[Edwood]

Quote:

Originally Posted by MisterX Format only works for logical drives so that rules out erasing your partitions with it.

I meant to ask if nuking the data in the partitions would be necessary.

OK, Time for the reboot, let's see what happens..................

-Ed

 

[MisterX]

The data in your partitions should be just fine.

BTW are you responsible for this?
http://www.hamsterdance2.com/classorig.html

 

[Edwood]

Quote:

Originally Posted by MisterX The data in your partitions should be just fine. BTW are you responsible for this? http://www.hamsterdance2.com/classorig.html

LOL, no.

-Ed

 

[Edwood]

Reboot successful.

So far so good. No pop ups, nothing fishy shows up in HijackThis.

-Ed

 

[kramer5150]

Very informative thread.... Sorry Ed dont mean to hijack....

Can someone help me decipher these ... Am I safe?
It is a leased PC, Im a cisco employee, so there are some corporate network and security applications mixed in.

Is there anything standing out as an obvious problem?

Thanks!!!

Heres mine...

Logfile of HijackThis v1.99.1
Scan saved at 9:52:42 AM, on 7/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Cisco\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\System32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Connected\CBlaunch.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Cisco_IT\UPHCLEAN\UPHCLEAN.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Credant\Gatekeeper\GKProbe.exe
C:\Program Files\Cisco\CSAgent\bin\okclient.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Lotus\Sametime Client\activmon.srv
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Garrett\Programs\Hijack-this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwin.cisco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wwwin.cisco.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cisco Systems, Inc.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPw rMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAuto nomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe" /startup
O4 - HKCU\..\Run: [DiskCleanup] C:\WINDOWS\CISCO_IT\Scripts\DiskCleanup\DiskCleanu p.vbs
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Security Agent.lnk = C:\Program Files\Cisco\CSAgent\bin\okclient.exe
O4 - Global Startup: GKProbe.lnk = C:\Program Files\Credant\Gatekeeper\GKProbe.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://wwwin.cisco.com/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.cisco.com
O17 - HKLM\Software\..\Telephony: DomainName = amer.cisco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B5B91D1-863B-4029-BE30-BE0C50A5959C}: Domain = cisco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5333B06-C10B-48BC-B75B-7CB44A4C4CAD}: Domain = cisco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.cisco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cisco.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B5B91D1-863B-4029-BE30-BE0C50A5959C}: Domain = cisco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cisco.com
O20 - AppInit_DLLs: AMINIT.DLL CSAUSER.DLL
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\System32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\System32\schdsrvc.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: CEPS Watch - Cisco Systems - C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Cisco Security Agent (CSAgent) - Unknown owner - C:\Program Files\Cisco\CSAgent\bin\CSAControl.exe" -t c (file missing)
O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Credant Mobile Guardian Gatekeeper (Guardian) - CREDANT Technologies - C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[mtkversion]

Try out Spyware Blaster when you reformat. http://www.javacoolsoftware.com/spywareblaster.html

I used to get random tracking cookies when I'd scan with Ad-Aware/Spybot but since running this program I rarely get any spyware now.

Great program IMO.

 

[eric343]

Oddly enough, my Windows desktop has a 0 spyware count and I run zero diagnostic / antivirus / antispyware software regularly or continuously in the background. (Ad-Aware if I'm feeling suspicious about something, but that's once every 6 months.)

But then again I don't even have to even think about the foggiest possibility of maybe perhaps comprehending the merest inkling of the idea of "worrying about spyware and viruses" when I use my Powerbook G4.

 

[rauer]

An interesting thing happened regarding PC safety. In addition to the above mentioned Trend Micro spyware scanner, I ended up running their online virus scanner too - again. And it did find two viruses (so far, the scan's still going on) in the Agent usenet news reader's data. Simultaneously my constantly running background F-Secure scanner found them too, though it hadn't noticed them before. Odd.

I do know that the usenet groups are full of viruses and I never ever launch any attachments. I guess what happened was that the Trend Micro scanner decoded them and having done that, both scanners found the viruses.

 

[eyeteeth]

x

 

[Aman]

Ed:

Not that I know of.

How many friggin' plugins do you need? Just get the Flash one, the Windows Media one, Real, Quicktime -- and that's it! The rest of them are extras. They are user-created extensions that only add to the browser.

I don't see where the hesitence is coming from. I understand you have to keep windows (though if it's only for surfing the internet, and I were you, I'd just put it to linux since then I'd be completely secure and wouldn't have to worry about compatability since I'd have other Windows machines) but that doesn't mean you can't use open source!

Trust me, just about EVERYBODY rates Firefox over IE. Maximum PC did a comparison about 6 months ago and there was no comparison - Firefox is the better browser.

You will be SO happy you had it.

Oh yeah, and PS: The "problems" you are talking about are not caused by Firefox - they are caused by the webmasters themselves who fall slaves to the stupid, slow, and pathetic M$ version of HTML and Javascript. Over the last year, many of the problems that you are talking about where some features in the code don't work have been fixed. Most webmasters have taken note that much more of the world uses a different browser now.

 

[eyeteeth]

x

 

[rauer]

Quote:

Originally Posted by eyeteeth F-Secure ...Failed me.

There seems to be very varying data about which virus scanners are good and which aren't so. Having read a few tests/reviews that were neutral AFAIK, it seems that the Kaspersky products are always among the very best. Then there are several good brands with varying results, like McAfee, Norton etc. F-Secure tends to do pretty well in general, though usually not quite at the top. The free scanners do mediocrily in general IIRC.

The reason I'm using the F-Secure is that I can get for free (or actually my wife as a PhD student gets it for free from the university). Previously I've used free products like AVG, F-Prot (DOS), Avast.

 

[eyeteeth]

x

 

[YngwieJMalmsteen]

I love hijackthis, I've been using it for a while now and it's saved a couple of computers. Anyway, sorry to hear about the computer problems, here's a little lesson in minimalism via my hijackthis log.

Logfile of HijackThis v1.99.0
Scan saved at 12:57:56 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jerry Silver\My Documents\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown - C:\WINDOWS\system32\RadClock.exe

I can't remember the last time I had a pop-up. Most website don't have ads at all since I block the address where there ads come from.

 

[perplex]

get Firefox and Adblock extension. using IE you're asking for hell