Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

HiJackThis log file - which entries can I delete

Discuss HiJackThis log file - which entries can I delete in the Antivirus Protection forum on Dev Shed.
HiJackThis log file - which entries can I delete Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!
  #1  
Old May 29th, 2004, 06:26 PM
Bracketman Bracketman is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: May 2004
Posts: 3 Bracketman User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Question HiJackThis log file - which entries can I delete
Logfile of HijackThis v1.97.7
Scan saved at 4:17:08 PM, on 5/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\freecell.exe
C:\My Download Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: rldwide.com
O1 - Hosts: rt.com
O1 - Hosts: 0.0.1 08.185.87.71.liveadvert.com
O1 - Hosts: rldwide.com
O1 - Hosts: rt.com
O1 - Hosts: 08.185.87.73.liveadvert.com
O1 - Hosts: rldwide.com
O1 - Hosts: rt.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_16_0.dll
O3 - Toolbar: (no name) - {1F039B02-94A7-4ED0-AB14-E60B6C8C2274} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - URL
O16 - DPF: Yahoo! Chat - URL
O16 - DPF: Yahoo! Checkers - URL
O16 - DPF: Yahoo! Dominoes - URL
O16 - DPF: Yahoo! Graffiti - URL
O16 - DPF: Yahoo! Klondike Solitaire - URL
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - URL
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - URL
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - URL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - URL
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - URL
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - URL
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - URL
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - URL
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - URL
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - URL
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - URL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - URL
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - URL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - URL
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - URL
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - URL
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - URL
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - URL
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - URL
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - URL
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - URL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - URL
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - URL
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - URL
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - URL
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - URL
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - URL
O17 - HKLM\System\CCS\Services\Tcpip\..\{A312143D-A1C7-45FE-A1B7-F92DC7401CF0}: NameServer = 207.69.188.186 207.69.188.185
Reply With Quote
  #2  
Old June 1st, 2004, 01:57 AM
Bracketman Bracketman is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: May 2004
Posts: 3 Bracketman User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
HiJackThis log file - which entries can I delete cont'd
Quote:
Originally Posted by Bracketman
Logfile of HijackThis v1.97.7
Scan saved at 4:17:08 PM, on 5/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\freecell.exe
C:\My Download Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: rldwide.com
O1 - Hosts: rt.com
O1 - Hosts: 0.0.1 08.185.87.71.liveadvert.com
O1 - Hosts: rldwide.com
O1 - Hosts: rt.com
O1 - Hosts: 08.185.87.73.liveadvert.com
O1 - Hosts: rldwide.com
O1 - Hosts: rt.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_16_0.dll
O3 - Toolbar: (no name) - {1F039B02-94A7-4ED0-AB14-E60B6C8C2274} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - URL
O16 - DPF: Yahoo! Chat - URL
O16 - DPF: Yahoo! Checkers - URL
O16 - DPF: Yahoo! Dominoes - URL
O16 - DPF: Yahoo! Graffiti - URL
O16 - DPF: Yahoo! Klondike Solitaire - URL
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - URL
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - URL
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - URL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - URL
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - URL
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - URL
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - URL
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - URL
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - URL
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - URL
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - URL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - URL
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - URL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - URL
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - URL
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - URL
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - URL
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - URL
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - URL
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - URL
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - URL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - URL
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - URL
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - URL
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - URL
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - URL
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - URL
O17 - HKLM\System\CCS\Services\Tcpip\..\{A312143D-A1C7-45FE-A1B7-F92DC7401CF0}: NameServer = 207.69.188.186 207.69.188.185

My system often runs at 100% CPU usage, and I am constantly finding files to remove using Spybot and AdAware. I use etrust Antivirus and Zone Alarm. Zone Alarm asks if I want to let a dll file run as an application.

Maybe resource hijackers, or browser hijackers. My system is often very slow for 1 MB of RAM, 2.4 P4, 80 GB HD etc.
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > HiJackThis log file - which entries can I delete

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway