| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 58502 | 2005-06-02 18:20:00 | Need help removing worm/trojan | chatioc99 (8258) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 360665 | 2005-06-02 19:38:00 | Pretty ugly for just having been reformetted at 11:30 this morning,HUH? | chatioc99 (8258) | ||
| 360666 | 2005-06-02 20:10:00 | Did ya'll give up on me or am I just totally through dealing?? | chatioc99 (8258) | ||
| 360667 | 2005-06-02 20:29:00 | is anyone still with me or did ya'll abondon me?? | chatioc99 (8258) | ||
| 360668 | 2005-06-02 20:45:00 | breakfast time here and etc........... | drcspy (146) | ||
| 360669 | 2005-06-02 20:47:00 | Go to this site and copy and paste in your logfile http://www.hijackthis.de/ It will give you some idea of what to remove until someone here can manually check your logfile. |
Safari (3993) | ||
| 360670 | 2005-06-02 21:20:00 | HijackThis log file analysis HijackThis is a program used by experienced users in order to detect browser hijackers. It allows you to identify any sort of spyware and malware (as well as some trojan horses and worms). This is achieved by scanning special zones of the registry as well as the hard disk drive, the results being listed in a structured window. Another feature of HijackThis is the creation of a log file, which can be saved as a simple text file and opened by any text editor (notepad as default). Until now, inexperienced users, who could not analyze the log file by themselves, had no other choice than posting it in a specialized forum and to hope that a more experienced user takes some time to analyze it. The script presented on this page is a way to analyze your log without help from the outside: simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed. It can be downloaded here: Because of a few misunderstandings I advert, that I only develop this online analysis and not the tool HijackThis. To the authors homepage | Direct download | [mirror] Languages: Deutsch - French - English - Italian - Czech If you have a question concerning the analysis, you can post it in one of these forums: HijackThis.de Supportforum Deutsch | English HijackThis.de Chat chat.hijackthis.de (irc.quakenet.org #hijackthis) Forospyware.com (Spanish) www.forospyware.com Tip: Copy the link at the bottom of the page (save analysis) and paste it in your post You can paste a logfile in this textbox or you can choose a logfile from your computer Entry Kind (Safe, Nasty, Unknown) Description Tip Help us to keep this free service online! Please give us a small donation via PayPal. No active firewall was found on your system or the firewall you use is unknown to us. If you don´t use a firewall you should download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum www.hijackthis.de/forum Entry Kind (Safe, Nasty, Unknown) Description Tip C:\WINDOWS\System32\smss.exe Safe. running process. (smss.exe) Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen. C:\WINDOWS\system32\csrss.exe Safe. running process. (csrss.exe) Systemprozess - Client Server Runtime C:\WINDOWS\system32\winlogon.exe Safe. running process. (winlogon.exe) Systemprozess - Windows Login Routine C:\WINDOWS\system32\services.exe Safe. running process. (services.exe) Systemprozess - Verwaltet die Systemdienste. C:\WINDOWS\system32\lsass.exe Safe. running process. (lsass.exe) Systemprozess C:\WINDOWS\system32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\system32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\System32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\Program Files\Ahead\InCD\InCDsrv.exe Safe. running process. (InCDsrv.exe) C:\WINDOWS\System32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\System32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe Safe. running process. (AOLAcsd.exe) Part of AOL C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe Safe. running process. (aoltsmon.exe) AOL Topspeed C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\I Safe. exe Safe. running process. (I Safe. exe) Bestandteil von eTrus Antivirus Possibly nasty! According to our database this process runs normally in c:\windows\system32\zonelabs! Check if you know this process and arrange a viruscheck where required. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\msco rsvw.exe Unknown running process. (mscorsvw.exe) This is a unknown process. C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe Safe. running process. (aoltpspd.exe) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe Safe. running process. (mdm.exe) Machine Debug Manager. Used by developers. C:\WINDOWS\System32\svchost.exe Safe. running process. (svchost.exe) Systemprozess - Allgemeiner Hostprozessname für Dienste. C:\WINDOWS\system32\wdfmgr.exe Safe. running process. (wdfmgr.exe) C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe Safe. running process. (VetMsg.exe) Bestandteil von eTrus Antivirus C:\WINDOWS\Explorer.EXE Safe. running process. (Explorer.EXE) Systemprozess für Desktop und Taskleiste. C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Safe. running process. (PDVDServ.exe) Possibly nasty! According to our database this process runs normally in c:\programme\cyberlink dvd solution\powerdvd\! Check if you know this