Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Result of my Hijackthis scan

Reply
Thread Tools

Result of my Hijackthis scan

 
 
sponge
Guest
Posts: n/a
 
      12-27-2003
On Sat, 27 Dec 2003 16:10:24 GMT, "todhunter5"
<(E-Mail Removed)> wrote:

>What entries should I delete and or fix and or ignore?
>
>Logfile of HijackThis v1.97.7
>Scan saved at 11:05:08 AM, on 12/27/2003
>Platform: Windows XP SP1 (WinNT 5.01.2600)
>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
>Running processes:
>C:\WINDOWS\System32\inetsrv\inetinfo.exe


Probably unneeded

>C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe


I'd get rid of this. I'm not sure of MusicMatch's integrity but I've
seen it on a lot of Dells. I know it's their versin of WMP, loosely
speaking.

>C:\WINDOWS\System32\dllhost.exe


Toss-up. Can be a serious security risk (especially if you have not
FULLY patched XP, but is needed for some things. It depends on how you
use your system; probably unneeded if you're a home user.

>C:\WINDOWS\System32\msdtc.exe
>C:\Program Files\Outlook Express\MSIMN.EXE
>C:\Program Files\Internet Explorer\IEXPLORE.EXE


Your biggest single security risk is Internet Explorer (and Outlook).
Any other modern browser is not only more secure, but has better
cookie control and built-in pop-up stopping, so you can do away with
your pop-up killer.

>C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe


Get rid of anything having to do with Realwhatever.

>C:\Program Files\Microsoft Money\System\urlmap.exe


Very spyware-ish:
http://www.liutilities.com/products/...ibrary/urlmap/

>Settings,ProxyServer = http=127.0.0.1:6711


Is this required for your pop-up killer?

>C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll


Looks like RealNetworks/ProgressiveNetworks is getting into the
"toolbar" craze. Again, do not allow anything "real" to run on the
background; it will work just fine if these are removed.

>C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb 07.exe


Probably not needed to use your HP product.

>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>Files\Real\Update_OB\realsched.exe" -osboot


See above.

>O4 - HKCU\..\Run: [Popup & Privacy Defender for IE] "C:\Program

Files\Popup
>& Privacy Defender for IE\pdie.exe" Minimize


You won't need this (at least the pop-up blocking option) if you use
Mozilla, Opera, Firebird, etc.

>O4 - Global Startup: file.exe.vir


Probably a virus. The fact that it's in your startup menu means it's
running. I know that some Magistrate series of virii often append the
..vir extension.

>http://www.spankingchat.com/Java/cs4ms086.cab
>O16 - DPF: ChatSpace Java Client 2.1.0.95 -
>http://www.spankingchat.com/Java/cs4ms095.cab


Um, I checked out that link and it's pretty sick stuff. While I don't
give a hoot what you do online or pass judgment on what consentual
adults do, I'm wondering why Java applets are being downloaded and run
from a porn-ish site. That's not good.

>O16 - DPF: DigiChat Applet -
>http://host.digichat.com/DigiChat/Di.../Client_IE.cab
>O16 - DPF: DigiChat Applet -
>http://host.digichat.com/DigiChat/Di.../Client_IE.cab
>O16 - DPF: Yahoo! Chat -
>http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
>O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
>https://support.dell.com/systemprofiler/SysPro.CAB
>O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -
>http://www.drivershq.com/DD_v4.CAB



>O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office

Template
>and Media Control) -

http://office.microsoft.com/templates/ieawsdc.cab
>O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate

Crescendo) -
>O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX

Control) -
>http://www.ipix.com/download/ipixx.cab
>O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash

Class) -
>http://www.rovion.com/Controls/Rovion.cab


Vedry likely ISP-bundled spyware.

>O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
>http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
>O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2

Control) -
>http://www.smartforce.com/v2.1/appli...ClientUtil.cab
>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter

Class) -
>http://download.yahoo.com/dl/installs/yinst0309.cab
>O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
>Installation Engine) -
>http://office.microsoft.com/officeup...ntent/opuc.cab
>O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
>http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
>O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep)

-
>https://webresponse.one.microsoft.co...veX/winrep.cab
>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
>http://207.188.7.150/26f03b14ca49ac6...p/RdxIE601.cab
>O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class)

-
>http://office.microsoft.com/productu...ntent/opuc.cab
>O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP

Client
>Control (redist)) - http://12.223.201.5/tsweb/msrdp.cab
>O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
>http://ftp.us.dell.com/fixes/PROFILER.CAB
>O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
>http://v4.windowsupdate.microsoft.co...651.7162037037
>O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B}

(WebResponseAttachments
>Control) - https://webresponse.one.microsoft.co...X/FileXfer.cab
>O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP!

Control) -
>http://www.cityofnoblesville.org/codebase/cabs/whip.cab


I'd get rid of this. Whip! is not necessary, and this (yours?) town's
website apparently offers city maps in PDF format.

>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -
>http://download.macromedia.com/pub/s...sh/swflash.cab
>O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office

Tools on
>the Web Control) -
>http://officeupdate.microsoft.com/Te...loads/outc.cab
>O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
>http://download.abacast.com/download...basetup141.cab


Just so you know, you are aware that you're running Abacast?

>O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
>http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab


The Yahoo toolbar isn't much better than that of any spyware or
parasite vendor. I'd definitely get rid of it, even if you are
planning on using another browser.

>O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data
>Class) - http://www29.compaq.com/falco/SysQuery.cab


I'm wondering why Compaq software is running on a Dell. Probably not
needed.

I would get rid of all the O16 entries and their associated software.
Most of it isn't bad, but it suggests that you are a bit fast and
loose with installation of stuff and a lot of it is fairly obscure
stuff, so I question that value of it. This is just my opinion tho.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
1. Ruby result: 101 seconds , 2. Java result:9.8 seconds, 3. Perl result:62 seconds Michael Tan Ruby 32 07-21-2005 03:23 PM
Help with HijackThis scan Charlie Computer Support 2 01-12-2005 05:19 PM
HiJackThis Scan SilverR1_04 Computer Information 7 08-30-2004 01:32 PM
HijackThis v1.98.1 - Spyware Scan Tool (ONLY For Advanced Users) Lloyd Jones Computer Information 0 08-05-2004 11:12 AM
Result of my Hijackthis scan todhunter5 Computer Security 1 12-28-2003 08:45 AM



Advertisments