1984 Posted November 20, 2005 Share Posted November 20, 2005 I found this site: http://www.hijackthis.de/ It analyzes your hijackthis logs for you automatically. Here is my log, and this is what the site said. What do you think? Logfile of HijackThis v1.99.1 Scan saved at 11:24:18 AM, on 11/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\WINDOWS\system32\FSRremoS.EXE C:\Program Files\Clock Tray Skins\ClockTraySkins.exe C:\WINDOWS\system32\Pelmiced.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Sideshow\Desktop\New Folder\Newbie Cracking Tutorials\crackme.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\eMule\emule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedaily.com/menagerie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [skinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Sideshow" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128624468250 O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE103DE-6E39-4CF6-95ED-F9D58AD19BD0}: NameServer = 142.161.130.155 142.161.2.155 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe Logfile of HijackThis v1.99.1 Safe. Shows the version of HijackThis an. The newest version is: v1.99.1! This should be the newest version. (v1.99.1) Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180! This should be the newest version. (6.00.2900.2180) C:\WINDOWS\System32\smss.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\csrss.exe Safe. running process. (csrss.exe) Systemprozess - Client Server Runtime C:\WINDOWS\system32\winlogon.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\services.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\lsass.exe Safe. running process. (lsass.exe) Systemprozess C:\WINDOWS\system32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\system32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\System32\svchost.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\system32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\system32\brsvc01a.exe Safe. running process. (brsvc01a.exe) Brother Drucker C:\WINDOWS\system32\brss01a.exe Safe. running process. (brss01a.exe) Brother Druckertreiber C:\WINDOWS\system32\spoolsv.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\Explorer.EXE Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Safe. running process. (PDVDServ.exe) Cyber Link PowerDVD C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE Safe. running process. (LVCOMS.EXE) Possibly nasty! According to our database this process runs normally in c:\program files\common files\logitech\qcdriver3! Check if you know this process and arrange a viruscheck where required. C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Safe. running process. (zlclient.exe) Zone Alarm C:\WINDOWS\system32\ICO.EXE Safe. running process. (ICO.EXE) C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe Safe. running process. (CAVTray.exe) eTrust EZ Antivirus Possibly nasty! According to our database this process runs normally in c:\programme\ca\etrust ez armor\etrust ez antivirus! Check if you know this process and arrange a viruscheck where required. C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe Safe. running process. (CAVRID.exe) eTrust EZ Antivirus Possibly nasty! According to our database this process runs normally in c:\programme\ca\etrust ez armor\etrust ez antivirus! Check if you know this process and arrange a viruscheck where required. C:\WINDOWS\system32\FSRremoS.EXE Unknown running process. (FSRremoS.EXE) This is a unknown process. C:\Program Files\Clock Tray Skins\ClockTraySkins.exe Unknown running process. (ClockTraySkins.exe) This is a unknown process. C:\WINDOWS\system32\Pelmiced.exe Safe. running process. (Pelmiced.exe) Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games Not dangerous, but unnecessary. C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe Safe. running process. (aspnet_admin.exe) Part of .NET Framework 2 C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe Safe. running process. (ISafe.exe) Bestandteil von eTrus Antivirus Possibly nasty! According to our database this process runs normally in c:\windows\system32\zonelabs! Check if you know this process and arrange a viruscheck where required. C:\Program Files\Executive Software\Diskeeper\DkService.exe Safe. running process. (DkService.exe) Diskkeeper Possibly nasty! According to our database this process runs normally in c:\program files\executive software\diskeeper! Check if you know this process and arrange a viruscheck where required. C:\Program Files\ewido\security suite\ewidoctrl.exe Safe. running process. (ewidoctrl.exe) Ewido Security Suite C:\WINDOWS\system32\nvsvc32.exe Safe. running process. (nvsvc32.exe) NVIDIA graphics card driver Not dangerous, but unnecessary. C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\system32\ZoneLabs\vsmon.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\wwSecure.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\System32\alg.exe Safe. running process. (alg.exe) Systemprozess - Application Layer Gateway Server This service is unnecessary if you do not use ICS. C:\Documents and Settings\Sideshow\Desktop\New Folder\Newbie Cracking Tutorials\crackme.exe Unknown running process. (crackme.exe) This is a unknown process. C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe Safe. running process. (VetMsg.exe) Bestandteil von eTrus Antivirus Possibly nasty! According to our database this process runs normally in c:\programmi\ca\etrust ez armor\etrust ez antivirus! Check if you know this process and arrange a viruscheck where required. C:\Program Files\Spyware Doctor\swdoctor.exe Safe. running process. (swdoctor.exe) Spyware Doctor C:\Program Files\eMule\emule.exe Safe. running process. (emule.exe) eMule filesharing Possibly nasty! According to our database this process runs normally in e:\emule0.46c! Check if you know this process and arrange a viruscheck where required. C:\Program Files\Internet Explorer\iexplore.exe Safe. running process. (iexplore.exe) Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox) C:\Program Files\HijackThis\HijackThis.exe Safe. running process. (HijackThis.exe) Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedaily.com/menagerie.html Safe. This page has been identified as safe. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = Safe. O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll Safe. Entries found in this registry zone are potentially nasty. This application ([5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB] - Result: 5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB) has been checked. Hit rate: 99 % O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll Safe. Entries found in this registry zone are potentially nasty. This application ([b56A7D7D-6927-48C8-A975-17DF180C71AC] - Result: B56A7D7D-6927-48C8-A975-17DF180C71AC) has been checked. Hit rate: 99 % O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" Safe. DisKeeper defragmentation software - can be started manually. Hit rate: 99 % (result) Not dangerous, but unnecessary. O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" Safe. Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one Hit rate: 99 % (result) O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE Safe. Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera Hit rate: 29 % (result) O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" Safe. eTrust EZ Antivirus Hit rate: 99 % (result) O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" Safe. eTrust EZ Antivirus Hit rate: 99 % (result) O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X Unknown Hit rate: 5 % (result) Unknown application. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Safe. Part of NVidia Hit rate: 99 % (result) O4 - HKCU\..\Run: [skinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe Unknown Hit rate: 6 % (result) Unknown application. O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background Safe. Microsoft s MSN Messenger 6 Hit rate: 71 % (result) O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Sideshow" Safe. Webroot Window Washer Hit rate: 99 % (result) O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Safe. Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine Hit rate: 94 % (result) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Safe. The entry E&xport to Microsoft Excel has been identified as safe. If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed. O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll Safe. The entry Spyware Doctor has been identified as safe. If the entry 'Spyware Doctor ' is not needed anymore, it should be fixed. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL Safe. The entry Research has been identified as safe. If the entry 'Research ' is not needed anymore, it should be fixed. O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab Safe. This entry has been identified as safe. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...ient/wuweb_site .cab?1128624468250 Safe. This entry has been identified as safe. O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE103DE-6E39-4CF6-95ED-F9D58AD19BD0}: NameServer = 142.161.130.155 142.161.2.155 Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '142.161.130.155 142.161.2.155'? If not, fix this entry. O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (Adobelmsvc.exe) was identified as a good one. O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (brsvc01a.exe) was identified as a good one. O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ISafe.exe) was identified as a good one. O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (DkService.exe) was identified as a good one. O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ewidoctrl.exe) was identified as a good one. O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (nvsvc32.exe) was identified as a good one. O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (VetMsg.exe) was identified as a good one. O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (wwSecure.exe) 0 Quote Link to comment Share on other sites More sharing options...
1984 Posted November 20, 2005 Author Share Posted November 20, 2005 i think this is a link to it, but i didnt want to lose it: http://www.hijackthis.de/index.php#anl Quote Link to comment Share on other sites More sharing options...
Administrator Tarun Posted November 20, 2005 Administrator Share Posted November 20, 2005 That site is terrible and gives tons of false positives. Quote Link to comment Share on other sites More sharing options...
SenutyEnool Posted November 20, 2005 Share Posted November 20, 2005 That site is terrible and gives tons of false positives. <{POST_SNAPBACK}> I have to agree with Tarun on this. I ran mine through there on the weekend, and as stated, it brought up false positives and also a lot of misinformation. For example, they recommend that I run a virus checker over EzTrust as it should reside in my d:\ and is a potential "Nasty". Very strange that, seeing I haven't partioned my HD and don't have an external one either, so how the heck can I install on d:\ ............ I'd recommend steering away from that site. Cheers :hug: Quote Link to comment Share on other sites More sharing options...
1984 Posted November 20, 2005 Author Share Posted November 20, 2005 Thanks for the information. It is a german site, and I just found it today. I thought I would try it out, but (from an uneducated persons (computers anyways) point of view, several items didnt look right to me) I wasnt sure if this was a good site or not. The forums look ok, but i wasnt sure on the log analysis. Thanks all! :hug: Quote Link to comment Share on other sites More sharing options...
Capman Posted November 21, 2005 Share Posted November 21, 2005 I use that site all the time, not for the results that it produces, but for the way that they are presented, which I find a lot easier to look through, rather than line after line of black and white text. The best bet for anyone though is having a HJT log looked over personally. Quote Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 22, 2005 Share Posted November 22, 2005 lol i might just let it analyze my log and see what i get. The log should be clean cos i cleaned it out myself . Logfile of HijackThis v1.99.1 Scan saved at 22:47:45, on 22/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\United Devices\UD.EXE C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\United Devices\ud_7657531.exe C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe C:\Program Files\Advanced System Optimizer\memtuneup.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.co.uk"); (C:\Documents and Settings\(name removed)\Application Data\Mozilla\Profiles\default\p226ydua.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\(name removed)\Application Data\Mozilla\Profiles\default\p226ydua.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1B313945-68B9-860F-BDB9-B5999C129D75} - (no file) O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll (file missing) O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - (no file) O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesuk.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesuk.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108421444968 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...512/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - O17 - HKLM\System\CCS\Services\Tcpip\..\{62ACF179-4179-4456-8319-5810DBF8C58F}: NameServer = 62.6.40.178 194.72.9.38 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe +++ They said I had loads of unneccessary items (which was true) and that was about it. Although it was true I still can't trust it . i rather do it my way (long, hard and boring way) Quote Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 27, 2005 Share Posted November 27, 2005 Thanks for the offer but i had to reformat on Thursday cos my friend was deleting random files (i had hidden files shown) :(. I tried system restore, Scanfix (i think it's that- you put the cd in and it checks for missing system files) and a few others. the result of the reformat- i lost all my GCSE course work. I didn't get any sleep after that reformat because i had to redo all of it in wordpad (my friend uninstalled microsoft office-now i can't get it back). cool thanks I am downloading it now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.