Author Topic: Can someone please check my HijackThis log file  (Read 10250 times)

0 Members and 1 Guest are viewing this topic.

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3223
  • Avast shall conquer the whole world
Can someone please check my HijackThis log file
« on: April 24, 2004, 01:42:13 PM »
Hi all,

I don't know anything about HijackThis v1.97.7, I have seen people on this Avast forum who it a lot and understand about the HijackThis log file.

Could you please check it if I am okay and safe, I alway do a Windows update from MS.

The list of software I have to protected my PC are

1. Avast 4 Home
2. ZoneAlarm Pro v4.5.594.000
3. SpywareGuard v2.2
4. SpywareBlaster v3.1
5. MRU-Blaster v1.5
6. Spybot - Search & Destroy v1.2
7. Ad-aware Pro v6.181
8. Spy Sweeper v2.6.1
9. PopupCop v2.0.3.20 (This is the best software you won't be sorry)

Logfile of HijackThis v1.97.7
Scan saved at 9:26:28 PM, on 4/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
D:\Downloads\HijackThis v1.97.7\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/homepage.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - D:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O15 - Trusted Zone: *.callofduty.com
O15 - Trusted Zone: *.cdrsoft.cc
O15 - Trusted Zone: *.seek.com.au
O15 - Trusted Zone: *.macromedia.com
O15 - Trusted Zone: *.law9.hotmail.msn.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38010.7643634259
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thank you for your time and your support.

« Last Edit: April 25, 2004, 06:46:33 AM by SpeedyPC »
ASUS G75VX-T4153H - Avast Premier v19.4.2374 - W8.1 64bit - Avast SecureLine VPN - Avast Secure Browser - Firefox 64bit - Thunderbird - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

S.Z.Craftec

  • Guest
Re:Can someone please check my HijackThis log file
« Reply #1 on: April 24, 2004, 02:45:09 PM »
I just can tell you that you don't have to worry, nothing malicious in your log file... you have some keys that repeats itself, though (like Googlebar), but nothing to be worried about.

Also, you don't have to be that paranoid regarding spyware. It's enough if you have one or two, but GOOD one or two programs that protects you from adware and spyware. Localy (manualy) you can work with Ad-Aware and Spybot-Search and destroy... it's good to use them both, because one is unable to find some things that another is able to recognize. Spywareblaster is very usefull thing that you start once and you don't have to worry about manualy controling that program. It will do everything for you automaticaly...

Best description you can get from our forum guru TECHNICAL. He may be of very big help to you regarding this issue. I just wrote something that I'm sure regarding your log file...

Cheers !

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67278
Re:Can someone please check my HijackThis log file
« Reply #2 on: April 24, 2004, 04:18:27 PM »
Best description you can get from our forum guru TECHNICAL. He may be of very big help to you regarding this issue. I just wrote something that I'm sure regarding your log file...
Cheers !

Thanks for the guru but I think this can be handled better by whocares and/or raman. I'm not that good with virus removal.

For me, it's simple, running SpyBot, Ad-aware and avast to know more about the infections...
The best things in life are free.

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3223
  • Avast shall conquer the whole world
Re:Can someone please check my HijackThis log file
« Reply #3 on: April 25, 2004, 06:39:58 AM »
I just can tell you that you don't have to worry, nothing malicious in your log file... you have some keys that repeats itself, though (like Googlebar), but nothing to be worried about.

Also, you don't have to be that paranoid regarding spyware. It's enough if you have one or two, but GOOD one or two programs that protects you from adware and spyware. Localy (manualy) you can work with Ad-Aware and Spybot-Search and destroy... it's good to use them both, because one is unable to find some things that another is able to recognize. Spywareblaster is very usefull thing that you start once and you don't have to worry about manualy controling that program. It will do everything for you automaticaly...

Best description you can get from our forum guru TECHNICAL. He may be of very big help to you regarding this issue. I just wrote something that I'm sure regarding your log file...

Cheers !

S.Z.Craftec,

Thank you for your support, I am not very worry I just don't understand about HijackThis that all.

It nice to know someone here on the Avast forum who can read and understand the HijackThis log, I know how to protected my PC very well and I have no problems so far.

Oh! I forgot to add 2 more on my list see above 8 and 9.

Technical you just do your best what you think is right, and it great to have more experience people here on the Avast forum to work together and help each other problems about Spyware, Trojans and Virus.

« Last Edit: April 25, 2004, 06:44:43 AM by SpeedyPC »
ASUS G75VX-T4153H - Avast Premier v19.4.2374 - W8.1 64bit - Avast SecureLine VPN - Avast Secure Browser - Firefox 64bit - Thunderbird - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

CoJo

  • Guest
Re:Can someone please check my HijackThis log file
« Reply #4 on: April 26, 2004, 01:17:01 AM »
Hi SpeedyPC
the following link did much to help me understand my own hijack log...

http://computercops.biz/HijackThis.html
also, www.merijin.org has a grand over view and detailed explanations.

peace,

cojo

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5045
Re:Can someone please check my HijackThis log file
« Reply #5 on: April 26, 2004, 02:38:26 AM »
Quote
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Now im NO EXPERT at hijack this; however, I do not like there entries.
Raman, will you please tell me if they are good or bad.
"People who are really serious about software should make their own hardware." - Alan Kay

CoJo

  • Guest
Re:Can someone please check my HijackThis log file
« Reply #6 on: April 26, 2004, 04:14:22 AM »
Quote
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Now im NO EXPERT at hijack this; however, I do not like there entries.
Raman, will you please tell me if they are good or bad.

Mac, of course I am no expert like Raman...but this is what I found about these two entries.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

NvCpl
or
NvCplDaemon U rundll32.exe NvCpl.dll, NvStartup Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
NvCplDaemon N rundll32.exe NvQtwk.dll, NvCplDaemon System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here

NvInitialize N rundll32.exe NvQtwk.dll, NvXTInit Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled

nwiz N nwiz.exe Associated with the newer versions of nVidia graphics cards drivers.  Allows you to immensely improve desktop layouts by setting preferences and optimizations.  However, this isn't necessary for the operation of your system

the status for both is "not required-typically infrequently used tasks that can be started manually if necessary."

http://www.sysinfo.org/startuplist.php?type=&filter=&count=100&offset=2500

HTH,

cojo
had to check 'cause I have the same things :)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67278
Re:Can someone please check my HijackThis log file
« Reply #7 on: April 26, 2004, 04:19:22 AM »
Cojo, I'm impressed how far my little girl went  ;)
I'll make my HijackThis log file and learn from yours... Thanks.
The best things in life are free.

CoJo

  • Guest
Re:Can someone please check my HijackThis log file
« Reply #8 on: April 26, 2004, 04:28:55 AM »
Cojo, I'm impressed how far my little girl went  ;)
I'll make my HijackThis log file and learn from yours... Thanks.

thank you, Technical...but I have the best teachers--and you are one of the very best :)

cojo

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3223
  • Avast shall conquer the whole world
Re:Can someone please check my HijackThis log file
« Reply #9 on: April 26, 2004, 05:16:18 AM »
Hi SpeedyPC
the following link did much to help me understand my own hijack log...

http://computercops.biz/HijackThis.html
also, www.merijin.org has a grand over view and detailed explanations.

peace,

cojo

Thanks Cojo,

It going to get harder to understand this new homework, if I can get a bit of help to learn and understand the language
ASUS G75VX-T4153H - Avast Premier v19.4.2374 - W8.1 64bit - Avast SecureLine VPN - Avast Secure Browser - Firefox 64bit - Thunderbird - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Can someone please check my HijackThis log file
« Reply #10 on: April 26, 2004, 05:57:33 AM »
If you want to learn/understand what a hijackthis log tells you about your computer, you can use this two sites:

An article from the Hijackthis maker
http://www.spywareinfo.com/~merijn/htlogtutorial.html

and infos on entries shown by Hijackthis:
www.sysinfo.org


MfG Ralf

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3223
  • Avast shall conquer the whole world
Re:Can someone please check my HijackThis log file
« Reply #11 on: April 26, 2004, 07:21:21 AM »
If you want to learn/understand what a hijackthis log tells you about your computer, you can use this two sites:

An article from the Hijackthis maker
http://www.spywareinfo.com/~merijn/htlogtutorial.html

and infos on entries shown by Hijackthis:
www.sysinfo.org


Raman,

Thanks for your support too and I will do my very best to learn. I hope!
ASUS G75VX-T4153H - Avast Premier v19.4.2374 - W8.1 64bit - Avast SecureLine VPN - Avast Secure Browser - Firefox 64bit - Thunderbird - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5045
Re:Can someone please check my HijackThis log file
« Reply #12 on: April 26, 2004, 01:18:38 PM »
thank you cojo, I do not have an NVIDIA card so i dont have those thats why they worried me.
In my self proclaimed "super computer" I have a ATI radeon 9800 PRO graphocs card
"People who are really serious about software should make their own hardware." - Alan Kay

CoJo

  • Guest
Re:Can someone please check my HijackThis log file
« Reply #13 on: April 26, 2004, 03:15:13 PM »
Hi SpeedyPC
the following link did much to help me understand my own hijack log...

http://computercops.biz/HijackThis.html
also, www.merijin.org has a grand over view and detailed explanations.

peace,

cojo

Thanks Cojo,

It going to get harder to understand this new homework, if I can get a bit of help to learn and understand the language

SpeedyPC, you are welcome!
you can ask anything here in the forums and many people will be here to help youand I say that from personal experience ;D much help has been given to me!
it's what we do best ...ask, learn,  teach, be taught

peace,

cojo

CoJo

  • Guest
Re:Can someone please check my HijackThis log file
« Reply #14 on: April 26, 2004, 03:18:29 PM »
thank you cojo, I do not have an NVIDIA card so i dont have those thats why they worried me.
In my self proclaimed "super computer" I have a ATI radeon 9800 PRO graphocs card

Mac, I had to check 'cause I do have the same things so I thought I'd better find out ;D (my paranoia, you know!)

peace,
cojo