Lucynka
asked on
Hijack This Analysis
I just received the EE newsletter (thank you! very informative!) and would like some help with the hijack this analysis pasted below. Thank you.
Logfile of HijackThis v1.98.2 Safe.
Safe. Shows the version of HijackThis an. The newest version is: v1.98.2! This should be the newest version. (v1.98.2 )
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Safe.
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106! This should be the newest version. (6.00.2800.1106)
C:\WINDOWS\System32\smss.e xe Safe.
Safe. running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.
C:\WINDOWS\system32\winlog on.exe Safe.
Safe. running process. (winlogon.exe)
Systemprozess - Windows Login Routine
C:\WINDOWS\system32\servic es.exe Safe.
Safe. running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.
C:\WINDOWS\system32\lsass. exe Safe.
Safe. running process. (lsass.exe)
Systemprozess
C:\WINDOWS\system32\svchos t.exe Safe.
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\WINDOWS\System32\svchos t.exe Safe.
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\Program Files\Sygate\SPF\smc.exe Safe.
Safe. running process. (smc.exe)
C:\WINDOWS\Explorer.EXE Safe.
Safe. running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Safe.
Safe. running process. (ccSetMgr.exe)
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Safe.
Safe. running process. (ccEvtMgr.exe)
Event logging application
C:\WINDOWS\system32\spools v.exe Safe.
Safe. running process. (spoolsv.exe)
Systemprozess
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Safe.
Safe. running process. (ccProxy.exe)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Safe.
Safe. running process. (MDM.EXE)
Machine Debug Manager. Used by developers.
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe Safe.
Safe. running process. (navapsvc.exe)
Norton AntiVirus application that provides auto-protection of the system.
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe Safe.
Safe. running process. (SAVScan.exe)
Prozess von Norton Antivirus.
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Safe.
Safe. running process. (SNDSrvc.exe)
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e Safe.
Safe. running process. (symlcsvc.exe)
C:\WINDOWS\System32\PROMon .exe Unknown
Unknown running process. (PROMon.exe)
This is a unknown process.
C:\WINDOWS\System32\NMSSvc .exe Unknown
Unknown running process. (NMSSvc.exe)
This is a unknown process.
C:\WINDOWS\System32\hkcmd. exe Safe.
Safe. running process. (hkcmd.exe)
C:\WINDOWS\GWMDMMSG.exe Unknown
Unknown running process. (GWMDMMSG.exe)
This is a unknown process.
C:\Program Files\Real\RealPlayer\Real Play.exe Safe.
Safe. running process. (RealPlay.exe)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe Safe.
Safe. running process. (ccApp.exe)
C:\Program Files\Netscape\Netscape\Ne tscp.exe Safe.
Safe. running process. (Netscp.exe)
C:\Program Files\Messenger\msmsgs.exe Safe.
Safe. running process. (msmsgs.exe)
MSN Messenger
C:\WINDOWS\System32\ctfmon .exe Safe.
Safe. running process. (ctfmon.exe)
C:\PROGRA~1\MICROS~3\OFFIC E11\OUTLOO K.EXE Safe.
Safe. running process. (OUTLOOK.EXE)
E-Mail Client für Windows.
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE Safe.
Safe. running process. (EXCEL.EXE)
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX E Safe.
Safe. running process. (WINWORD.EXE)
C:\WINDOWS\System32\zstatu s.exe Unknown
Unknown running process. (zstatus.exe)
This is a unknown process.
C:\Documents and Settings\Administrator\Loc al Settings\Temp\Temporary
Directory 1 for hijackthis_198.zip\HijackT his.exe Safe.
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page =
www.access-4-free.com/portal.asp Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page =
www.access-4-free.com/portal.asp Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL =
http://www.gatewaybiz.com Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://www.gatewaybiz.com ', delete it.
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page =
www.access-4-free.com/portal.asp Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page =
www.access-4-free.com/portal.asp Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title =
Access4Free Probably safe.
Probably safe. If you want to have the standard title-column back, you should fix this entry. If you want to have the standard title-column back, you should fix this entry.
