|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
April 15th, 2004, 09:25 AM
|
|||
|
|||
Seeking review of HiJack Log Please
Am a newbie and would value your review of my Hijack log. I haven't seen any problems and merely want the log reviewed with anything that should NOT be in it pointed out to me and whether in such case/s it would be Ok to delete the item/s. I am also including copy of my Virus protection information in case it may be of use. Thanks in advance.
 Logfile of HijackThis v1.96.0 Scan saved at 1:06:59 AM, on 4/16/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\System32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ffpsrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\ISS\BlackICE\rapapp.exe E:\CD Slides\ProShowGold\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\StartupMonitor.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Ensuredmail\emOFServer.exe C:\PROGRA~1\Ensuredmail\Ensuredmail.exe F:\WinPatrol\WinPatrol.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\ISS\BlackICE\blackice.exe E:\WordWeb\wweb32.exe C:\Program Files\ISS\BlackICE\blackd.exe F:\HiJack\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O1 - Hosts: 203.161.127.141 www.dcsresearch.com O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Graphics\SnagIt 7\SnagItBHO.dll O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll O2 - BHO: emIEEngine Utility - {45C768F0-9B73-4AA7-8817-D3B063F4335F} - C:\Program Files\Ensuredmail\emIEEngine.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Graphics\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CloneCDTray] "F:\CloneCD 4.3.2.2\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Ensuredmail] C:\PROGRA~1\Ensuredmail\emOFServer.exe O4 - HKLM\..\Run: [Ensuredmail1] C:\PROGRA~1\Ensuredmail\Ensuredmail.exe O4 - HKLM\..\Run: [WinPatrol PLUS] F:\WinPatrol\WinPatrol.exe O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe O4 - Global Startup: WordWeb.lnk = E:\WordWeb\wweb32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &NeoTrace It! - F:\NEOTRA~1.25\NTXcontext.htm O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Count &Keywords - E:\IE Count Keywords\ieck.html O8 - Extra context menu item: E&nsuredmail(tm) - C:\PROGRA~1\Ensuredmail\ensuredmail.html O8 - Extra context menu item: FlashToolset - res://E:\Flash\FlashToolset Pro 2.0\Swafer.dll/300 O8 - Extra context menu item: Get File Size - res://C:\Program Files\UnH Solutions\GFS\GetFileSize.exe/130 O8 - Extra context menu item: Sothink SWF Catcher - E:\Graphics\Sothink SWF Quicker\InternetExplorer.htm O9 - Extra button: Protect Your Email (HKLM) O9 - Extra 'Tools' menuitem: Protect Your Email with Ensuredmail (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM) O9 - Extra button: SafeInput (HKLM) O9 - Extra 'Tools' menuitem: Bookmark Manager Pro (HKLM) O9 - Extra button: PowerWord (HKLM) O9 - Extra button: Bmp (HKLM) O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKLM) O9 - Extra button: SWF Catcher (HKLM) O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: SmartWhois (HKLM) O9 - Extra 'Tools' menuitem: SmartWhois (HKLM) O9 - Extra button: FlashToolset (HKCU) O9 - Extra 'Tools' menuitem: FlashToolset (HKCU) O9 - Extra button: NeoTrace It! (HKCU) O10 - Broken Internet access because of LSP provider 'imon.dll' missing O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.9796759259 O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{9CF0718D-8B9C-415B-9045-550E2333A59B}: NameServer = 202.27.184.3 202.27.184.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{9CF0718D-8B9C-415B-9045-550E2333A59B}: NameServer = 202.27.184.3 202.27.184.5 =========================================== NOD32 Antivirus System information Virus signature database version: 1.718 (20040414) Dated: Wednesday, April 14, 2004 Virus signature database build: 4444 Information on other scanner support parts Advanced heuristics module version: 1.007 (20040309) Advanced heuristics module build: 1053 Internet filter version: 1.001 (20031104) Internet filter build: 1012 Archive support module version: 1.014 (2004040  Archive support module build version: 1088 Information on installed components NOD32 For Windows NT/2000/XP/2003 - Base Version: 2.000.9 NOD32 For Windows NT/2000/XP/2003 - Internet support Version: 2.000.8 NOD32 for Windows NT/2000/XP/2003 - Standard component Version: 2.000.9 Operating system information Platform: Windows XP Version: 5.1.2600 Service Pack 1 Version of common control components: 5.82.2800 RAM: 512 MB Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz (2405 MHz) |
|
#2
April 15th, 2004, 09:41 AM
|
||||
|
||||
Re: Seeking review of HiJack Log Please
Hi otak,
You are using a old version of HijackThis (v1.96.0) You can find a newer one here Replace the old one and you are done. Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked: O1 - Hosts: 203.161.127.141 www.dcsresearch.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB Then reboot. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#3
April 15th, 2004, 10:25 AM
|
|||
|
|||
|
Re: Seeking review of HiJack Log Please
Quote:
WOW! That was REAL fast assistance - thankyou so much I did as you suggested and now my HiJack log shows the following and I am curious about the O10 item - have I lost a file or something? I connected okay with no problems so do not understand. THANKS again Pieter - this was just brilliant! - Otak. Logfile of HijackThis v1.97.7 Scan saved at 2:15:52 AM, on 4/16/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\System32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ISS\BlackICE\blackd.exe C:\WINDOWS\System32\ffpsrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\ISS\BlackICE\rapapp.exe E:\CD Slides\ProShowGold\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\StartupMonitor.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Ensuredmail\emOFServer.exe C:\PROGRA~1\Ensuredmail\Ensuredmail.exe F:\WinPatrol\WinPatrol.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\ISS\BlackICE\blackice.exe E:\WordWeb\wweb32.exe F:\HiJack\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Graphics\SnagIt 7\SnagItBHO.dll O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll O2 - BHO: emIEEngine Utility - {45C768F0-9B73-4AA7-8817-D3B063F4335F} - C:\Program Files\Ensuredmail\emIEEngine.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Graphics\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CloneCDTray] "F:\CloneCD 4.3.2.2\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Ensuredmail] C:\PROGRA~1\Ensuredmail\emOFServer.exe O4 - HKLM\..\Run: [Ensuredmail1] C:\PROGRA~1\Ensuredmail\Ensuredmail.exe O4 - HKLM\..\Run: [WinPatrol PLUS] F:\WinPatrol\WinPatrol.exe O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe O4 - Global Startup: WordWeb.lnk = E:\WordWeb\wweb32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &NeoTrace It! - F:\NEOTRA~1.25\NTXcontext.htm O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Count &Keywords - E:\IE Count Keywords\ieck.html O8 - Extra context menu item: E&nsuredmail(tm) - C:\PROGRA~1\Ensuredmail\ensuredmail.html O8 - Extra context menu item: FlashToolset - res://E:\Flash\FlashToolset Pro 2.0\Swafer.dll/300 O8 - Extra context menu item: Get File Size - res://C:\Program Files\UnH Solutions\GFS\GetFileSize.exe/130 O8 - Extra context menu item: Sothink SWF Catcher - E:\Graphics\Sothink SWF Quicker\InternetExplorer.htm O9 - Extra button: Protect Your Email (HKLM) O9 - Extra 'Tools' menuitem: Protect Your Email with Ensuredmail (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM) O9 - Extra button: SafeInput (HKLM) O9 - Extra 'Tools' menuitem: Bookmark Manager Pro (HKLM) O9 - Extra button: PowerWord (HKLM) O9 - Extra button: Bmp (HKLM) O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKLM) O9 - Extra button: SWF Catcher (HKLM) O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: SmartWhois (HKLM) O9 - Extra 'Tools' menuitem: SmartWhois (HKLM) O9 - Extra button: FlashToolset (HKCU) O9 - Extra 'Tools' menuitem: FlashToolset (HKCU) O9 - Extra button: NeoTrace It! (HKCU) O10 - Broken Internet access because of LSP provider 'imon.dll' missing O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.9796759259 O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CF0718D-8B9C-415B-9045-550E2333A59B}: NameServer = 202.27.184.3 202.27.184.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{9CF0718D-8B9C-415B-9045-550E2333A59B}: NameServer = 202.27.184.3 202.27.184.5 |
|
#4
April 15th, 2004, 10:52 AM
|
||||
|
||||
|
Re: Seeking review of HiJack Log Please
Hi otak,
The O10 is a known misunderstanding between HijackThis and NOD32 The file is there (you can check that), but HijackThis can't find it. You log looks good. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
