Two entries which I'm not sure about (not actullay hijacked)

Discussion in 'adware, spyware & hijack cleaning' started by h3llo, Jul 2, 2004.

Thread Status:
Not open for further replies.
  1. h3llo

    h3llo Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    7
    Hello, I have two entries in my HijackThis log, which I'm not sure what they really are. This is the first time I see them in my logs, and it's rather wierd. I tried to delete those entries (with all browser windows closed, of course), but they came back very after my second scan with HijackThis. I wonder what they are, and if they have any influence on Internet Explorer, if at all.

    I already scanned with Spybot: S&D, and Ad-aware (Personal).

    Here is my log;

    Logfile of HijackThis v1.98.0
    Scan saved at 2:28:10 AM, on 7/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\ICQ\icq.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.co.uk
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\icq.exe -trayboot
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

    These are the two entries which I have doubt about;

    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,

    What are they? And if they need to be removed, how do I do that? Because, as I said earlier, probably just removing them with HijackThis won't help.

    Thanks in advance.
     
  2. h3llo

    h3llo Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    7
    Anyone? :rolleyes:
     
  3. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    HI h3llo

    Your log looks clean to me.

    You do NOT have to worry about these ! Pls. do NOT remove.

    F0, F1, F2, F3 - Autoloading programs from INI files

    Pls. go to Windows Update - Microsoft released a critial update today !
     
  4. h3llo

    h3llo Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    7
    I said I already tried to, but they came back right after I scanned for the second time. Yep, I visited the Windows Update site already, and there were two critical updates which I needed to install.

    Do those entries have something to do with the new critical update? Or you just mentioned that just in case?

    Thanks for the reply!
     
  5. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    You do NOT have to worry - is a "bug" in the new HJT - Merijn knows about it -

    A Hotfix Build has just been released. You can get it here:

    http://www.spywareinfoforum.com/~merijn/files/HijackThis.exe
    http://www.spywareinfoforum.com/~merijn/files/hijackthis.zip

    Maybe you give the "new one" a try.

    Once again - you have NOTHING to worry about !

    No, had NOTHING to do with the new critical update - I only mentioned the new critical updates because I had just received that message and thought I pass it on :)
     
  6. h3llo

    h3llo Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    7
    OK then... Thanks.
     
  7. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    You're Welcome :)
     
Thread Status:
Not open for further replies.