N3 - Netscape 7: user_pref("browser.search. defaulteng ine",
"engine://C%3A%5CProgram%2 0Files%5CN etscape%5C Netscape%5 Csearchplu gins%5CSB
Web_01.src"); (C:\Documents and Settings\Administrator\App lication
Data\Mozilla\Profiles\defa ult\wzt6hi va.slt\pre fs.js) Safe in most cases. Safe in most cases. Unknown pages and Lop.Com entries should be fixed! If you know the page, this entry does not need to be fixed.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH elper.ocx Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D- 784B7D6BE0 B3] - Result: 06849E9F-C8D7-4D59-B87D-78 4B7D6BE0B3 ) has been checked. Hit rate: 99 %
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644- 206D794248 4F] - Result: 53707962-6F74-2D53-2644-20 6D7942484F ) has been checked. Hit rate: 99 %
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-2 98DDF1699E 1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([9ECB9560-04F9-4bbc-943D- 298DDF1699 E1] - Result: 9ECB9560-04F9-4bbc-943D-29 8DDF1699E1 ) has been checked. Hit rate: 99 %
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([BDF3E430-B101-42AD-A544- FADC6B0848 72] - Result: BDF3E430-B101-42AD-A544-FA DC6B084872 ) has been checked. Hit rate: 99 %
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} -
C:\WINDOWS\System32\msdxm. ocx Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([8E718888-423F-11D2-876E- 00A0C90824 67] - Result: 8E718888-423F-11D2-876E-00 A0C9082467 ) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A 37C9A5676A 7} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([0B53EAC3-8D69-4b9e-9B19- A37C9A5676 A7] - Result: 0B53EAC3-8D69-4b9e-9B19-A3 7C9A5676A7 ) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([42CDD1BF-3FFB-4238-8AD1- 7859DF00B1 D6] - Result: 42CDD1BF-3FFB-4238-8AD1-78 59DF00B1D6 ) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe Safe.
Safe. The entered application PROMon.exe was identified: Promon.exe. Hit rate: 61 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr ay.exe Safe.
Safe. The entered application IgfxTray was identified: igfxtray. Hit rate: 82 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd. exe Safe.
Safe. The entered application HotKeysCmds was identified: HotKeysCmds. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe Safe.
Safe. The entered application GWMDMMSG was identified: GWMDMMSG. Hit rate: 95 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe Safe.
Safe. The entered application GWMDMpi was identified: GWMDMpi. Hit rate: 94 % (result)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real Play.exe
SYSTEMBOOTHIDEPLAYER Safe.
Safe. The entered application RealTray was identified: RealTray. Hit rate: 74 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe" Safe.
Safe. The entered application ccApp was identified: ccApp. Hit rate: 94 % (result)
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe Safe.
Safe. The entered application URLLSTCK.exe was identified: UrlLstCk. Hit rate: 60 % (result)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh eck.exe Safe.
Safe. The entered application NeroFilterCheck was identified: NeroFilterCheck. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc .exe -startgui Safe.
Safe. The entered application SmcService was identified: SmcService. Hit rate: 91 % (result)
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe Safe.
Safe. The entered application SSC_UserPrompt was identified: SSC_UserPrompt. Hit rate: 99 % (result)
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\Netscape\Netscape\Ne tscp.exe" -turbo Safe.
Safe. The entered application Mozilla Quick Launch was identified: Mozilla Quick Launch. Hit rate: 78 % (result) Not dangerous, but unnecessary.
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe "
/background Safe.
Safe. The entered application MSMSGS was identified: MSMSGS. Hit rate: 94 % (result)
O4 - HKCU\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMo n.exe Safe.
Safe. The entered application Symantec NetDriver Monitor was identified: Symantec NetDriver Monitor. Hit rate: 79 % (result)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon .exe Safe.
Safe. The entered application ctfmon.exe was identified: ctfmon. Hit rate: 81 % (result)
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3 \OFFICE11\ EXCEL.EXE/ 3000 Safe.
Safe. The entry E&xport to Microsoft Excel has been identified as safe. If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed.
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} -
C:\PROGRA~1\MICROS~3\OFFIC E11\REFIEB AR.DLL Possibly nasty
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'Research ' is unknown.
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} -
C:\WINDOWS\System32\Shdocv w.dll Safe.
Safe. The entry Real.com has been identified as safe. If the entry 'Real.com ' is not needed anymore, it should be fixed.
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox. dll Safe.
Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.
O17 -
HKLM\System\CCS\Services\T cpip\..\{F 205A15B-92 69-484C-8D F5-AF9CF4B E69D2}:
NameServer = 66.155.128.12 66.155.128.20 Possibly nasty
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '66.155.128.12 66.155.128.20 '? If not, fix this entry.
0 Nasty
Logfile of HijackThis v1.98.2 Safe.
Safe. Shows the version of HijackThis an. The newest version is: v1.98.2! This should be the newest version. (v1.98.2 )
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Safe.
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106! This should be the newest version. (6.00.2800.1106)
C:\WINDOWS\System32\smss.e
Safe. running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.
C:\WINDOWS\system32\winlog
Safe. running process. (winlogon.exe)
Systemprozess - Windows Login Routine
C:\WINDOWS\system32\servic
Safe. running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.
C:\WINDOWS\system32\lsass.
Safe. running process. (lsass.exe)
Systemprozess
C:\WINDOWS\system32\svchos
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\WINDOWS\System32\svchos
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\Program Files\Sygate\SPF\smc.exe Safe.
Safe. running process. (smc.exe)
C:\WINDOWS\Explorer.EXE Safe.
Safe. running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Safe.
Safe. running process. (ccSetMgr.exe)
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Safe.
Safe. running process. (ccEvtMgr.exe)
Event logging application
C:\WINDOWS\system32\spools
Safe. running process. (spoolsv.exe)
Systemprozess
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Safe.
Safe. running process. (ccProxy.exe)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Safe.
Safe. running process. (MDM.EXE)
Machine Debug Manager. Used by developers.
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe Safe.
Safe. running process. (navapsvc.exe)
Norton AntiVirus application that provides auto-protection of the system.
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe Safe.
Safe. running process. (SAVScan.exe)
Prozess von Norton Antivirus.
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Safe.
Safe. running process. (SNDSrvc.exe)
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
Safe. running process. (symlcsvc.exe)
C:\WINDOWS\System32\PROMon
Unknown running process. (PROMon.exe)
This is a unknown process.
C:\WINDOWS\System32\NMSSvc
Unknown running process. (NMSSvc.exe)
This is a unknown process.
C:\WINDOWS\System32\hkcmd.
Safe. running process. (hkcmd.exe)
C:\WINDOWS\GWMDMMSG.exe Unknown
Unknown running process. (GWMDMMSG.exe)
This is a unknown process.
C:\Program Files\Real\RealPlayer\Real
Safe. running process. (RealPlay.exe)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe Safe.
Safe. running process. (ccApp.exe)
C:\Program Files\Netscape\Netscape\Ne
Safe. running process. (Netscp.exe)
C:\Program Files\Messenger\msmsgs.exe
Safe. running process. (msmsgs.exe)
MSN Messenger
C:\WINDOWS\System32\ctfmon
Safe. running process. (ctfmon.exe)
C:\PROGRA~1\MICROS~3\OFFIC
Safe. running process. (OUTLOOK.EXE)
E-Mail Client für Windows.
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE Safe.
Safe. running process. (EXCEL.EXE)
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX
Safe. running process. (WINWORD.EXE)
C:\WINDOWS\System32\zstatu
Unknown running process. (zstatus.exe)
This is a unknown process.
C:\Documents and Settings\Administrator\Loc
Directory 1 for hijackthis_198.zip\HijackT
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R1 - HKCU\Software\Microsoft\In
www.access-4-free.com/portal.asp Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
R0 - HKCU\Software\Microsoft\In
www.access-4-free.com/portal.asp Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
R1 - HKLM\Software\Microsoft\In
http://www.gatewaybiz.com Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://www.gatewaybiz.com ', delete it.
R1 - HKLM\Software\Microsoft\In
www.access-4-free.com/portal.asp Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
R0 - HKLM\Software\Microsoft\In
www.access-4-free.com/portal.asp Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
R1 - HKCU\Software\Microsoft\In
Access4Free Probably safe.
Probably safe. If you want to have the standard title-column back, you should fix this entry. If you want to have the standard title-column back, you should fix this entry.
N3 - Netscape 7: user_pref("browser.search.
"engine://C%3A%5CProgram%2
Web_01.src"); (C:\Documents and Settings\Administrator\App
Data\Mozilla\Profiles\defa
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
Files\Spybot - Search & Destroy\SDHelper.dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-2
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt
Safe. Entries found in this registry zone are potentially nasty. This application ([9ECB9560-04F9-4bbc-943D-
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([BDF3E430-B101-42AD-A544-
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
C:\WINDOWS\System32\msdxm.
Safe. Entries found in this registry zone are potentially nasty. This application ([8E718888-423F-11D2-876E-
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt
Safe. Entries found in this registry zone are potentially nasty. This application ([0B53EAC3-8D69-4b9e-9B19-
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([42CDD1BF-3FFB-4238-8AD1-
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe Safe.
Safe. The entered application PROMon.exe was identified: Promon.exe. Hit rate: 61 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
Safe. The entered application IgfxTray was identified: igfxtray. Hit rate: 82 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
Safe. The entered application HotKeysCmds was identified: HotKeysCmds. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe Safe.
Safe. The entered application GWMDMMSG was identified: GWMDMMSG. Hit rate: 95 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe Safe.
