MWassef
December 27, 2003, 8:18pm
1
I scanned my system with it but cannot figure out which to fix:
Logfile of HijackThis v1.97.6
Scan saved at 10:13:22 pm, on 26/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WIN98SE\SYSTEM\KERNEL32.DLL
C:\WIN98SE\SYSTEM\MSGSRV32.EXE
C:\WIN98SE\SYSTEM\MPREXE.EXE
C:\WIN98SE\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98SE\EXPLORER.EXE
C:\WIN98SE\SYSTEM\INTERNAT.EXE
C:\WIN98SE\SYSTEM\SYSTRAY.EXE
C:\WIN98SE\SM56HLPR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WIN98SE\SYSTEM\DDHELP.EXE
C:\WIN98SE\SYSTEM\RPCSS.EXE
C:\WIN98SE\SYSTEM\WMIEXE.EXE
C:\WIN98SE\SYSTEM\RNAAPP.EXE
C:\WIN98SE\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcqanda.com/dc/dcboard.php?az=show_topics&forum=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {7D8A2042-8904-43FF-A919-582CB9BA9C7F} - (no file)
O2 - BHO: (no name) - {6E34D984-4054-45E3-8452-0159A2F0D232} - (no file)
O2 - BHO: (no name) - {B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\PROGRAM FILES\UNH SOLUTIONS\IE PRIVACY KEEPER\IEPKBHO.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WIN98SE\DOWNLO~1\CONFLICT.2\ALTAVI~1.DLL
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98SE\SYSTEM\MSDXM.OCX
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WIN98SE\DOWNLO~1\CONFLICT.2\ALTAVI~1.DLL
O4 - HKLM..\Run: [internat.exe] internat.exe
O4 - HKLM..\Run: [SystemTray] systray.exe
O4 - HKLM..\Run: [ScanRegistry] C:\WIN98SE\scanregw.exe /autorun
O4 - HKLM..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM..\RunServices: [PersFw] “C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE”
O4 - HKLM..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Translate - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation.htm
O8 - Extra context menu item: Download by Net Transport - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTAddLink.html
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTAddList.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Show/Hide Tarjim Toolbar (HKLM)
O9 - Extra ‘Tools’ menuitem: Tarjim.com (HKLM)
O9 - Extra button: Look for Spybot-S&&D updates (HKLM)
O9 - Extra ‘Tools’ menuitem: Look for Spybot-S&&D updates (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra ‘Tools’ menuitem: ieSpell (HKLM)
O9 - Extra ‘Tools’ menuitem: ieSpell Options (HKLM)
O9 - Extra ‘Tools’ menuitem: Sun Java Console (HKLM)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pcphone/wbaxuiph311.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37937.3766435185
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altavista.com/app/toolbar/cfg/altavista.cab?r=ENIOBQ
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
thanx in advance…
raman
December 27, 2003, 8:33pm
2
What makes you thing it is necessary to fix something? Looks quite nice. You can clean this if you want:
O2 - BHO: (no name) - {7D8A2042-8904-43FF-A919-582CB9BA9C7F} - (no file)
O2 - BHO: (no name) - {6E34D984-4054-45E3-8452-0159A2F0D232} - (no file)
O2 - BHO: (no name) - {B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} - (no file)
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
MWassef
December 27, 2003, 8:55pm
3
I thought the same but wanted to be sure
many thanx Raman ;D (a k cookie from me )
system
January 4, 2004, 8:33pm
4
Raman,
I’m of the same mind as Mina… not sure if there is anything I need to do with this. Could you tell me please.
Thanks, Walker.
Logfile of HijackThis v1.97.5
Scan saved at 21:28:54, on 04/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Alwil Software\Avast4\aswUpdSv.exe
d:\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
d:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\RunDll32.exe
D:\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\DitExp.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
D:\Alwil Software\Avast4\ashDisp.exe
D:\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Moony\moony.exe
D:\Belkin Bulldog Plus\MUPS.exe
D:\SpywareGuard\sgmain.exe
D:\United Devices\UD.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\RVS\WCOM\SYSTEM\ccui.exe
D:\SpywareGuard\sgbhp.exe
D:\RVS\WCOM\SYSTEM\ADBSERV.EXE
D:\RVS\WCOM\SYSTEM\CCSRV.EXE
D:\RVS\WCOM\SYSTEM\RVSRmd.exe
D:\United Devices\ud_1396140.exe
D:\United Devices\ud_1396140_0.dir\ud_ligfit_Release.exe
C:\Documents and Settings\Ken\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - d:\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [Dit] Dit.exe
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [PCMService] “C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe”
O4 - HKLM..\Run: [CHotkey] mHotkey.exe
O4 - HKLM..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM..\Run: [avast!] d:\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] D:\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM..\Run: [SmcService] D:\Sygate\SPF\smc.exe -startgui
O4 - HKLM..\Run: [Omnipage] D:\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\RunOnce: [CommCenter] “D:\RVS\WCOM\SYSTEM\ccui.exe”
O4 - Startup: SpywareGuard.lnk = D:\SpywareGuard\sgmain.exe
O4 - Startup: UD Agent.lnk = D:\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Moony.LNK = D:\Moony\moony.exe
O4 - Global Startup: MUPS.lnk = D:\Belkin Bulldog Plus\MUPS.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37900.3739814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip..{7699411A-35B9-4657-A984-47A63EA89FA2}: NameServer = 195.235.113.3 195.235.96.90
raman
January 4, 2004, 8:58pm
5
Looks nice, if you want you can fix these useless/ not necessary Entries:
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
You use a UPS? Cool!
system
January 4, 2004, 9:13pm
6
Thanks Raman, much appreciated.
I’ve often noticed your advice’s on the hjt log and always been impressed. Think it would be nice to have your own forum (or at least one thread) for all these.
Well I can have all the A-V and PFW, but I could be stuffed if the power goes at the wrong time ;). Belt, braces and a piece of string
Thanks again… a well deserved Krma to you (if it hasn’t been abolished yet 8) ).
Walker
raman
January 5, 2004, 7:21am
7
NO! Definitly not!! If you want, than you can do it!
I certainly do not want to!