Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Result of my Hijackthis scan

Thread Tools

Result of my Hijackthis scan

Posts: n/a
On Sat, 27 Dec 2003 16:10:24 GMT, "todhunter5"
<(E-Mail Removed)> wrote:

>What entries should I delete and or fix and or ignore?
>Logfile of HijackThis v1.97.7
>Scan saved at 11:05:08 AM, on 12/27/2003
>Platform: Windows XP SP1 (WinNT 5.01.2600)
>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>Running processes:

Probably unneeded

>C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

I'd get rid of this. I'm not sure of MusicMatch's integrity but I've
seen it on a lot of Dells. I know it's their versin of WMP, loosely


Toss-up. Can be a serious security risk (especially if you have not
FULLY patched XP, but is needed for some things. It depends on how you
use your system; probably unneeded if you're a home user.

>C:\Program Files\Outlook Express\MSIMN.EXE
>C:\Program Files\Internet Explorer\IEXPLORE.EXE

Your biggest single security risk is Internet Explorer (and Outlook).
Any other modern browser is not only more secure, but has better
cookie control and built-in pop-up stopping, so you can do away with
your pop-up killer.

>C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

Get rid of anything having to do with Realwhatever.

>C:\Program Files\Microsoft Money\System\urlmap.exe

Very spyware-ish:

>Settings,ProxyServer = http=

Is this required for your pop-up killer?


Looks like RealNetworks/ProgressiveNetworks is getting into the
"toolbar" craze. Again, do not allow anything "real" to run on the
background; it will work just fine if these are removed.

>C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb 07.exe

Probably not needed to use your HP product.

>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>Files\Real\Update_OB\realsched.exe" -osboot

See above.

>O4 - HKCU\..\Run: [Popup & Privacy Defender for IE] "C:\Program

>& Privacy Defender for IE\pdie.exe" Minimize

You won't need this (at least the pop-up blocking option) if you use
Mozilla, Opera, Firebird, etc.

>O4 - Global Startup: file.exe.vir

Probably a virus. The fact that it's in your startup menu means it's
running. I know that some Magistrate series of virii often append the
..vir extension.

>O16 - DPF: ChatSpace Java Client -

Um, I checked out that link and it's pretty sick stuff. While I don't
give a hoot what you do online or pass judgment on what consentual
adults do, I'm wondering why Java applets are being downloaded and run
from a porn-ish site. That's not good.

>O16 - DPF: DigiChat Applet -
>O16 - DPF: DigiChat Applet -
>O16 - DPF: Yahoo! Chat -
>O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
>O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -

>O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office

>and Media Control) -
>O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate

Crescendo) -
>O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX

Control) -
>O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash

Class) -

Vedry likely ISP-bundled spyware.

>O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
>O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2

Control) -
>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter

Class) -
>O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
>Installation Engine) -
>O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
>O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep)

>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
>O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class)

>O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP

>Control (redist)) -
>O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
>O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
>O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B}

>Control) -
>O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP!

Control) -

I'd get rid of this. Whip! is not necessary, and this (yours?) town's
website apparently offers city maps in PDF format.

>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -
>O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office

Tools on
>the Web Control) -
>O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

Just so you know, you are aware that you're running Abacast?

>O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

The Yahoo toolbar isn't much better than that of any spyware or
parasite vendor. I'd definitely get rid of it, even if you are
planning on using another browser.

>O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data
>Class) -

I'm wondering why Compaq software is running on a Dell. Probably not

I would get rid of all the O16 entries and their associated software.
Most of it isn't bad, but it suggests that you are a bit fast and
loose with installation of stuff and a lot of it is fairly obscure
stuff, so I question that value of it. This is just my opinion tho.

Sponge's Secure Solutions
My new email: yosponge2 att yahoo dott com
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
1. Ruby result: 101 seconds , 2. Java result:9.8 seconds, 3. Perl result:62 seconds Michael Tan Ruby 32 07-21-2005 03:23 PM
Help with HijackThis scan Charlie Computer Support 2 01-12-2005 05:19 PM
HiJackThis Scan SilverR1_04 Computer Information 7 08-30-2004 01:32 PM
HijackThis v1.98.1 - Spyware Scan Tool (ONLY For Advanced Users) Lloyd Jones Computer Information 0 08-05-2004 11:12 AM
Result of my Hijackthis scan todhunter5 Computer Security 1 12-28-2003 08:45 AM