Safe. The entered application GWMDMpi was identified: GWMDMpi. Hit rate: 94 % (result)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
SYSTEMBOOTHIDEPLAYER Safe.
Safe. The entered application RealTray was identified: RealTray. Hit rate: 74 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe" Safe.
Safe. The entered application ccApp was identified: ccApp. Hit rate: 94 % (result)
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe Safe.
Safe. The entered application URLLSTCK.exe was identified: UrlLstCk. Hit rate: 60 % (result)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh
Safe. The entered application NeroFilterCheck was identified: NeroFilterCheck. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc
Safe. The entered application SmcService was identified: SmcService. Hit rate: 91 % (result)
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe Safe.
Safe. The entered application SSC_UserPrompt was identified: SSC_UserPrompt. Hit rate: 99 % (result)
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\Netscape\Netscape\Ne
Safe. The entered application Mozilla Quick Launch was identified: Mozilla Quick Launch. Hit rate: 78 % (result) Not dangerous, but unnecessary.
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
/background Safe.
Safe. The entered application MSMSGS was identified: MSMSGS. Hit rate: 94 % (result)
O4 - HKCU\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMo
Safe. The entered application Symantec NetDriver Monitor was identified: Symantec NetDriver Monitor. Hit rate: 79 % (result)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
Safe. The entered application ctfmon.exe was identified: ctfmon. Hit rate: 81 % (result)
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3
Safe. The entry E&xport to Microsoft Excel has been identified as safe. If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed.
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
C:\PROGRA~1\MICROS~3\OFFIC
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'Research ' is unknown.
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
C:\WINDOWS\System32\Shdocv
Safe. The entry Real.com has been identified as safe. If the entry 'Real.com ' is not needed anymore, it should be fixed.
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.
Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.
O17 -
HKLM\System\CCS\Services\T
NameServer = 66.155.128.12 66.155.128.20 Possibly nasty
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '66.155.128.12 66.155.128.20 '? If not, fix this entry.
0 Nasty
HijackThis log file analysis
HijackThis is a program used by experienced users in order to detect browser hijackers. It allows you to identify any sort of spyware and malware (as well as some trojan horses and worms). This is achieved by scanning special zones of the registry as well as the hard disk drive, the results being listed in a structured window. Another feature of HijackThis is the creation of a log file, which can be saved as a simple text file and opened by any text editor (notepad as default). Until now, inexperienced users, who could not analyze the log file by themselves, had no other choice than posting it in a specialized forum and to hope that a more experienced user takes some time to analyze it. The script presented on this page is a way to analyze your log without help from the outside: simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed.
simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed.
http://www.hijackthis.de/index.php?langselect=english
HijackThis is a program used by experienced users in order to detect browser hijackers. It allows you to identify any sort of spyware and malware (as well as some trojan horses and worms). This is achieved by scanning special zones of the registry as well as the hard disk drive, the results being listed in a structured window. Another feature of HijackThis is the creation of a log file, which can be saved as a simple text file and opened by any text editor (notepad as default). Until now, inexperienced users, who could not analyze the log file by themselves, had no other choice than posting it in a specialized forum and to hope that a more experienced user takes some time to analyze it. The script presented on this page is a way to analyze your log without help from the outside: simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed.
simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed.
http://www.hijackthis.de/index.php?langselect=english
ASKER
Here is the saved analysis:
http://www.hijackthis.de/logfiles/4f91135e46bf60319cc6cf9d0db845b9.html
I don' t have a specific problem - I just want to detect any spyware etc on my system, and it's still running a bit slow. I haven't added memory yet. The bugs I was struggling with before the clean install are gone though!
Thanks! :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks! Do you know whether adding ram invalidates the Gateway warranty? I'll have to open the box.
hmmmmmmmm not sure,, are u having the warranty sticker on it which can tear if u will open the box ??
if yes then im afraid the warranty will invalidate in this case,,,, why dont u contact the provider of this system and tell them the situation, they must understand that now-a-days more RAM can be needed !! :)
if yes then im afraid the warranty will invalidate in this case,,,, why dont u contact the provider of this system and tell them the situation, they must understand that now-a-days more RAM can be needed !! :)
ASKER
Thanks! :)
my pleasure ^_^
U are not required to post the WHOLE analysation here..... just scroll down to the bottom of the analysed page, and u will see the SAVE ANALYSE button, hit it and it will save ur log in a new page, copy the address of that page and paste it here.... we will look at it :)
and BTW dont forget to explain abt ur problem !! =)