Item in system configuration utility lacks information (???)

[Guest johnhurley3@gmail.com]

I notice that one item has a tick but no other information....

Hmmmmmm!

Does anything look wrong here:-

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:45:37, on 21/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-

B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:

\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-

D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:

\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /

Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT

\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT

\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT

\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /

STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs

\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Post Image to Blog -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003

O8 - Extra context menu item: Tag This Image -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002

O8 - Extra context menu item: Upload All Images to ImageShack -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000

O8 - Extra context menu item: Upload Image to ImageShack -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C}

- C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar

\ENCSBAR.DLL

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-

B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-

Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-

B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-

Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file

missing)

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class)

- http://cyimg5.cyworld.nate.com/ImageUpload/CyImageUpload2.cab

O16 - DPF: {10B69FAD-B2F1-4DB0-BBEC-81DCC529F957} (BTWWebClient

Control) - http://download.banktown.com/kbstarActiveX/BTW-sToolkit.cab

O16 - DPF: {155571EC-5A3C-4E5F-A00D-DC243A83023B} (FDiImgUpload

Control ?R?"?g???[??) - https://www.fdinet.fujifilm.co.jp/fdinet/activex/FDiImgUpload.cab

O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer

Class) - http://jr.naver.com/comic/book/viewer/NHNComicViewer.cab

O16 - DPF: {24A04430-81DA-467A-BE87-774DFAECBBF6} (UlalaPhoto Control)

- http://cyimg8.cyworld.nate.com/storyRoom/CyImageResizeCtl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar)

- http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab

O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class)

- http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab

O16 - DPF: {6F06A005-C6F0-4913-A480-BCBC51D5E10B} (AxUOU Class) -

http://uwin.ulsan.ac.kr/Portal/DownLoad/AxUOU(2.0.0.4).cab

O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler

Class) - http://emailimg.sktelecom.com/inimas/autocontroll/IniMasPlugin.cab

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0

Client Control) - http://img.kbstar.com/xecure/xw_install_v7050.cab

O16 - DPF: {916465E2-F906-4A14-9A91-261BA17CA6A1} (Actstop Control) -

http://stop.co.kr/program/install/actstop.cab

O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login

Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) -

http://update.nprotect.net/nprotect/module/npx.cab

O16 - DPF: {D885750C-6002-460E-A162-713400FB1FD4} (CActiveXFileCtrl

Control) - http://www.goalibaba.com/setup/CActiveXFileCtrl.cab

O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) -

http://kings.cachenet.com/kdfx218/kbstar/kdfense9.cab

O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) -

http://www.hmall.com/initech/plugin/INISafeWeb50.cab

O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class)

- http://file.searchspy.co.kr/control/SearchPackWebInstaller.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:

\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:

\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

- C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS

\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS

\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.

- C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:

\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:

\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google

\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver

\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:

\Program Files\iPod\bin\iPodService.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS

\System32\PAStiSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Thanks a lot

John

[Guest VanguardLH]

Re: Item in system configuration utility lacks information (???)

 

johnhurley3 wrote ...

>I notice that one item has a tick but no other information....

 

 

Are you talking about 'msconfig'? If so, under WHICH tab does the

checkbox appear with no string after it? Even if the command string

is blank, it should still list the location. WHERE is the location

for the blank item? That would tell you where to look, like a

registry entry under a Run key that is blank and can be deleted.

[Guest johnhurley3@gmail.com]

Re: Item in system configuration utility lacks information (???)

 

On Sep 22, 1:27 pm, "VanguardLH" <Vanguar...@mail.invalid> wrote:

> johnhurley3 wrote ...

>

> >I notice that one item has a tick but no other information....

>

> Are you talking about 'msconfig'? If so, under WHICH tab does the

> checkbox appear with no string after it? Even if the command string

> is blank, it should still list the location. WHERE is the location

> for the blank item? That would tell you where to look, like a

> registry entry under a Run key that is blank and can be deleted.

 

Msconfig

HKLM/Software/Microsoft/windows/current

[Guest johnhurley3@gmail.com]

Re: Item in system configuration utility lacks information (???)

 

Msconfig

Start ups

> HKLM/Software/Microsoft/windows/current Thanks

 

 

 

On Sep 22, 1:58 pm, johnhurl...@gmail.com wrote:

> On Sep 22, 1:27 pm, "VanguardLH" <Vanguar...@mail.invalid> wrote:

>

> > johnhurley3 wrote ...

>

> > >I notice that one item has a tick but no other information....

>

> > Are you talking about 'msconfig'? If so, under WHICH tab does the

> > checkbox appear with no string after it? Even if the command string

> > is blank, it should still list the location. WHERE is the location

> > for the blank item? That would tell you where to look, like a

> > registry entry under a Run key that is blank and can be deleted.

>

> Msconfig

> HKLM/Software/Microsoft/windows/current

[Guest Nightowl]

Re: Item in system configuration utility lacks information (???)

 

johnhurley3@gmail.com wrote on Sat, 22 Sep 2007:

>Msconfig

>HKLM/Software/Microsoft/windows/current

>

That's not the complete address, John. It should be "CurrentVersion" and

something more after that, likely "\Run".

 

In msconfig, put your cursor at the top over the divider between the

"Command" column and the next, then double-click. This should resize the

column so you can see the whole command.

 

Also, *please* don't post HijackThis logs here. There are special forums

for that; look in the documents that came with the program for a list.

 

--

Nightowl

[Guest johnhurley3@gmail.com]

Re: Item in system configuration utility lacks information (???)

 

On Sep 23, 5:55 am, Nightowl <owl@[127.0.0.1]> wrote:

> johnhurl...@gmail.com wrote on Sat, 22 Sep 2007:

>

> >Msconfig

Thanks Nightowl it is run and the file is ctfmon it is in the windows

32 folder.

The original problem is that the time was changing (even in bios with

a new battery).. That was affecting zone alarm and AVG so I wondered

if it was a ruse used by a trojan.

John