process and arrange a viruscheck where required. C:\Program Files\Ahead\InCD\InCD.exe Safe. running process. (InCD.exe) C:\Program Files\eMachines Bay Reader\shwiconem.exe Unknown running process. (shwiconem.exe) This is a unknown process. C:\Program Files\Common Files\AOL\ACS\AOLDial.exe Safe. running process. (AOLDial.exe) Part of AOL C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe Unknown running process. (AOLSPScheduler.exe) This is a unknown process. C:\Program Files\QuickTime\qttask.exe Safe. running process. (qttask.exe) Part of QuickTime C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe Safe. running process. (CAVTray.exe) eTrust EZ Antivirus Possibly nasty! According to our database this process runs normally in c:\etrust ez antivirus\! Check if you know this process and arrange a viruscheck where required. C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe Safe. running process. (CAVRID.exe) eTrust EZ Antivirus Possibly nasty! According to our database this process runs normally in c:\etrust ez antivirus\! Check if you know this process and arrange a viruscheck where required. C:\Program Files\Common Files\Logitech\PDDriver\LVCOMS.EXE Safe. running process. (LVCOMS.EXE) C:\Program Files\Messenger\msmsgs.exe Safe. running process. (msmsgs.exe) MSN Messenger C:\PROGRA~1\COMMON~1\AOL\111769~1\EE\AOLHOS~1.EXE Unknown running process. (AOLHOS~1.EXE) This is a unknown process. C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe Safe. running process. (mssysmgr.exe) Simple Star PhotoShow_Deluxe photo editing and organizing software; makes it easy to send and share digital photos.. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others. Not dangerous, but unnecessary. C:\PROGRA~1\COMMON~1\AOL\111769~1\EE\AOLServiceHos t.exe Unknown running process. (AOLServiceHost.exe) This is a unknown process. C:\WINDOWS\System32\wbem\wmiprvse.exe Safe. running process. (wmiprvse.exe) Windows Management Instrumentation (WMI) Provider Host program C:\WINDOWS\system32\ctfmon.exe Safe. running process. (ctfmon.exe) C:\Program Files\Trillian\trillian.exe Safe. running process. (trillian.exe) Tillian chat client C:\Program Files\LIUtilities\WinTasks\wintasks.exe Safe. running process. (wintasks.exe) LI Utilities Win Tasks C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe Safe. running process. (robotaskbaricon.exe) C:\WINDOWS\system32\wscntfy.exe Safe. running process. (wscntfy.exe) Windows XP Securitycenter (Service Pack 2) C:\PROGRA~1\LIVEPE~1\hc.exe Safe. running process. (hc.exe) For Compaq PCs. Help Compiler, crunches help database, will run without being in startup when needed Not dangerous, but unnecessary. C:\Program Files\America Online 9.0\waol.exe Safe. running process. (waol.exe) Part of AOL C:\Program Files\America Online 9.0\shellmon.exe Safe. running process. (shellmon.exe) Possibly nasty! According to our database this process runs normally in c:\programme\aol 8.0a\! Check if you know this process and arrange a viruscheck where required. C:\Program Files\ewido\security suite\ewidoctrl.exe Safe. running process. (ewidoctrl.exe) Ewido Security Suite C:\Program Files\ewido\security suite\ewidoguard.exe Safe. running process. (ewidoguard.exe) Ewido Security Suite C:\Program Files\Siber Systems\AI RoboForm\Identities.exe Unknown running process. (Identities.exe) This is a unknown process. C:\Program Files\MSN\MSNCoreFiles\msn6.exe Safe. running process. (msn6.exe) MSN 6 Software C:\Program Files\MSN Messenger\msnmsgr.exe Safe. running process. (msnmsgr.exe) MSN Messenger C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe Safe. running process. (msnappau.exe) MSN Toolbar Updater C:\WINDOWS\system32\taskmgr.exe Safe. running process. (taskmgr.exe) Task Manager von Windows. C:\Documents and Settings\Stormy East\My Documents\hijackthis\HijackThis.exe Safe. running process. (HijackThis.exe) Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com Safe. This page has been identified as safe. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com Safe. This page has been identified as safe. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com Safe. This page has been identified as safe. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com Safe. This page has been identified as safe. R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.pconpoint.com Safe. This page has been identified as safe. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 % O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 99 % O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) Unnecessarily Entries found in this registry zone are potentially nasty. This application ([549B5CA7-4A86-11D7-A4DF-000874180BB3] - Result: 549B5CA7-4A86-11D7-A4DF-000874180BB3) has been checked. Hit rate: 99 % Must be fixed! Unnecessary (deactivated) entry that can be fixed. O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll Nasty Entries found in this registry zone are potentially nasty. This application ([9394EDE7-C8B5-483E-8773-474BF36AF6E4] - Result: 9394EDE7-C8B5-483E-8773-474BF36AF6E4) has been checked. Hit rate: 99 % Must be fixed! O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll Safe. Entries found in this registry zone are potentially nasty. This