Author Topic: Analyze My HiJack......please  (Read 8560 times)

0 Members and 1 Guest are viewing this topic.

emma

  • Guest
Analyze My HiJack......please
« on: May 09, 2005, 05:05:31 PM »
I recently ran a HiJackThis scan.  Of course I did not know what to do and just left it.  Today I was looking at Spyros's Security Site and saw a link that would analyze my log.  It did so and I had some "baddies".  I still am hesitant to fix them. I am posting my log and asking for some opinions.
Thanks emma
http://hijackthis.de/

Logfile of HijackThis v1.99.1
Scan saved at 11:47:09 AM, on 5/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E6C60AA-9794-4FE2-AA55-3D5023D4B709}: NameServer = 12.162.134.3 12.162.134.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E6C60AA-9794-4FE2-AA55-3D5023D4B709}: NameServer = 12.162.134.3 12.162.134.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Analyze My HiJack......please
« Reply #1 on: May 09, 2005, 05:17:53 PM »
Emma
The only bad one I (Eddy's latest analyzer) find is the following:
Code: [Select]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jspHope that helps ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

emma

  • Guest
Re: Analyze My HiJack......please
« Reply #2 on: May 09, 2005, 06:28:34 PM »
Thanks......I got rid of that one

Maybe
you would go to the site posted above and paste my log into their analyzer and see what you think about their results.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Analyze My HiJack......please
« Reply #3 on: May 09, 2005, 06:58:09 PM »
Why not just let me know what exceptions they found sine you've already done it. ???
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

emma

  • Guest
Re: Analyze My HiJack......please
« Reply #4 on: May 09, 2005, 07:30:25 PM »
Tried to summarize but not sure I understood all

R1  ----------- to be fixed....search bar
RO------------ to be fixed
04-------------Mozilla Quick launch........unknown app
08-------------Aim Search ......considered nasty
017-----------Possibly Nasty......asked about my ISP
020-----------Unknown
023------------Mail scanner.........unnecessary
023----------- Web scanner..........unnecessary
023---------   Newboundary/Servic Prism...unknown


There were only 2 suggested "to be fixed"  and I think one of them was the one you found.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Analyze My HiJack......please
« Reply #5 on: May 09, 2005, 07:38:55 PM »
023------------Mail scanner.........unnecessary
023----------- Web scanner..........unnecessary

Ignore any references to 023 entries for avast, this is a bug in the HJT 1.99.1, this has been mentioned many times in previous threads.
The best things in life are free.

emma

  • Guest
Re: Analyze My HiJack......please
« Reply #6 on: May 09, 2005, 07:40:09 PM »
I definitely wasn't going to touch avast!!!!!!!!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Analyze My HiJack......please
« Reply #7 on: May 09, 2005, 08:39:54 PM »
Emma
017 I did a search and couldn't really find anything
020 igfxsrvc.dll is a library belonging to the Intel(R) Graphics Accelerator Helper - Leave it alone ;D ;D
The aim searchbar is a users choice option. If you like it, keep it if you don't use it, get rid of it.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

emma

  • Guest
Re: Analyze My HiJack......please
« Reply #8 on: May 09, 2005, 09:09:54 PM »
Got rid of Aim
Thanks.
Be back again for my 3 month checkup.  :D

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Analyze My HiJack......please
« Reply #9 on: May 09, 2005, 09:16:19 PM »
Hopefully by then Eddy is back here.... ;D ;D ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Analyze My HiJack......please
« Reply #10 on: May 10, 2005, 12:35:53 AM »
Hopefully by then Eddy is back here.... ;D ;D ;D

Hey Bob,

I am getting worry about Eddy, you still haven't heard from him yet haven't you?.

The last message I recall here somewhere on the Avast Forum he was having problem with his Internet Provider, and still couldn't get back online. I am correct?
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Analyze My HiJack......please
« Reply #11 on: May 10, 2005, 01:43:17 AM »
Since he sent me an e-mail, he obviously has a way of getting online. ;D
I'm sure when he's ready, he'll be back.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

MFB

  • Guest
Re: Analyze My HiJack......please
« Reply #12 on: May 10, 2005, 06:06:21 AM »
Got rid of Aim
Thanks.
Be back again for my 3 month checkup.  :D

Do you guys notice that when you install AIM, you'll get this AOL free trial along with it?  It's annoying.  >:(

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Analyze My HiJack......please
« Reply #13 on: May 10, 2005, 03:34:02 PM »
MFB
It's not annoying, it's AOL. ;D ;D ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline xistenz

  • Poster
  • *
  • Posts: 632
Re: Analyze My HiJack......please
« Reply #14 on: May 10, 2005, 04:31:34 PM »
Guys, Eddy is back. There is no need to worry anymore.

http://forum.avast.com/index.php?topic=13385.0