Need some feedback on this site that appears to give results automatically..
http://www.hijackthis.de/index.php?langselect=english
is it any good...a scam...a spyware depository waiting for victims...or the real deal ?
Printable View
Need some feedback on this site that appears to give results automatically..
http://www.hijackthis.de/index.php?langselect=english
is it any good...a scam...a spyware depository waiting for victims...or the real deal ?
The real deal... now that's an extremely nice and helpful page... it's probably not 100% correct all the time, but from what I can see it does an excellent job.
It's obviously a German project, and assumes that all applications are installed in the default directory (c:\programme\ on a German box, obviously). If they're not, it'll label them as "Possibly nasty"...
It even recognized and labeled correctly the software for my touchpad...
From what I can tell it seems like a good website from my computers scan anyway, it did say that my firewall and antivirus were potential threats but came up on the list as safe. Picked up one file that could be removed and gives good advice about windows messenger connections. All-in-all may be a pretty good program for a newbie
The site helps in analyzing such logs.
Good source.
Thanks for the info.
Yo!
I just scanned mine using Hijackthis and it said "It seems that you don't use an anti-virus scanner or your scanner is not active" and "No active firewall was found on your system or the firewall you use is unknown to us." But I DO use an AV scanner and it IS active, and I DO have a firewall and it IS active. I use Norton AV05 and Norton Personal Firewall.
Then I just tested using Shields UP!, and it said my system received a "perfect "TruStealth" rating," and that "There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!" and that "From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."
Any idea as to why I am getting conflicting reports between the two sites?
It's real.... for what it's worth.Quote:
Originally posted here by Egaladeist
Need some feedback on this site that appears to give results automatically..
http://www.hijackthis.de/index.php?langselect=english
is it any good...a scam...a spyware depository waiting for victims...or the real deal ?
The problems in this application are twofold:
(1) False positives/false negatives. Everything must be checked by a real, live, knowledgeable person to be certain.
(2) Newer infections need special interventions. While HijackThis is a great tool for peeking into various parts of the registry, it can't fix every infection. Think of CWS, VX2 and Bube... and these are just a few of the infections that require specialized tools & knowledge.
I wouldn't recommend that page for those reasons. Just my .02.
:D
To add to meeeeeeeee's prognosis/opinion:
The biggest problem with automated scans is that they do not look at context. Take for example the following: (go ahead, you can plug them into the automated reader if you want)
O4 - HKLM\..\Run: [THG] C:\WINDOWS\system32\THGuard.exe
O4 - HKLM\..\Run: C:\WINDOWS\System32\regedit.exe
O4 - HKLM\..\Run: C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\Program Files\SMINST\RECGUARD.EXE
Can you figure out what, if anything, is wrong with those? The question then becomes, what should one do with them? Remove them and possibly damage the system? Those are legitimate files....or are they? You can find them all on Google, so they must be ok.
You will get an error message that is pretty confusing. Certainly not for a novice user, IMHO.
The other issue I have is that if you do use the scanner, and do mess something up, who are you going to get to help undo your mistake? I can see this scenario:
At least when a mistake is made when helping someone clean their system (their mistake or mine), I am right there to help them fix it, even if it means e-mailing them the necessary files to correct the error. And it does happen from time to time.Quote:
OP:
"I used your automated scanner, and it was unsure about some files, so I deleted them. Help me please"
HELPER:
"Do you remember what you deleted?"
OP:
"No"
HELPER:
"I can't help you because I don't know what you did..sorry. I guess you will just have to reformat. I sure hope you have your OS disks"
OP:
"What OS disks?" :(
And in addition to what meeeeeeee said about VX2, there are variants that do not show up in the log at all, as well as some variants of qooligic.
I really do appreciate the efforts people go through to keep up with these things, and to try to keep them up to date. I have designed practice logs that will fool the automated scanners just for the simple fact that I don't want those people I help train to have to depend on them (the automated readers, I mean).
Just for fun, put those entries into the reader found here:
http://www.help2go.com/modules.php?name=HJTDetective
Anyway, that's just my somewhat educated opinion. :D
Wow, the "O4 - HKLM\..\Run: C:\WINDOWS\System32\explorer.exe" has been identified as Beta Software, and has been positively identified as a malicious program, possibly being malware/spyware.Quote:
Just for fun, put those entries into the reader found here:
http://www.help2go.com/modules.php?name=HJTDetective
Anyway, that's just my somewhat educated opinion.
