Can someone please check my HijackThis log file

Hi all,

I don’t know anything about HijackThis v1.97.7, I have seen people on this Avast forum who it a lot and understand about the HijackThis log file.

Could you please check it if I am okay and safe, I alway do a Windows update from MS.

The list of software I have to protected my PC are

  1. Avast 4 Home
  2. ZoneAlarm Pro v4.5.594.000
  3. SpywareGuard v2.2
  4. SpywareBlaster v3.1
  5. MRU-Blaster v1.5
  6. Spybot - Search & Destroy v1.2
  7. Ad-aware Pro v6.181
  8. Spy Sweeper v2.6.1
  9. PopupCop v2.0.3.20 (This is the best software you won’t be sorry)

Logfile of HijackThis v1.97.7
Scan saved at 9:26:28 PM, on 4/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
D:\Downloads\HijackThis v1.97.7\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/homepage.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - D:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [CloneCDTray] “D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM..\Run: [RoxioEngineUtility] “C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe”
O4 - HKLM..\Run: [RoxioDragToDisc] “C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe”
O4 - HKLM..\Run: [RoxioAudioCentral] “C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe”
O4 - HKLM..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ieSpell (HKLM)
O9 - Extra ‘Tools’ menuitem: ieSpell (HKLM)
O9 - Extra ‘Tools’ menuitem: ieSpell Options (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra ‘Tools’ menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra ‘Tools’ menuitem: &FlashGet (HKLM)
O15 - Trusted Zone: *.callofduty.com
O15 - Trusted Zone: *.cdrsoft.cc
O15 - Trusted Zone: *.seek.com.au
O15 - Trusted Zone: *.macromedia.com
O15 - Trusted Zone: *.law9.hotmail.msn.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38010.7643634259
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thank you for your time and your support.

I just can tell you that you don’t have to worry, nothing malicious in your log file… you have some keys that repeats itself, though (like Googlebar), but nothing to be worried about.

Also, you don’t have to be that paranoid regarding spyware. It’s enough if you have one or two, but GOOD one or two programs that protects you from adware and spyware. Localy (manualy) you can work with Ad-Aware and Spybot-Search and destroy… it’s good to use them both, because one is unable to find some things that another is able to recognize. Spywareblaster is very usefull thing that you start once and you don’t have to worry about manualy controling that program. It will do everything for you automaticaly…

Best description you can get from our forum guru TECHNICAL. He may be of very big help to you regarding this issue. I just wrote something that I’m sure regarding your log file…

Cheers !

Thanks for the guru but I think this can be handled better by whocares and/or raman. I’m not that good with virus removal.

For me, it’s simple, running SpyBot, Ad-aware and avast to know more about the infections…

S.Z.Craftec,

Thank you for your support, I am not very worry I just don’t understand about HijackThis that all.

It nice to know someone here on the Avast forum who can read and understand the HijackThis log, I know how to protected my PC very well and I have no problems so far.

Oh! I forgot to add 2 more on my list see above 8 and 9.

Technical you just do your best what you think is right, and it great to have more experience people here on the Avast forum to work together and help each other problems about Spyware, Trojans and Virus.

Hi SpeedyPC
the following link did much to help me understand my own hijack log…

http://computercops.biz/HijackThis.html
also, www.merijin.org has a grand over view and detailed explanations.

peace,

cojo

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Now im NO EXPERT at hijack this; however, I do not like there entries. Raman, will you please tell me if they are good or bad.

Mac, of course I am no expert like Raman…but this is what I found about these two entries.

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..\Run: [nwiz] nwiz.exe /install

NvCpl
or
NvCplDaemon U rundll32.exe NvCpl.dll, NvStartup Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
NvCplDaemon N rundll32.exe NvQtwk.dll, NvCplDaemon System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the “NVIDIA Driver Helper Service” if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here

NvInitialize N rundll32.exe NvQtwk.dll, NvXTInit Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled

nwiz N nwiz.exe Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn’t necessary for the operation of your system

the status for both is “not required-typically infrequently used tasks that can be started manually if necessary.”

http://www.sysinfo.org/startuplist.php?type=&filter=&count=100&offset=2500

HTH,

cojo
had to check 'cause I have the same things :slight_smile:

Cojo, I’m impressed how far my little girl went :wink:
I’ll make my HijackThis log file and learn from yours… Thanks.

thank you, Technical…but I have the best teachers–and you are one of the very best :slight_smile:

cojo

Thanks Cojo,

It going to get harder to understand this new homework, if I can get a bit of help to learn and understand the language

If you want to learn/understand what a hijackthis log tells you about your computer, you can use this two sites:

An article from the Hijackthis maker
http://www.spywareinfo.com/~merijn/htlogtutorial.html

and infos on entries shown by Hijackthis:
www.sysinfo.org

Raman,

Thanks for your support too and I will do my very best to learn. I hope!

thank you cojo, I do not have an NVIDIA card so i dont have those thats why they worried me.
In my self proclaimed “super computer” I have a ATI radeon 9800 PRO graphocs card

SpeedyPC, you are welcome!
you can ask anything here in the forums and many people will be here to help youand I say that from personal experience ;D much help has been given to me!
it’s what we do best …ask, learn, teach, be taught

peace,

cojo

Mac, I had to check 'cause I do have the same things so I thought I’d better find out ;D (my paranoia, you know!)

peace,
cojo

Same with me… but I do have NVIDIA network card inside my baby… check all your components and then, maybe it’s something else by NVIDIA, not graphic card…

Cheers !

I have an nVidia video card. CoJo gave a very good explaination of those entries! :smiley:

WTG, CoJo! ;D

why, thank you!! :slight_smile:
sigh, of course it was just finding the right site and explanations that I could understand ;D
but I do appreciate it!

cojo

Cojo,

In reading the forums, there are posts about updating Windows...what if the updates are for things I don't use? One that is available has something to do with wireless stuff and I don't use anything like that...

I think it won’t harm your system. I installed all available updates. Maybe the update engine is ‘detecting’ some hidden hardware that could allow wireless connection even that you really do not use it right now.

The other question is...there is one critical update for the nvidia drivers and, frankly, I am afraid to download it. Before my reformat, that was the last update I had installed and my system was really acting strange afterwards. It was what finally made me decide on reformatting. What is your advice, Technical?

For me, NVIDIA drivers never bring trouble. But you can take 2 ways:

  1. Buying the excellent program called Norton GoBack from Symantec. It’s perfect to revert all your disks to a prior condition (an earlier stable state). Then you can install the drivers (or anything you want in the future) and if something goes wrong you will be able to come back 15 minutes, 20 minutes… days ago when the system were ok.

  2. Cheaper one: use programs to backup your drivers (like Driver Manager 1.0 or WinDriversBackup 1.0). Install the update of NVIDIA and, if something goes wrong, revert your drive (in Windows XP there is a feature to roll back drivers installation). It’s not the most secure way to go.

Also, nVidia makes chipsets for motherboards. So, make sure that your MB doesn’t have those before you go deleting something that maybe you shouldn’t. :slight_smile: