[triadtechtalk] hijackthis

• From: "Juanita Kimble" <jkimble@xxxxxxxxxx>
• To: <triadtechtalk@xxxxxxxxxxxxx>
• Date: Fri, 2 Oct 2009 21:13:20 -0500

Hi
Would someone please tell me which of these I need to take off with hijackthis. 
I know the toolbars google and yahoo needs to come off but I don't want to take 
something  I might need.I sure don't need those. My PC is so slow it takes 
three to five minutes to go to my home page(which is google) or even open 
outlook express.  

I still haven't gotten the last update of hijackthis. Guess I am afraid I will 
mess something up.

When you want to save a backup using it. How do you make a folder to put it in 
so you will know what the backup is? Does it automatic save it in the 
hijackthis folder after you save it in a new folder?

Thought I might have malware but couldn't get malwarebytes to work.I have Zone 
Alarm in learning mode. I went to the logs there were lots saying malwarebites 
was trying to communicate with so and so.

Also I did block google toolbar which was about 8 different ones and yahoo 
toolbar which was two of them.
I think I might have have blocked wmi command line but went back and allowed 
it. Don't know if it is suppose to be allowed or not. There was two with just 
wmi on the zone alarm program list also.They are allowed.

Sorry for so many questions at one time. I know I need to get the toolbars off 
first.
Is there a way to keep from getting them again?

Juanita

Logfile of HijackThis v1.99.1
Scan saved at 8:39:29 PM, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Juanita\My Documents\Small 
Programs\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - 
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - 
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - 
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} 
- C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - 
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google 
Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - 
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - 
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - 
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [jv16PT - Privacy Protector] C:\Program Files\jv16 PowerTools 
2005\jv16PT.exe -ExecTask "C:\Program Files\jv16 PowerTools 
2005\Tasks\_PrivacyProtector\Task.jvb"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event 
Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 
924\dlccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 
9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common 
Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" 
-atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone 
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program 
Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program 
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] 
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 
(compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; 
Media Center PC 4.0; Media Center PC 3.0; .NET CLR 2.0.50727)" 
-"http://www.gamesquared.com/gm.shtml?0369.htm";
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - 
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - 
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network 
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - 
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - 
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{22D98C8C-C39D-4FD3-BD1D-155889FAF7E3}: 
NameServer = 66.175.131.20,66.175.131.21
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file 
missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program 
Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program 
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - 
C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program 
Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - 
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software 
Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

• Follow-Ups:
  • [triadtechtalk] Re: hijackthis
    • From: Armando Barreiro

Other related posts:

• » [triadtechtalk] hijackthis - Juanita Kimble
• » [triadtechtalk] Re: hijackthis - Armando Barreiro
• » [triadtechtalk] Re: hijackthis - Juanita Kimble
• » [triadtechtalk] Re: hijackthis - Armando Barreiro
• » [triadtechtalk] Re: hijackthis - Juanita Kimble

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription