Result of my Hijackthis scan

Discussion in 'Computer Security' started by sponge, Dec 27, 2003.

  1. sponge

    sponge Guest

    On Sat, 27 Dec 2003 16:10:24 GMT, "todhunter5"
    <> wrote:

    >What entries should I delete and or fix and or ignore?
    >Logfile of HijackThis v1.97.7
    >Scan saved at 11:05:08 AM, on 12/27/2003
    >Platform: Windows XP SP1 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >Running processes:

    Probably unneeded

    >C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    I'd get rid of this. I'm not sure of MusicMatch's integrity but I've
    seen it on a lot of Dells. I know it's their versin of WMP, loosely


    Toss-up. Can be a serious security risk (especially if you have not
    FULLY patched XP, but is needed for some things. It depends on how you
    use your system; probably unneeded if you're a home user.

    >C:\Program Files\Outlook Express\MSIMN.EXE
    >C:\Program Files\Internet Explorer\IEXPLORE.EXE

    Your biggest single security risk is Internet Explorer (and Outlook).
    Any other modern browser is not only more secure, but has better
    cookie control and built-in pop-up stopping, so you can do away with
    your pop-up killer.

    >C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    >C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

    Get rid of anything having to do with Realwhatever.

    >C:\Program Files\Microsoft Money\System\urlmap.exe

    Very spyware-ish:

    >Settings,ProxyServer = http=

    Is this required for your pop-up killer?


    Looks like RealNetworks/ProgressiveNetworks is getting into the
    "toolbar" craze. Again, do not allow anything "real" to run on the
    background; it will work just fine if these are removed.


    Probably not needed to use your HP product.

    >O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    >Files\Real\Update_OB\realsched.exe" -osboot

    See above.

    >O4 - HKCU\..\Run: [Popup & Privacy Defender for IE] "C:\Program

    >& Privacy Defender for IE\pdie.exe" Minimize

    You won't need this (at least the pop-up blocking option) if you use
    Mozilla, Opera, Firebird, etc.

    >O4 - Global Startup: file.exe.vir

    Probably a virus. The fact that it's in your startup menu means it's
    running. I know that some Magistrate series of virii often append the
    ..vir extension.

    >O16 - DPF: ChatSpace Java Client -

    Um, I checked out that link and it's pretty sick stuff. While I don't
    give a hoot what you do online or pass judgment on what consentual
    adults do, I'm wondering why Java applets are being downloaded and run
    from a porn-ish site. That's not good.

    >O16 - DPF: DigiChat Applet -
    >O16 - DPF: DigiChat Applet -
    >O16 - DPF: Yahoo! Chat -
    >O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
    >O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -

    >O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office

    >and Media Control) -
    >O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate

    Crescendo) -
    >O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX

    Control) -
    >O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash

    Class) -

    Vedry likely ISP-bundled spyware.

    >O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
    >O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2

    Control) -
    >O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter

    Class) -
    >O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
    >Installation Engine) -
    >O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    >O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep)

    >O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    >O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class)

    >O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP

    >Control (redist)) -
    >O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
    >O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    >O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B}

    >Control) -
    >O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP!

    Control) -

    I'd get rid of this. Whip! is not necessary, and this (yours?) town's
    website apparently offers city maps in PDF format.

    >O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

    Object) -
    >O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office

    Tools on
    >the Web Control) -
    >O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

    Just so you know, you are aware that you're running Abacast?

    >O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    The Yahoo toolbar isn't much better than that of any spyware or
    parasite vendor. I'd definitely get rid of it, even if you are
    planning on using another browser.

    >O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data
    >Class) -

    I'm wondering why Compaq software is running on a Dell. Probably not

    I would get rid of all the O16 entries and their associated software.
    Most of it isn't bad, but it suggests that you are a bit fast and
    loose with installation of stuff and a lot of it is fairly obscure
    stuff, so I question that value of it. This is just my opinion tho.

    Sponge's Secure Solutions
    My new email: yosponge2 att yahoo dott com
    sponge, Dec 27, 2003
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charlie

    Help with HijackThis scan

    Charlie, Jan 12, 2005, in forum: Computer Support
    Bill P
    Jan 12, 2005
  2. jack lift
    Dec 9, 2003
  3. todhunter5

    Result of my Hijackthis scan

    todhunter5, Dec 27, 2003, in forum: Computer Security
    Dec 28, 2003
  4. Lloyd Jones
    Lloyd Jones
    Aug 5, 2004
  5. SilverR1_04

    HiJackThis Scan

    SilverR1_04, Aug 29, 2004, in forum: Computer Information
    Jim Berwick
    Aug 30, 2004

Share This Page