application ([BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0] - Result: BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) has been checked. Hit rate: 99 % O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) Unnecessarily Entries found in this registry zone are potentially nasty. This application ([FDD3B846-8D59-4ffb-8758-209B6AD74ACC] - Result: FDD3B846-8D59-4ffb-8758-209B6AD74ACC) has been checked. Hit rate: 99 % Must be fixed! Unnecessary (deactivated) entry that can be fixed. O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll Safe. Entries found in this registry zone are potentially nasty. This application ([4982D40A-C53B-4615-B15B-B5B5E98D167C] - Result: 4982D40A-C53B-4615-B15B-B5B5E98D167C) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 % O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) Unnecessarily Entries found in this registry zone are potentially nasty. This application ([BA52B914-B692-46c4-B683-905236F6F655] - Result: BA52B914-B692-46c4-B683-905236F6F655) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 % Unnecessary (deactivated) entry that can be fixed. O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll Safe. Entries found in this registry zone are potentially nasty. This application ([BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0] - Result: BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 % O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" Safe. Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one Hit rate: 99 % (result) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe Safe. Associated with "Nero Burning Rom" CD writing software. Checks for driver issues Hit rate: 99 % (result) O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe Safe. Hit rate: 99 % (result) O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe Unknown Hit rate: 6 % (result) Unknown application. O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117692858\EE\AOLHostManager.exe Unknown In a Program FilesCommon FilesAOL folder; what does it do, and is it required?? Hit rate: 99 % (result) Unknown application. O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe Safe. Hit rate: 99 % (result) O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" Unknown Hit rate: 6 % (result) Unknown application. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Safe. QuickTime Hit rate: 99 % (result) Not dangerous, but unnecessary. O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" Safe. eTrust EZ Antivirus Hit rate: 99 % (result) O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" Safe. eTrust EZ Antivirus Hit rate: 99 % (result) O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\PDDriver\LVCOMS.EXE Safe. Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera Hit rate: 29 % (result) O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" Safe. MSN toolbar updater Hit rate: 99 % (result) O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background Safe. Windows Messenger utility. If you don\'t use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts" Hit rate: 99 % (result) O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b Unknown Hit rate: -1 % (result) Unknown application. O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Safe. Spybot - Search & Destroy - free multi-spyware removal tool from Patrick Kolla. TeaTimer.exe monitors certain changes to the registry and notifies when browser plugins and activeX controls get installed, allowing you to block/reverse this. Hit rate: 99 % (result) O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe Safe. Simple Star PhotoShow_Deluxe photo editing and organizing software; makes it easy to send and share digital photos.. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others. Hit rate: 99 % (result) Not dangerous, but unnecessary. O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h Nasty Passwort Cracking Hit rate: 92 % (result) Must be fixed! O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 Safe. Spy Sweeper - detects and removes spyware Hit rate: 99 % (result) O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background Safe. Microsoft s MSN Messenger 6 Hit rate: 99 % (result) O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe Safe. BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as its a resource hog Hit rate: 39 % (result) Not dangerous, but unnecessary. O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 6.0\statusmonitor.exe Unknown Hit rate: 2 % (result) Unknown application. O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML Nasty The entry &AOL Toolbar search has been identified as nasty. