Jump to content

Am I Nice And Clean?

UKPunk
UKPunk
in Resolved Logs

Featured Replies

Posted

Hi Guys,

My PC has been acting a bit differently lately so I'd appreciate it if you could give my lig a quick look over. Thanks in advance.

Logfile of HijackThis v1.99.1

Scan saved at 17:06:08, on 06/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PGPserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe

C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe

c:\program files\anonymizer\anonymizer software\common\AnonProxy.exe

C:\Documents and Settings\DaveandAngie\My Documents\Daves\PC Answers\HijackThis.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [bCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup

O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PGPtray.exe.lnk = ?

O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142172587296

O20 - AppInit_DLLs: PGPmapih.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

  • Administrator

Thanks for posting, UKPunk.

The PGP Desktop encryption software is something you installed and use regularly?

I ask as it caught my attention by how it hooks into your Winsock, AppInit and other functions.

  • Author

Hi Tarun,

I've only recently started using PGP. To be honest I don't really understand Winsock, AppInit etc. or what they do. I ran the usual checks before I posted the log and and CWShredder found CWS.Msconfig and removed it. But I sometimes still get an error message when Anonymizer loads on startup. I emphasize that this doesn't happen on every startup, perhaps just one in three occasions. Also, I've had two instances of "cannot connect to the server" on startup in the last two days. Yet when I've restarted the PC it's loaded as normal. Very strange.

  • Administrator

If you feel those programs are not working accurately for you; then you may wish to remove them. Winsock is how your computer handles connections out to the Internet. I personally do not see a need for encryption software, but there again that's just me.

Your log is clean, so nothing to worry about there. I just had some concerns about how intrusive the PGP application is.

  • Author

Hi Tarun,

Thanks for your help, it's always nice to know the system's ok.

Regarding PGP, I have an old friend who now lives outside the UK and he asked me if I would use it so that he could encrypt his messages to me and vice versa, as he doesn't want his wife to see them. This is because he is a bit of a naughty boy on the marriage front. And he can get away with encryption as he uses it for work.

Thanks again.

I don't mean to step on any toes here and hope 'Tarun' doesn't mind me adding this but your 'Java' is several updates behind and many 'Vundo' infections are caught because of this. Go to ADD/REMOVE Programs and uninstall ALL versions of Java.

Then proceed here - http://java.sun.com/javase/downloads/index.jsp and install 'Java Runtime Environment (JRE) 5.0 Update 9'

Guest
This topic is now closed to further replies.
Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.