HJT Log...not bad but still problems

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Hux

Thread Starter
Joined
Dec 3, 2003
Messages
148
Well I've run MS Antispyware, Ad-Aware, Ewido, AVG, Panda, Housecall several times on this machine and it is fairly clean, but MS Antispyware is still catching things at startup, the latest was IBIS Toolbar, which it removed.

Here is a HJT Log:

Logfile of HijackThis v1.99.0
Scan saved at 8:18:47 AM, on 7/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\System32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Adware Fixes05\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121275445551
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C3E279A-1505-48EB-994E-7E1BA44CF18F}: Domain = ruraltel.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C3E279A-1505-48EB-994E-7E1BA44CF18F}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ruraltel.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C3E279A-1505-48EB-994E-7E1BA44CF18F}: Domain = ruraltel.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C3E279A-1505-48EB-994E-7E1BA44CF18F}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ruraltel.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C3E279A-1505-48EB-994E-7E1BA44CF18F}: Domain = ruraltel.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C3E279A-1505-48EB-994E-7E1BA44CF18F}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ruraltel.net
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\System32\lexbces.exe
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,917
Microsoft AntiSpyware is still in beta testing, so I wouldn't even be using it. I personally have my doubts how well it works anyway.

----------------------------------------------------------------

Why are you still using the original version of Windows XP instead of Windows XP SP2? This puts you way behind on updates and security-related enhancements.

----------------------------------------------------------------

The O17 entries appear to be a problem, but someone else will need to confirm that.

Does ruraltel.net mean anything to you, and is it associated with your ISP?

----------------------------------------------------------------
 

Hux

Thread Starter
Joined
Dec 3, 2003
Messages
148
This is a machine that a lady brought to me to fix.
Windows update will run and wants to install SP2, but doesn't like something about the licensing so it is unable to update. I believe she bought this used from a school so there may be somethin' up with how XP was installed?

ruraltel.net is our local isp. But yes I've never seen any O17's like that on any other machines I've worked on from around here.
 
Joined
Jul 14, 2005
Messages
37
It was probably an unlicensed copy that Microsoft has on file. They are known to deny certain things (like SP2) if they think the software is pirated.

The only thing strange about those 017 entries is that it looks like the name servers are on two different subnets. This might just be the way your ISP does it, but many times ISPs have their DNS servers on the same subnet. It could be a sign of a bad DNS server in the list which would allow someone to control where websites pointed (so they can steal personal information). You should check with your ISP that your DNS servers should be set to 69.50.176.196 and 195.225.176.110.

Other than that, things look OK to me.
 

Hux

Thread Starter
Joined
Dec 3, 2003
Messages
148
That's my guess as well on the license.

Pretty sure those DNS servers are not correct. I removed all the O17 entries and it works fine.

I'll do some more investigating. Only thing right now is that every time I boot it to one of the 2 users set up on it, the first thing that happens is that MS Antispyware warns that IBIS is trying to install and removes it.
Other than that it is running like a champ.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top