That's good stuff. Thank you for enlightening me and showing me that. I am truly grateful. I WAS getting ready to, within the next few days, post the results of the scan I did yesterday and ask for assistance. Because I don't understand what it is telling me. But, if it's alright, I would still like to PM the results to you anyway, after I enter the results on that website first, if that's alright with you.
But thanks again for showing me that. That is very helpful to me :D
Post the whatever you have in this thread. It should be informative to us all.
:)
Okay, here's the one I JUST did like, 2 minutes ago:
Logfile of HijackThis v1.99.0
Scan saved at 9:22:52 PM, on 2/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Chikka\chikka.exe
C:\PROGRA~1\Chikka\BnrRepo2.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\b\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.antionline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://activation.rr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O18 - Protocol: bw+0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: offline-8876480 - {FD6050B7-26BE-4936-8825-B4CF5EBEEBF8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Atheros Configuration Service - Unknown - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
I just ran it on Help2Go and got six hits
It says these one:
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
have been positively identified as malicious programs
These four:
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
are not necessarily spyware/malware, but they suggest I remove them anyway
Ummm hey Outer_Heaven? I hate to disagree with you but....
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
is the viewpoint media player's management file - it's a bona-fide file, not spyware, and without it Viewpoint/Videolan won't run.
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing)
is from the weather channel's website - it allows him to run and check his weather on the fly. Although it doesn't appear to have or be malware, I still don't quite trust it...
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
Dude, this is winamp. Nuff said.
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
is the Intel hotkey command manager.
The rest of them I agree should be removed, as I don't truly trust *any* messenger program since bad experiences with aim and winblowsmessenger, but that's at his option..
While spyware can be named anything, odds are the ones with true program names like ViewMgr.exe aren't. Don't take them out unless you know exactly what they are and decide you don't want them anymore.
Your post is PRECISELY why folks around here always tell newbies to HJT to ask before fixing. Secondly, I advise you to know for sure what you're about to advise someone to do before you advise them. I tapped you red for this reason to re-enforce this, because you can royally screw up someone's box that way. Oh, and I don't really hate disagreeing with you. In fact, this time around it was quite enjoyable. Salut.
Quote:
Originally posted here by Outer_Heaven
I just ran it on Help2Go and got six hits
It says these one:
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
have been positively identified as malicious programs
Well, the Viewpoint line is one I would remove, but even that isn't necesarily malicious - just annoying. I don't even bother with Weatherbug anymore. It's not much of a threat at all. Of course, the option is up to you to remove them.
But they're not malicious.
All quotes from http://computercops.biz/StartupList.htmlQuote:
These four:
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
are not necessarily spyware/malware, but they suggest I remove them anyway
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl Alt F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via Control Panel -> Display Properties
It's not malicious, but I would think that you would need the above information to make an informed decision. Did this scanner give you any information and/or links?
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs
Same for this one.
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech. Also listed under Logitech Desktop Messenger
Once again, the same.
Just think what an uninformed user might do with one of these scanners!
By the way, were you having problems with this system? Your log looks fine.
Yeah, as you know, the weatherbug was something that was installed automatically when I downloaded AIM. But I unistalled it and scanned everything with spybot and ad-adaware, but I guess there is still a trace of it in there.
No, there was no suspicious activity that prompted me to use this. I just downloaded it after reading threads and wanted to learn about it, but after the first time I scanned it and got the results, I didn't have a clue what it was telling me, what was good and what was bad, so I just left it alone. Then I was reading this thread yesterday and today, and now I'm here.
And no, there were no links or any other information given by the scanner, only how to remove them.
But these four:
were suggested for removal because they may be taking up system resources.Quote:
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
I don't recall ever mentioning I was going to advise anyone. I was only hear trying to learn about this. And any statements I made were those relayed from the scanner so I could tell you guys what they were saying. I was just trying to follow a link that was given to me so I could learn from it.Quote:
Secondly, I advise you to know for sure what you're about to advise someone to do before you advise them. I tapped you red for this reason to re-enforce this, because you can royally screw up someone's box that way.
sounds like this link needs a bit of debugging -
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dfw.speakeasy.net/
This is my connection speed site out of Dallas, and the only time I use MSIE other than windows update. Amazingly enough the site said it was spyware.
