Hijackthis log analyzer

[1984]

I found this site:

http://www.hijackthis.de/

It analyzes your hijackthis logs for you automatically. Here is my log, and this is what the site said. What do you think?

Logfile of HijackThis v1.99.1

Scan saved at 11:24:18 AM, on 11/20/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\Program Files\Clock Tray Skins\ClockTraySkins.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\wwSecure.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Sideshow\Desktop\New Folder\Newbie Cracking Tutorials\crackme.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedaily.com/menagerie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Sideshow"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128624468250

O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE103DE-6E39-4CF6-95ED-F9D58AD19BD0}: NameServer = 142.161.130.155 142.161.2.155

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Logfile of HijackThis v1.99.1

Safe. Shows the version of HijackThis an. The newest version is: v1.99.1!

This should be the newest version. (v1.99.1)

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180!

This should be the newest version. (6.00.2900.2180)

C:\WINDOWS\System32\smss.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\csrss.exe

Safe. running process. (csrss.exe)

Systemprozess - Client Server Runtime

C:\WINDOWS\system32\winlogon.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\services.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\lsass.exe

Safe. running process. (lsass.exe)

Systemprozess

C:\WINDOWS\system32\svchost.exe

Safe. running process. (svchost.exe)

Systemprozess - Allgemeiner Hostprozessname für Dienste.

C:\WINDOWS\system32\svchost.exe

Safe. running process. (svchost.exe)

Systemprozess - Allgemeiner Hostprozessname für Dienste.

C:\WINDOWS\System32\svchost.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\svchost.exe

Safe. running process. (svchost.exe)

Systemprozess - Allgemeiner Hostprozessname für Dienste.

C:\WINDOWS\system32\svchost.exe

Safe. running process. (svchost.exe)

Systemprozess - Allgemeiner Hostprozessname für Dienste.

C:\WINDOWS\system32\brsvc01a.exe

Safe. running process. (brsvc01a.exe)

Brother Drucker

C:\WINDOWS\system32\brss01a.exe

Safe. running process. (brss01a.exe)

Brother Druckertreiber

C:\WINDOWS\system32\spoolsv.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\Explorer.EXE

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

Safe. running process. (PDVDServ.exe)

Cyber Link PowerDVD

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

Safe. running process. (LVCOMS.EXE)

Possibly nasty! According to our database this process runs normally in c:\program files\common files\logitech\qcdriver3! Check if you know this process and arrange a viruscheck where required.

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

Safe. running process. (zlclient.exe)

Zone Alarm

C:\WINDOWS\system32\ICO.EXE

Safe. running process. (ICO.EXE)

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

Safe. running process. (CAVTray.exe)

eTrust EZ Antivirus

Possibly nasty! According to our database this process runs normally in c:\programme\ca\etrust ez armor\etrust ez antivirus! Check if you know this process and arrange a viruscheck where required.

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

Safe. running process. (CAVRID.exe)

eTrust EZ Antivirus

Possibly nasty! According to our database this process runs normally in c:\programme\ca\etrust ez armor\etrust ez antivirus! Check if you know this process and arrange a viruscheck where required.

C:\WINDOWS\system32\FSRremoS.EXE

Unknown running process. (FSRremoS.EXE)

This is a unknown process.

C:\Program Files\Clock Tray Skins\ClockTraySkins.exe

Unknown running process. (ClockTraySkins.exe)

This is a unknown process.

C:\WINDOWS\system32\Pelmiced.exe

Safe. running process. (Pelmiced.exe)

Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games

Not dangerous, but unnecessary.

C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe

Safe. running process. (aspnet_admin.exe)

Part of .NET Framework 2

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

Safe. running process. (ISafe.exe)

Bestandteil von eTrus Antivirus

Possibly nasty! According to our database this process runs normally in c:\windows\system32\zonelabs! Check if you know this process and arrange a viruscheck where required.

C:\Program Files\Executive Software\Diskeeper\DkService.exe

Safe. running process. (DkService.exe)

Diskkeeper

Possibly nasty! According to our database this process runs normally in c:\program files\executive software\diskeeper! Check if you know this process and arrange a viruscheck where required.

C:\Program Files\ewido\security suite\ewidoctrl.exe

Safe. running process. (ewidoctrl.exe)

Ewido Security Suite

C:\WINDOWS\system32\nvsvc32.exe

Safe. running process. (nvsvc32.exe)

NVIDIA graphics card driver

Not dangerous, but unnecessary.

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\svchost.exe

Safe. running process. (svchost.exe)

Systemprozess - Allgemeiner Hostprozessname für Dienste.

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\wwSecure.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\System32\alg.exe

Safe. running process. (alg.exe)

Systemprozess - Application Layer Gateway Server

This service is unnecessary if you do not use ICS.

C:\Documents and Settings\Sideshow\Desktop\New Folder\Newbie Cracking Tutorials\crackme.exe

Unknown running process. (crackme.exe)

This is a unknown process.

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

Safe. running process. (VetMsg.exe)

Bestandteil von eTrus Antivirus

Possibly nasty! According to our database this process runs normally in c:\programmi\ca\etrust ez armor\etrust ez antivirus! Check if you know this process and arrange a viruscheck where required.

C:\Program Files\Spyware Doctor\swdoctor.exe

Safe. running process. (swdoctor.exe)

Spyware Doctor

C:\Program Files\eMule\emule.exe

Safe. running process. (emule.exe)

eMule filesharing

Possibly nasty! According to our database this process runs normally in e:\emule0.46c! Check if you know this process and arrange a viruscheck where required.

