ALL HAIL GROOVICUS, as well... :thumbsup:

Edited by phawgg, 22 August 2004 - 08:51 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#14 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:32 PM

Posted 22 August 2004 - 08:49 PM

I wonder if there could be a turoial on how to basically disable the login screen?

I can do it on mine, but it does involve some registry editing, and many IMs. Dont get me worng, I dont mind-its just that I think it would serve better as a tutorial.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#15 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:32 PM

Posted 22 August 2004 - 08:57 PM

That would be even better. I've been thinkin' about trying to do a tutorial on something useful, myself... so far I'm not sure what exactly. I've read Grinler's offer to post member's work and the groundrules...and it serves me as a future goal presently. You should give it a go, JE !! :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users