Hi, I posted a thread with some questions I have, but perhaps this is a better forum for that. The Original message was this:
I don’t have any real problems with the computer that I know of, but just a few questions.
I bought a bargain Pavilion from HP some years ago, and found the release something of a software dictator. I am not using much of that after this re-format, and have been testing the consequences of running or not running services. I am trying to play a Bethesda Game called Morrowind without CTDs (crashes to desktop) or processor demand challenges.
I have tried to learn as much as I could, but have some questions I would like to throw out.
1. I sometimes scan with Rootkit Revealer:
A. These artifacts are curious:
HKLM\SECURITY\Policy\Secrets\SAC* 8/23/2003 1:06 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/23/2003 1:06 AM 0 bytes Key name contains embedded nulls (*)
B. Sometimes I see files outside the directories or unavailable to the API. When I began to see these I had tried to Defrag without DCOM Server Process Launcher . I still have it disabled in my game hardware profile, but only run the game there. This is today:
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP214\A0018097.RDB 4/30/2008 8:03 AM 1.41 MB Hidden from Windows API.
2. This is also a curious, scanned but with Trend Micro HijackThis:
(O24 - Enumeration of ActiveX Desktop Components)
O24 - Desktop Component 0: (no name) - (no file)
Thanks.
But I can not delete/fix "O24 - Desktop Component 0: (no name) - (no file)" with HijackThis
This is my log:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
=
MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
(no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO -
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program
Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}
- (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker -
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program
Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program
Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
(User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows
Live Safety Center Base Module) -
Windows Live OneCare
cbase370.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave
Flash Object) -
http://fpdownload2.macromedia.com/ge...r/current/swfl
ash.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 4508 bytes
-----------------------------------------------------------------------------------
Concerning the ghost file, running checkdisk twice converts it (badly) then deletes it.
Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP214\A0018097.RDB 4/30/2008 8:03 AM 1.41 MB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp .edb 4/30/2008 2:42 PM 64.00 KB Visible in Windows API, MFT, but not in directory index.
-----------------------------------------------------------------------------------
I have no clue about those policy null things, I assume that is the Norton trial package I had and uninstalled.
Thanks
PC Help Forum
» Security & Safety
» [Pending] HJT Logs
»
Embedded Nulls? The API? Scan Results:
Embedded Nulls? The API? Scan Results:
Linear Mode
