| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57259 | 2005-04-27 23:51:00 | Here Is My Logfile. What Is/Isn't Needed? | Pauline (641) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 349529 | 2005-04-27 23:51:00 | Hi, After reading Paradox's post I went to the link given by Sal & got confused. Logfile of HijackThis v1.97.7 Scan saved at 10:23:33 a.m., on 28/04/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\MIXER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\SYSTEM\FPDISP4A.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\WINDOWS\RUNDLL32.EXE C:\KMAESTRO\KMAESTRO.EXE C:\WINDOWS\SYSTEM\CTFMON.EXE D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE D:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\DOWNLOADS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clear.net.nz/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\SYSTEM\fpdisp4a.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE O4 - HKLM\..\Run: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [KeyMaestro] C:\KMAESTRO\KMaestro.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - www-secure.symantec.com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www-secure.symantec.com Thanks Pauline. |
Pauline (641) | ||
| 349530 | 2005-04-27 23:59:00 | I admire the energy and diligence of all the people who trawl thru postings of HJ logfiles, Pauline. But I wonder if it would not ultimately be better to learn how to do it ourselves. Identify what's on your computer and check out progs/entries on the net to see what they are and remove them or not. Just a thought. I personally would consider trawling thru someone else's logfile a chore. Didn't mean to put you off and good on you all those zealots who do it. (Gee I hope I don't need it myself next week. :groan: ) |
mark c (247) | ||
| 349531 | 2005-04-28 00:06:00 | Yep, it can be a little confusing when alarm bells ring for regular Windows processes. Because malware like to hide themselves as well as possible, they usually make themselves look as harmless as possible. The entries that are highlighted in red on your parsed HJT log are the usual suspects. The highlighted words are linked to further information on each entry, the info is there for you to decide whether they are OK, but it isnt laid out well for the inexperienced. Despite having quite a lot of entries, yours is clean Pauline. |
sal (67) | ||
| 349532 | 2005-04-28 00:06:00 | Good point. Most of it is fairly obvious. If its sayhing things like AVG, Nortons etc, well its part of that program. Hijackthis website has a reasonable amount of info on it about various processes too. Or entering the last part of some of them (ie. WMIEXE.EXE) into Google will give you an idea of what they are. BTW heres mine: MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe D:\Mozilla\mozilla.exe D:\Temp\Business\Protection\HijackThis.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\adobe\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Zone Labs\ZoneAlarm\zapro.exe Everybody else seems to have piles of stuff running. Kill it off, you don't need it. |
pctek (84) | ||
| 349533 | 2005-04-28 01:38:00 | Pauline, I got to the 3rd and 4th entry in the running process, looks bad so far. I would sugest you update AVG to the latest update and scan, then give it a clean up with Spybot and Adaware, then download the stinger (vil.nai.com) and give it a whirl. Then do another scan with hjt and post back. |
Rob99 (151) | ||
| 349534 | 2005-04-28 02:03:00 | PCtek are you running WinXP or Win2000? My system appears to be clean, but it's running all that Symantec rubbish . Curse Norton/Symantec getting all the on-CD bundle deals! The day my motherboard comes with PC Cillin on-CD will be a blessed day . |
Aurealis_ (7897) | ||
| 349535 | 2005-04-28 02:11:00 | PCtek are you running WinXP or Win2000? My system appears to be clean, but it's running all that Symantec rubbish. Curse Norton/Symantec getting all the on-CD bundle deals! The day my motherboard comes with PC Cillin on-CD will be a blessed day. It has happened, My brothers motherboard (a7v8x-x IIRC) came with Pc-cillian on the cd. |
ILikeLinux (1669) | ||
| 349536 | 2005-04-28 04:41:00 | PCtek are you running WinXP or Win2000? My system appears to be clean, but it's running all that Symantec rubbish . . XP Pro . |
pctek (84) | ||
| 1 | |||||