Go Back   Computer Forums > General Computing > Software and Operating Systems
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-09-2006, 12:16 PM   #1
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default oh my...

found some fun stuff today
HKCU\SOFTWARE\microsoft\windows nt\windows:load
and
HKCU\SOFTWARE\microsoft\windows nt\windows:run

i dont liek them my comp worked fine w/o them and i cant remove them any ideas?
__________________

__________________
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.i probably spelled taht wrong
C.S. is offline   Reply With Quote
Old 02-09-2006, 12:51 PM   #2
Daemon Poster
 
~K-Pow~'s Avatar
 
Join Date: Dec 2005
Posts: 1,241
Send a message via MSN to ~K-Pow~ Send a message via Yahoo to ~K-Pow~
Default Re: oh my...

They may be in ur registry that's why you can't remove them, you may have to find them in ur registry and delete them from there.
__________________

__________________
"Keep fit and have fun" Bodybreak

Home Computer: Dell inspiron 2200, 1.66 GHZ processor, 80 gig harddrive, 512mb ram, cd/dvd rom, wireless network card.
~K-Pow~ is offline   Reply With Quote
Old 02-09-2006, 12:54 PM   #3
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default Re: oh my...

have deleted them in reg and they come back even when im in safe mode. that is why im stumped and my virus checker has already well said nothing to report... you know how it is.
__________________
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.i probably spelled taht wrong
C.S. is offline   Reply With Quote
Old 02-09-2006, 01:50 PM   #4
Daemon Poster
 
wozelbeak's Avatar
 
Join Date: Sep 2004
Posts: 1,324
Default Re: oh my...

try hijack this, see if it can remove them?
might work.
woz
__________________
PENTIUM 4 3.06 GHZ WITH HT TECHNOLOGY
wozelbeak is offline   Reply With Quote
Old 02-10-2006, 04:13 AM   #5
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default Re: oh my...

Logfile of HijackThis v1.99.1
Scan saved at 4:11:30 AM, on 2/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jared Currie\Desktop\HijackThis-1.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
__________________
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.i probably spelled taht wrong
C.S. is offline   Reply With Quote
Old 02-10-2006, 04:14 AM   #6
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default Re: oh my...

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

i do not like to look of this one mainly because it starts with f and reg
__________________
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.i probably spelled taht wrong
C.S. is offline   Reply With Quote
Old 02-10-2006, 08:56 AM   #7
Baseband Member
 
wooonelly's Avatar
 
Join Date: Nov 2005
Posts: 91
Default Re: oh my...

I don't have that when I run hijack, in fact I don't have any that start with F2.
Check this out:

Each line in a HijackThis log starts with a section name. (For technical information on this, click 'Info' in the main window and scroll down. Highlight a line and click 'More info on this item'.)

For practical information, click the section name you need help with:

* R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
* F0, F1 - Autoloading programs
* N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
* O1 - Hosts file redirection
* O2 - Browser Helper Objects
* O3 - Internet Explorer toolbars
* O4 - Autoloading programs from Registry
* O5 - IE Options icon not visible in Control Panel
* O6 - IE Options access restricted by Administrator
* O7 - Regedit access restricted by Administrator
* O8 - Extra items in IE right-click menu
* O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
* O10 - Winsock hijacker
* O11 - Extra group in IE 'Advanced Options' window
* O12 - IE plugins
* O13 - IE DefaultPrefix hijack
* O14 - 'Reset Web Settings' hijack
* O15 - Unwanted site in Trusted Zone
* O16 - ActiveX Objects (aka Downloaded Program Files)
* O17 - Lop.com domain hijackers
* O18 - Extra protocols and protocol hijackers
* O19 - User style sheet hijack

Added in HijackThis 1.98.x:

* O20 - AppInit_DLLs Registry value autorun
* O21 - ShellServiceObjectDelayLoad Registry key autorun
* O22 - SharedTaskScheduler Registry key autorun
* O23 - Windows NT Services

Found this at this site if you want more info.

http://www.spywareinfo.com/~merijn/htlogtutorial.html
__________________

__________________
What UP?
wooonelly is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 07:23 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0