C:\Program Files\Internet Explorer\iexplore.exe

Safe. running process. (iexplore.exe)

Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)

C:\Program Files\HijackThis\HijackThis.exe

Safe. running process. (HijackThis.exe)

Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe

Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedaily.com/menagerie.html

Safe. This page has been identified as safe.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Safe.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

Safe. Entries found in this registry zone are potentially nasty. This application ([5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB] - Result: 5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB) has been checked. Hit rate: 99 %

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

Safe. Entries found in this registry zone are potentially nasty. This application ([b56A7D7D-6927-48C8-A975-17DF180C71AC] - Result: B56A7D7D-6927-48C8-A975-17DF180C71AC) has been checked. Hit rate: 99 %

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

Safe. DisKeeper defragmentation software - can be started manually.

Hit rate: 99 % (result)

Not dangerous, but unnecessary.

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

Safe. Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one

Hit rate: 99 % (result)

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

Safe. Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera

Hit rate: 29 % (result)

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

Safe. eTrust EZ Antivirus

Hit rate: 99 % (result)

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

Safe. eTrust EZ Antivirus

Hit rate: 99 % (result)

O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X

Unknown

Hit rate: 5 % (result)

Unknown application.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Safe. Part of NVidia

Hit rate: 99 % (result)

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe

Unknown

Hit rate: 6 % (result)

Unknown application.

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

Safe. Microsoft s MSN Messenger 6

Hit rate: 71 % (result)

O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Sideshow"

Safe. Webroot Window Washer

Hit rate: 99 % (result)

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Safe. Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine

Hit rate: 94 % (result)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Safe. The entry E&xport to Microsoft Excel has been identified as safe.

If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed.

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

Safe. The entry Spyware Doctor has been identified as safe.

If the entry 'Spyware Doctor ' is not needed anymore, it should be fixed.

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

Safe. The entry Research has been identified as safe.

If the entry 'Research ' is not needed anymore, it should be fixed.

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

Safe. This entry has been identified as safe.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...ient/wuweb_site .cab?1128624468250

Safe. This entry has been identified as safe.

O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE103DE-6E39-4CF6-95ED-F9D58AD19BD0}: NameServer = 142.161.130.155 142.161.2.155

Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.

Do you know the IP or Domain '142.161.130.155 142.161.2.155'? If not, fix this entry.

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (Adobelmsvc.exe) was identified as a good one.

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (brsvc01a.exe) was identified as a good one.

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (ISafe.exe) was identified as a good one.

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (DkService.exe) was identified as a good one.

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (ewidoctrl.exe) was identified as a good one.

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (nvsvc32.exe) was identified as a good one.

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (VetMsg.exe) was identified as a good one.

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

Unknown service. (wwSecure.exe)

0

[1984]

i think this is a link to it, but i didnt want to lose it:

http://www.hijackthis.de/index.php#anl

[Tarun]

That site is terrible and gives tons of false positives.

[SenutyEnool]

That site is terrible and gives tons of false positives.

<{POST_SNAPBACK}>

I have to agree with Tarun on this. I ran mine through there on the weekend, and as stated, it brought up false positives and also a lot of misinformation.

For example, they recommend that I run a virus checker over EzTrust as it should reside in my d:\ and is a potential "Nasty".

Very strange that, seeing I haven't partioned my HD and don't have an external one either, so how the heck can I install on d:\ ............

I'd recommend steering away from that site.

Cheers :hug:

[1984]

Thanks for the information. It is a german site, and I just found it today. I thought I would try it out, but (from an uneducated persons (computers anyways) point of view, several items didnt look right to me) I wasnt sure if this was a good site or not. The forums look ok, but i wasnt sure on the log analysis.

Thanks all! :hug:

[Capman]

I use that site all the time, not for the results that it produces, but for the way that they are presented, which I find a lot easier to look through, rather than line after line of black and white text.

The best bet for anyone though is having a HJT log looked over personally.

[coltm4carbine]

lol i might just let it analyze my log and see what i get. The log should be clean cos i cleaned it out myself .

Logfile of HijackThis v1.99.1

Scan saved at 22:47:45, on 22/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\United Devices\UD.EXE

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\United Devices\ud_7657531.exe

C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe

C:\Program Files\Advanced System Optimizer\memtuneup.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.co.uk"); (C:\Documents and Settings\(name removed)\Application Data\Mozilla\Profiles\default\p226ydua.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\(name removed)\Application Data\Mozilla\Profiles\default\p226ydua.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1B313945-68B9-860F-BDB9-B5999C129D75} - (no file)

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll (file missing)

O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - (no file)

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesuk.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesuk.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108421444968

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...512/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{62ACF179-4179-4456-8319-5810DBF8C58F}: NameServer = 62.6.40.178 194.72.9.38

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

+++

They said I had loads of unneccessary items (which was true) and that was about it.

Although it was true I still can't trust it . i rather do it my way (long, hard and boring way)

[coltm4carbine]

Thanks for the offer but i had to reformat on Thursday cos my friend was deleting random files (i had hidden files shown) :(.

I tried system restore,

Scanfix (i think it's that- you put the cd in and it checks for missing system files)

and a few others.

the result of the reformat- i lost all my GCSE course work. I didn't get any sleep after that reformat because i had to redo all of it in wordpad (my friend uninstalled microsoft office-now i can't get it back).

cool thanks I am downloading it now.