Nothing serious

Hi! I’d just like you to see my HiJackThis log and tell me something:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:28, on 9.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


End of file - 3531 bytes

Do you see anything unusual? What is it about the things in bold? Thank you! :slight_smile:

This is a minor detection but…U should consider upgrading ur XP2 to XP3^^

Service Pack 3 for XP was already out about a year or so^^

-AnimeLover^^

SP3 has been available for more than a year now.

C:\Program Files\Adobe\Acrobat 7.0 is way down level and has vulnerabilities:

Running P2P file sharing applications is asking for trouble:
C:\Program Files\uTorrent\uTorrent.exe
http://www.securitymanagement.com/article/p2p-dangers-growing
http://www.esecurityguy.com/p2p_file_sharing

Also are you using the windows firewall or none at all?

The windows firewall doesn’t have outbound protection so I would recommend another one

Examples:

PC tools
Online Armor
Outpost firewall

-Scott-

What exactly do you mean that Adobe Acrobat 7.0 is way down level and has vulnerabilities? It’s less bloated than 8.0 or 9.0 I think.

Yes, I am using Windows Firewall.

Can someone please tell me what are those strings in bold about? I don’t even use that messenger.

Thank you! :slight_smile:

use foxit reader instead.
Foxit’s installer is about 3mb compared to adobe reader’s 22mb size.
Low memory consumption.
freeware.
http://www.foxitsoftware.com/pdf/reader/reader-interstitial.html

the excel string to the send to excel option in IE
the msnmgr.exe is that the annoying windows messenger hat has no use at all for me.

I used Foxit Reader some time ago and it was fine, but I missed one thing - I couldn’t open a pdf file unless I first saved it on my disk. Adobe Reader can read it directly from the web.
If Adobe Rader 7.0 in safe for use I’m not going to change it.

Can you tell me more about the Excel string please? I don’t even use IE, I use Firefox.

And what should I do with the Windows Messenger string? I don’t use it too.

Thank you! :slight_smile:

We aren’t concerned with bloat but security - Acrobat 7 has a number of vulnerabilities which can be exploited, that is why security updates, etc. are deployed to close the vulnerabilities.

If your concerned by bloat then use a different pdf reader and foxit is far from bloated, it too needs to be kept up to date. Foxit has an extension where it can open pdf’s on the web, though I never do that as I prefer to download it where it will be scanned first before opening it.

Bellzemos isn’t concerned with security as witness to them stil running XP SP2 but they may have pirated XP and are unable to update and any attempts at security improvement are futile.

Run Secunia Online Software Inspector to see what other applications are vulnerable to infection:
http://secunia.com/vulnerability_scanning/online

That accusation wasn’t nice. I got my original WinXP CD when I bought the PC, but never updated to SP3 because I never had any problems running SP2. I still have no problems, I’m just curious about the bold strings and about what David is telling me on Adobe Reader.

Please do not concern yourself,many people, automatically assume,anyone who does not update to SP3,is running a pirated windows.This is because, installation, requires, validation of windows.
However, all programs, for instance, adobe,7, have security problems. This is why they bring out, security updates, and new versions
You would be very wise to follow Yokenny’s advice, and run Secunia http://forum.avast.com/index.php?topic=46676.msg392441#msg392441

Bellzemos, I see no reason for you not take SP3… ::slight_smile:

Bellzemos,

I can follow your line of thinking there, and therefore I have chosen where I could for other solutions then Adobe, because it still has unpatched vulnerabilities, and you and I know that CyberCrime and Co always go for the obvious exploits and the majority of vulnerable users are running IE6 and IE7 and Adobe and other big software players. Therefore I like to use open software alternatives like Foxit lor VLC Media Player etc. I use Secunia PSI to get all my third party software up to date and patched fully, get it from here: http://secunia.com/PSISetup.exe
So on XP update your browser to IE8 and fully patched, not to use (you can use Firefox with NoScript and ABP for instance) but have it updated fully to protect your Operational System. First upgrade to Service Pack 3 (yes it is far more secure in the light of Conficker and other specific malware). Use for your online activities Windows under normal user rights, because malware can not do what it can do as administrator running with full system rights (this is so for 92% of all known malcode for the Windows platform).
Use one resident av soltution, additionally a non-resident scanner like MBAM and SAS, just one software firewall active. Use in-browser security like blocking malware scripts, and use SafeHex in general and you are ready to go,

Thank you, Polonus. But why should I update IE6 if I only use Firefox?

I am using Avast!, SAS, MBAM, SpywareBlaster, CCleaner and common sense and I have no problems, at least for now. :slight_smile: Maybe I will also install SP3, as you all suggest it…


“Use for your online activities Windows under normal user rights, because malware can not do what it can do as administrator running with full system rights (this is so for 92% of all known malcode for the Windows platform).”

This is interesting! I didn’t know that it is so much more dangerous to be signed in as administrator. I guess I must be signed in as administrator, because when I turn on the PC it comes straignt into Windows, without asking me to sign in at all… What should I do about that?

And why not?
IE is joined with the operational system. I think it’s a risk to keep it not updated.

Hi Bekllzemos,

You should, my friend, you better do this. IE6 is obsolete and it is worse security wise than IE8, also IE7 has holes like good Swiss cheese that IE8 does not have on XP, the new DiretX hole for instance, only users with IE8 are (considerably) safe.
Consider that MS has embedded their browser deep, really deep into the Operational System, Internet Explorer equals explorer.exe in various respects, so if malcode comes riding into the browser (and yes there are cross browser exploits where you only use Firefox and can get an infection from a vulnerable broken IE browser, it comes riding full force into your OS, especially as you use full admin rights!
So that is why - do not click Blue E = IE, but keep it fully updated and patched. Windows 7 will come without a browser in Eurolandia (or as Microsoft better likes it the OEM vendor may choose the browser, and probably will come up with IE again). I give this advice as a lot of us do here, because there is a ground for it.
Trust no one, trust no code in your browser until checked, and stay secure,

pozdravi,

polonus

That is the No. 1 reason!

Windows Explorer uses IE to display information.

By the way, running with a Limited User Account login gets really tiring when you need to switch to Administrator just to do something.
I don’t run Fast User Switching as it is a resource waster just for one user:
http://forums.techarena.in/tips-tweaks/1023017.htm

OK, thank you all for info, I will upgrade IE to the latest version and probably install the SP3 too. Thanx again! Pozdrav! :slight_smile:


Edit:

I almost forgot! So, should I fix the strings in bold (posted in the log on the first page of this topic) with Hijackthis? Or should I leave them as they are?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <== waste of system resources
http://www.bleepingcomputer.com/startups/Osa.exe-2924.html

O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 <== this is needed

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <= Part of Windows Messenger
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <= Part of Windows Messenger
http://www.bleepingcomputer.com/startups/msmsgs.exe-3386.html

But “msmsgs.exe” isn’t running when I check the running processes in the Task Manager. Can it be hidden? Thank you.