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
Ok, this one's for sure not spyware - but the site said it might be. Of course we *all* know msie is malware :D
04 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
Now it was at least honest and admitted that it didn't know what this software was - it's my temperature/fan speed monitor. Not essential to my system's operation, but disabling it would seriously raise my paranoia level.
The whole (clean and sanitized) log follows:
Logfile of HijackThis v1.99.1
Scan saved at 9:08:58 PM, on 2/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XXXXXXX\Desktop\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dfw.speakeasy.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...ab?XXXXXXXXXXX
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Sorry folks, I removed certain other progs I run integral to my system security, and otherwise sanitized the log for personal info. I won't reveal everything ;) Oh, and the runservice.exe that whatis.techtarget.com said was spyware so long ago? It's directly related to the license control service (which I run so my Zmud program will work properly). It ain't spyware.
[edit]Oh and O_H - apols for not reading the entire thread before I posted - looked like you were trying to help someone instead of posting up for gen info - my bad. I'm quite glad there's others more 'on the ball' than I am who balanced my reds with their greens. I owe you one.[/edit]
lol, not a prob |3lack|ce, you know us jar heads got thick skins (some of us, thick heads, as well).
But I was thinking, What did I do? lol, I was just trying to educate myself. But it's all good, those other guys balanced it out. Let me try to make sense of what you just posted.
Hi all
I use help2go as a 1st step. its not bad but I don’t depend on it.
I used to copy an infected HJT log from castle cops and post me in the site and see what dost return and I notice its not 100 % correct.
My main source is what Google return to me and my 1st choice is castle cops.
I highlight the file name in the log and search Google for it .
I have 3 questions I want you to help me with :
What is your judgment on the messenger plus?
In some M.B. they ask the users to down load some Extra *flies while
the spyware adware remove programs installed like Spybot S&D, ad-ware,..etc.
Are not these programs and the tools in HJT enough ?
* http://www.downloads.subratam.org/AboutBuster.zip
* http://www.niksoft.at/_data/startdreck.zip
* http://downloads.subratam.org/DllCompare.exe
What the indication for VX2 infection in HJT log?
thnx.
MessengerPlus3! by Patchou comes with a nasty LOP infection if you download it and opt to include the sponsor package. For that reason alone I would not recommend it, although I must say that it's pretty clear in the EULA (if anyone ever reads them!) that you're about to download some nasty stuff.Quote:
What is your judgment on the messenger plus?
No.Quote:
In some M.B. they ask the users to down load some Extra *flies while
the spyware adware remove programs installed like Spybot S&D, ad-ware,..etc.
Are not these programs and the tools in HJT enough ?
* http://www.downloads.subratam.org/AboutBuster.zip
* http://www.niksoft.at/_data/startdreck.zip
* http://downloads.subratam.org/DllCompare.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.comQuote:
What the indication for VX2 infection in HJT log?
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
These are the most common indications.
You're asking some questions that would take hours for me to answer fully. I recommend, if you have an interest in fixing these things, that you sign up with the Bootcamp at SpywareInfo. They will teach you all you need to know about fighting spyware/adware/malware.
Here's the link to sign-up for Bootcamp: http://forums.spywareinfo.com/index.php?showtopic=34
hi meeeeeee
Regarding the Extra files , are there a list of these flies and tuts ?
thnx for the fast reply and the link and I will register soon.
thnx
There are almost as many individual fixes as there are infections. I don't think you appreciate how much there is to learn before you can begin applying these fixes. If used incorrectly, some of these fixes can do more harm than the infections!Quote:
Originally posted here by coolcamel
hi meeeeeee
Regarding the Extra files , are there a list of these flies and tuts ?
thnx for the fast reply and the link and I will register soon.
thnx
The Boot Camp is your best resource for a list like you're looking for. There are also many tutorials there to help you learn the proper way to go about fixing malware. And there are people & practice logs there to help you learn in a safe environment, without damaging someone else's computer.
I have little else to say on the subject. Go there, sign up & learn things properly. I'm not going to aid you in finding a list of programs to use randomly. From your questions above it's clear you have a lot to learn. Go. Learn.