[triadtechtalk] Re: hijackthis
- From: "Juanita Kimble" <jkimble@xxxxxxxxxx>
- To: <triadtechtalk@xxxxxxxxxxxxx>
- Date: Fri, 16 Oct 2009 09:41:30 -0500
----- Original Message -----
From: Armando Barreiro
To: triadtechtalk@xxxxxxxxxxxxx
Sent: Saturday, October 10, 2009 1:33 PM
Subject: [triadtechtalk] Re: hijackthis
If you're happy with the way that your system is now performing then I
see no need for you to make any changes, however, you can access a copy of your
HJT log, just as it was parsed by the online analyzer, and see for yourself
what the results are at this link
(http://hjt.networktechs.com/parse.php?log=701434).
As you can see, unless you happen to be color blind (I've run into some
that unbeknownst to me were requesting help in analyzing their HJT logs because
they were color blind), the colored highlights of any issues stand out and are
classified, so as to make their further investigation easier. When in doubt,
always Google it - research the various opinions and before coming to your own
conclusion seek a trusted source's advise.
As I said previously, it all seems to be copasetic with regards to your
system at this moment.
Armando
Knowledge is power - read George Orwell's "Animal Farm". Write to your
legislators and demand tort reform as the means of saving Medicare billions in
needless expenditure. Demand also that they too adhere to the very same health
options and plans that they want to impose upon us, or is our nation to become
one just as the one that was described in George Orwell's "Animal Farm", whose
political relevance is far greater and more evident today than when it was
first published in 1945.
--- On Wed, 10/7/09, Juanita Kimble <jkimble@xxxxxxxxxx> wrote:
From: Juanita Kimble <jkimble@xxxxxxxxxx>
Subject: [triadtechtalk] Re: hijackthis
To: triadtechtalk@xxxxxxxxxxxxx
Date: Wednesday, October 7, 2009, 8:44 PM
OK I have the new version. While in add and remove I found the google
tool bar and uninstalled it. Didn't see the Yahoo tool bar there though. This
version of hijackthis doesn't show that I have it either. I did delete a short
cut to realplayer.com,suggested sites and web slice gallery whatever that is
from the tool bar I think I got those three on a update from Microsoft. They
are still in the recycle bin. I don't need them do I?
My email is opening faster now. I am getting to my home page faster
now. But not as fast as I use to. So if you see anything else on the log I
don't need I would love to take it off.
Here is my new log
Juanita
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:49 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Juanita\My Documents\Small
Programs\hijackthis\hijackthis\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download
Directory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
= http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890}
- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [jv16PT - Privacy Protector] C:\Program Files\jv16
PowerTools 2005\jv16PT.exe -ExecTask "C:\Program Files\jv16 PowerTools
2005\Tasks\_PrivacyProtector\Task.jvb"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event
Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO
Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater]
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322;
Media Center PC 4.0; Media Center PC 3.0; .NET CLR 2.0.50727)"
-"http://www.gamesquared.com/gm.shtml?0369.htm";
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 -
HKLM\System\CCS\Services\Tcpip\..\{22D98C8C-C39D-4FD3-BD1D-155889FAF7E3}:
NameServer = 66.175.131.20,66.175.131.21
O23 - Service: dlcc_device - Unknown owner -
C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program
Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point
Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5036 bytes
----- Original Message -----
From: Armando Barreiro
To: triadtechtalk@xxxxxxxxxxxxx
Sent: Sunday, October 04, 2009 1:44 PM
Subject: [triadtechtalk] Re: hijackthis
Juanita, you're using a deprecated version of HJT. Please,
uninstall the 1.99 version and download and use this 2.02 version
(http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to
create a log and then copy/paste it in your reply to this message and I'll give
you a hand with it.
Armando
--- On Fri, 10/2/09, Juanita Kimble <jkimble@xxxxxxxxxx>
wrote:
From: Juanita Kimble <jkimble@xxxxxxxxxx>
Subject: [triadtechtalk] hijackthis
To: triadtechtalk@xxxxxxxxxxxxx
Date: Friday, October 2, 2009, 10:13 PM
Hi
Would someone please tell me which of these I need to take
off with hijackthis. I know the toolbars google and yahoo needs to come off but
I don't want to take something I might need.I sure don't need those. My PC is
so slow it takes three to five minutes to go to my home page(which is google)
or even open outlook express.
I still haven't gotten the last update of hijackthis. Guess
I am afraid I will mess something up.
When you want to save a backup using it. How do you make a
folder to put it in so you will know what the backup is? Does it automatic save
it in the hijackthis folder after you save it in a new folder?
Thought I might have malware but couldn't get malwarebytes
to work.I have Zone Alarm in learning mode. I went to the logs there were lots
saying malwarebites was trying to communicate with so and so.
Also I did block google toolbar which was about 8 different
ones and yahoo toolbar which was two of them.
I think I might have have blocked wmi command line but went
back and allowed it. Don't know if it is suppose to be allowed or not. There
was two with just wmi on the zone alarm program list also.They are allowed.
Sorry for so many questions at one time. I know I need to
get the toolbars off first.
Is there a way to keep from getting them again?
Juanita
Logfile of HijackThis v1.99.1
Scan saved at 8:39:29 PM, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Juanita\My Documents\Small
Programs\hijackthis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
Download Directory
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub -
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess -
{5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch -
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [jv16PT - Privacy Protector] C:\Program
Files\jv16 PowerTools 2005\jv16PT.exe -ExecTask "C:\Program Files\jv16
PowerTools 2005\Tasks\_PrivacyProtector\Task.jvb"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem
Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell
Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater]
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322;
Media Center PC 4.0; Media Center PC 3.0; .NET CLR 2.0.50727)"
-"http://www.gamesquared.com/gm.shtml?0369.htm";
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O17 -
HKLM\System\CCS\Services\Tcpip\..\{22D98C8C-C39D-4FD3-BD1D-155889FAF7E3}:
NameServer = 66.175.131.20,66.175.131.21
O20 - Winlogon Notify: dimsntfy -
%SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: dlcc_device - Unknown owner -
C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. -
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google -
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService)
- Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config
"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)
Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check
Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Other related posts:
