Another Look Please ;)

Started by hayc59, March 02, 2008, 09:37:32 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

hayc59

March 02, 2008, 09:37:32 AM
Thanks for the help in advance!!
was wondering mainly about the highlighted ones?
If they are needed for the programs to run properly?
and if anything else can go...I like a fast boot
G.



Logfile of HijackThis v1.99.1
Scan saved at 12:32:31 AM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Gordon&Nancy\Desktop\Junk\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [trueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"
'Never Forget'

Basementgeek

#1
March 02, 2008, 03:36:14 PM
Just a really quick look, I think you be OK to set any 023 entries, doing with ipod/Bonjour Service to "Manual" .  Leave the 010 and the ones for Acronis alone.

BG
Time is a thief- One more today here is one less tomorrow

Corrine

#2
March 02, 2008, 03:59:00 PM
(Note, BG posted a reply while I was putting this mini-WinPatrol tutorial together.  As a result, I'll add instructions for changing the iPod/Bonjour Service to Manual.)

QuoteI like a fast boot

Ah, Hayc59, my friend.  What is this on the computer:  WinPatrol?  Let's explore using WinPatrol Plus to its fullest.

Startup:

The "04" items are programs scheduled to run at startup.  Some of those programs you most definitely want to initialize at Windows launch.  Others you could delay start or remove from startup. 

You definitely want these three to launch with system initialization.  After all, they are your key security software programs. (Outpost is running too, but as a service.)

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"

Acronis is used for your system backup.  You could delay the start, but I would recommend leaving them alone.  Acronis has a corresponding "service", described further below.

O4 - HKLM\..\Run: [trueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

If you do not use iTunes or AutoSizer on a regular basis, they could be removed from startup.  You would then start them from a shortcut (i.e., Quick Launch or Desktop Shortcut) or from Program Files.  Removing a software from startup does NOT remove it from your computer.  It merely prevents the program from restarting every time your computer does.

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"

Let's say you don't want iTunes to start at Windows initialization. 

To remove a software from startup with WinPatrol:

  • Right-click on Scotty in the task manager to launch WinPatrol, selecting "Options".
  • Click the Startup Programs tab in WinPatrol.
  • Click on iTunes (in this example) to select it and then click the Remove button.
  • If the program is currently running, the Remove action will also allow you to shut it down.  Select Yes at that prompt.
  • The final prompt will be to click Yes to confirm removing the software from startup.
Note:  If you change your mind about a program removed from startup (or one you elected at installation not to start at Windows launch), just click the Add button at the bottom of the WinPatrol Startup Programs window.  Navigate to the location of the program to be added, locate and highlight the .exe file and click Open.  The software is now added to startup.

Now let's deal with a software that you want to delay the startup until after Windows launch. Because you want a "fast boot", moving programs you want in startup to delayed start can decrease the boot time. 

  • In the Startup Programs tab, right-click to select the program to be delayed (i.e., AutoSizer)
  • In the options provided, click "Move to Delayed Start Program List.


      Now let's set the Delay time:

      • Select the Delayed Start Tab
      • Click to highlight the program to be delayed at startup and select "Delay Options"
      • Click the "down arrow" next to the Minutes box and scroll to the desired number of minutes for delayed start. Repeat for Seconds, if desired.
      • Click Apply and the Delay Time will be set.
    Note:
     
    The seconds setting for Delayed Start is in increments of 10 seconds from 0 to 50. Once 50 seconds have been met, the next step up is minutes, which can be delayed up to 60 minutes.

    To adjust the delay time, you can also type a number in the minute and/or second selection box ; i.e., 10, and use the keyboard arrow keys to raise or lower the number. The minute options are raised/lowered by one minute at a time and the seconds option in increments of 10 seconds. Also try clicking in the boxes and use the keyboard arrow keys the same way.

    ~~~~~~~~~~~~~~~~~

    Extra Tools:

    This is merely an optional tool to adjust SunJava options.  To remove with WinPatrol: 

    • Go to the IE Helpers tab
    • Click the item to be removed to select it
    • Click the Remove button
    ~~~~~~~~~~~~~~~~~

    Services

    Below is the information from WinPatrol Plus regarding the services questioned in your post.

    Acronis True Image – SCHEDUL2.EXE
    QuoteSchedul2.exe installs with Acronis True Image. Acronis True Image creates an exact disk image of your live system for a complete backup. The disk image file includes all the computer data including the operating system, programs, software updates and patches, data files, configurations, preference settings, e-mails, pictures, and MP3s. SchedHlp.exe can be used to schedule backups when you're not using the PC. A file called TrueImageMontior.exe will also appear on your system. This is the main program executable. If you use this program and schedule backups, you'll need to leave this file in place. More information can be found at http://www.acronis.com/products/trueimage/.

    # Safe

    MusicMagic Mixer TiVo Support – MDNSRESPONDER.EXE
    QuoteMDNSResponder.exe installs with MusicMagic Mixer by Pendixis. This file is the Apple Rendezvous client that MusicMagic uses to communicate with the TiVo service. It is normal for this file to attempt to connect to the Internet. If you don't use TiVo, this file can be safely removed using WinPatrol. More information can be found at http://music.predixis.com/.

    # Safe

    To change a service to manual with WinPatrol:

    • Select the Services Tab in WinPatrol.
    • At the bottom of the window, place a check in the box next to "List non-Microsoft services only."
    • Click to highlight the iPod Service
    • Select the Info button
    • Under "startup", change the selection to "Manual"
    • Click Apply.
    • Repeat for Bonjour Service - Apple Inc.
    Please let me know if you have any questions. 
[/list]


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

hayc59

#3
March 02, 2008, 05:26:35 PM
ok all done and will let you both[thank you very much both of you]
how it goes...Gordon

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"
'Never Forget'

Ripley

#4
March 03, 2008, 02:11:12 AM
 
       :hijacked:

Hayc59!  Let me know when & if you feel it is OK for me to comment on this tutorial. There are "light bulbs" going off in my head, and dots being "connected" concerning this WinPatrol program.

@Corrine, NICE!

Corrine

#5
March 03, 2008, 03:33:43 AM
Thanks, Ripley. 

WinPatrol is a great software.  I cannot help being enthusiastic about it. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions