Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Remove Unneeded Startup Items

Started by ralphh , Apr 20 2007 09:04 PM

  • Please log in to reply
1 reply to this topic

#1 ralphh

ralphh

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 20 April 2007 - 09:04 PM

Please help with eliminating unnessessary startup items. thanks ralph

Logfile of HijackThis v1.99.1
Scan saved at 08:01:58 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\brss01a.exe
C:\PROGRA~1\WILDBL~1\backweb\4247706\Program\SERVIC~1.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\WildBlue Security Center\Anti-Virus\fsgk32st.exe
C:\Program Files\WildBlue Security Center\backweb\4247706\program\fsbwsys.exe
C:\Program Files\WildBlue Security Center\Anti-Virus\FSGK32.EXE
C:\Program Files\WildBlue Security Center\Common\FSMA32.EXE
C:\Program Files\WildBlue Security Center\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\WildBlue Security Center\Common\FSMB32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\WildBlue Security Center\Common\FCH32.EXE
C:\Program Files\WildBlue Security Center\Common\FAMEH32.EXE
C:\Program Files\WildBlue Security Center\Anti-Virus\fsqh.exe
C:\Program Files\WildBlue Security Center\Anti-Virus\fsrw.exe
C:\Program Files\WildBlue Security Center\Anti-Virus\fsav32.exe
C:\Program Files\WildBlue Security Center\FWES\Program\fsdfwd.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\WildBlue Security Center\Common\FSM32.EXE
C:\Program Files\WildBlue Security Center\FSGUI\ispnews.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\WildBlue Security Center\backweb\4247706\Program\fspex.exe
C:\PROGRA~1\WILDBL~1\ANTI-S~1\fsaw.exe
C:\Program Files\WildBlue Security Center\FSGUI\fsguidll.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Documents and Settings\Ralph\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\WildBlue Security Center\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\WildBlue Security Center\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\WildBlue Security Center\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\WildBlue Security Center\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: WildBlue Security Center.lnk = C:\Program Files\WildBlue Security Center\backweb\4247706\Program\fspex.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: WildBlue Security Center (BackWeb Plug-in - 4247706) - BackWeb Technologies Inc. - C:\PROGRA~1\WILDBL~1\backweb\4247706\Program\SERVIC~1.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\WildBlue Security Center\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\WildBlue Security Center\backweb\4247706\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\WildBlue Security Center\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\WildBlue Security Center\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Advertisements

Register to Remove

#2 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 21 April 2007 - 03:57 PM

You are running HJT from an unsafe location. An easy way to correct this is to do the following:

Download a copy of HJTsetup.exe from one of these locations and save it to your Desktop:Location one.
Location two.
Location three.
  • Double click HJTsetup.exe to begin installation.
  • By default it will install to C:\Program Files\HijackThis.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the prompts from there.
  • At the final dialogue box uncheck the box to the left of "Launch Hijackthis" and then click Finish
Download and run StartUp Inspector.
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.
Death to the salad eaters!

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·