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll Safe. The entry has been identified as safe. If the entry '' is not needed anymore , it should be fixed. O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll Safe. The entry Sun Java Console has been identified as safe. If the entry 'Sun Java Console ' is not needed anymore , it should be fixed. O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html Safe. The entry Fill Forms has been identified as safe. If the entry 'Fill Forms ' is not needed anymore , it should be fixed. O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html Safe. The entry Fill Forms has been identified as safe. If the entry 'Fill Forms ' is not needed anymore , it should be fixed. O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html Safe. The entry Save has been identified as safe. If the entry 'Save ' is not needed anymore , it should be fixed. O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html Safe. The entry Save Forms has been identified as safe. If the entry 'Save Forms ' is not needed anymore , it should be fixed. O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll Safe. The entry AOL Toolbar has been identified as safe. If the entry 'AOL Toolbar ' is not needed anymore , it should be fixed. O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll Safe. The entry AOL Toolbar has been identified as safe. If the entry 'AOL Toolbar ' is not needed anymore , it should be fixed. O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe Safe. The entry ICQ has been identified as safe. If the entry 'ICQ ' is not needed anymore , it should be fixed. O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe Safe. The entry ICQ has been identified as safe. If the entry 'ICQ ' is not needed anymore , it should be fixed. O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html Safe. The entry RoboForm has been identified as safe. If the entry 'RoboForm ' is not needed anymore , it should be fixed. O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html Safe. The entry RoboForm Toolbar has been identified as safe. If the entry 'RoboForm Toolbar ' is not needed anymore , it should be fixed. O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll Safe. The entry Real.com has been identified as safe. If the entry 'Real.com ' is not needed anymore , it should be fixed. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore , it should be fixed. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe Safe. The entry Windows Messenger has been identified as safe. If the entry 'Windows Messenger ' is not needed anymore , it should be fixed. O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com Possibly nasty This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. This entry should be fixed if 'http://www.emachines.com' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com Safe. This entry has been identified as safe. O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll Safe. Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed. This entry has been identified as safe. O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll Unknown O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (AOLAcsd.exe) was identified as a good one. O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (aoltsmon.exe) was identified as a good one. O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\I Safe. exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (I Safe. exe) was identified as a good one. O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ewidoctrl.exe) was identified as a good one. O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ewidoguard.exe) was identified as a good one. O23 - Service: GFI LANguard N.S.S. 6.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 6.0\lnssatt.exe" -service (file missing) Unnecessarily These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (lnssatt.exe" -service (file missing)) Unnecessary (deactivated) entry that can be fixed. O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (InCDsrv.exe) was identified as a good one. O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) Unnecessarily These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (service (file missing)) Unnecessary (deactivated) entry that can be fixed. O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (VetMsg.exe) was identified as a good one. 5 Save analysis | Short analysis (NOTICE: Your analysis will only be saved for 3 days.) You should save this file on your hard disk drive. (right click -> save target as) Use these tips at your own risk! Copyright © 2004 - 2005 by Mathias Mattner | Contact| File Database | Malwareupload.com |
Cicero (40) | ||
| 360671 | 2005-06-02 22:22:00 | Tick these and click on fix. O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe These aren't nasty. BUT u dont need them in startup. O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h This looks like a trojan/worm. It maybe this securityresponse.symantec.com O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background This isnt nasty. BUT isnt needed in startup either. O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe This looks safe, but doesnt have to run on startup either. O23 - Service: GFI LANguard N.S.S. 6.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 6.0\lnssatt.exe" -service (file missing) O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) |
Speedy Gonzales (78) | ||
| 360672 | 2005-06-03 06:25:00 | Did ya'll give up on me or am I just totally through dealing??It was early morning NZ time. Some of us had to run off to work ... :p PressF1 works as a joint effort with solving issues, so where one person started, another person might pick up from. I see Speedy Gonzales has checked your log and made some suggestions. Post back with how you got on. :) |
Jen (38) | ||
| 1 2 | |||||