Hijack This Analysis

I just received the EE newsletter (thank you!  very informative!) and would like some help with the hijack this analysis pasted below.  Thank you.




         Logfile of HijackThis v1.98.2                 Safe.
Safe.               Shows the version of HijackThis an. The newest version is: v1.98.2!               This should be the newest version. (v1.98.2 )
              A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)               Safe.
Safe.               Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106!               This should be the newest version. (6.00.2800.1106)
        C:\WINDOWS\System32\smss.exe               Safe.
Safe.               running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.               
        C:\WINDOWS\system32\winlogon.exe               Safe.
Safe.               running process. (winlogon.exe)
Systemprozess - Windows Login Routine               
        C:\WINDOWS\system32\services.exe               Safe.
Safe.               running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.               
        C:\WINDOWS\system32\lsass.exe               Safe.
Safe.               running process. (lsass.exe)
Systemprozess               
        C:\WINDOWS\system32\svchost.exe               Safe.
Safe.               running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.               
        C:\WINDOWS\System32\svchost.exe               Safe.
Safe.               running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.               
        C:\Program Files\Sygate\SPF\smc.exe               Safe.
Safe.               running process. (smc.exe)
              
        C:\WINDOWS\Explorer.EXE               Safe.
Safe.               running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste.               
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe               Safe.
Safe.               running process. (ccSetMgr.exe)
              
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe               Safe.
Safe.               running process. (ccEvtMgr.exe)
Event logging application               
        C:\WINDOWS\system32\spoolsv.exe               Safe.
Safe.               running process. (spoolsv.exe)
Systemprozess               
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe               Safe.
Safe.               running process. (ccProxy.exe)
              
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE               Safe.
Safe.               running process. (MDM.EXE)
Machine Debug Manager. Used by developers.               
        C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe               Safe.
Safe.               running process. (navapsvc.exe)
Norton AntiVirus application that provides auto-protection of the system.               
        C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe               Safe.
Safe.               running process. (SAVScan.exe)
Prozess von Norton Antivirus.               
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe               Safe.
Safe.               running process. (SNDSrvc.exe)
              
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe               Safe.
Safe.               running process. (symlcsvc.exe)
              
        C:\WINDOWS\System32\PROMon.exe               Unknown
Unknown               running process. (PROMon.exe)
              This is a unknown process.
        C:\WINDOWS\System32\NMSSvc.exe               Unknown
Unknown               running process. (NMSSvc.exe)
              This is a unknown process.
        C:\WINDOWS\System32\hkcmd.exe               Safe.
Safe.               running process. (hkcmd.exe)
              
        C:\WINDOWS\GWMDMMSG.exe               Unknown
Unknown               running process. (GWMDMMSG.exe)
              This is a unknown process.
        C:\Program Files\Real\RealPlayer\RealPlay.exe               Safe.
Safe.               running process. (RealPlay.exe)
              
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe               Safe.
Safe.               running process. (ccApp.exe)
              
        C:\Program Files\Netscape\Netscape\Netscp.exe               Safe.
Safe.               running process. (Netscp.exe)
              
        C:\Program Files\Messenger\msmsgs.exe               Safe.
Safe.               running process. (msmsgs.exe)
MSN Messenger               
        C:\WINDOWS\System32\ctfmon.exe               Safe.
Safe.               running process. (ctfmon.exe)
              
        C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE               Safe.
Safe.               running process. (OUTLOOK.EXE)
E-Mail Client für Windows.               
        C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE               Safe.
Safe.               running process. (EXCEL.EXE)
              
        C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE               Safe.
Safe.               running process. (WINWORD.EXE)
              
        C:\WINDOWS\System32\zstatus.exe               Unknown
Unknown               running process. (zstatus.exe)
              This is a unknown process.
        C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary
Directory 1 for hijackthis_198.zip\HijackThis.exe               Safe.
Safe.               running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben.               Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
www.access-4-free.com/portal.asp               Possibly nasty
Possibly nasty               This page could possibly be nasty.               If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.access-4-free.com/portal.asp               Possibly nasty
Possibly nasty               This page could possibly be nasty.               If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gatewaybiz.com               Possibly nasty
Possibly nasty               This page could possibly be nasty.               If you do not know the entry 'http://www.gatewaybiz.com ', delete it.
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
www.access-4-free.com/portal.asp               Possibly nasty
Possibly nasty               This page could possibly be nasty.               If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.access-4-free.com/portal.asp               Possibly nasty
Possibly nasty               This page could possibly be nasty.               If you do not know the entry 'www.access-4-free.com/portal.asp ', delete it.
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Access4Free               Probably safe.
Probably safe.               If you want to have the standard title-column back, you should fix this entry.               If you want to have the standard title-column back, you should fix this entry.
        N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSB
Web_01.src"); (C:\Documents and Settings\Administrator\Application
Data\Mozilla\Profiles\default\wzt6hiva.slt\prefs.js)               Safe in most cases.               Safe in most cases. Unknown pages and Lop.Com entries should be fixed!               If you know the page, this entry does not need to be fixed.
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx               Safe.
Safe.               Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 %               
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll               Safe.
Safe.               Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 99 %               
        O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll               Safe.
Safe.               Entries found in this registry zone are potentially nasty. This application ([9ECB9560-04F9-4bbc-943D-298DDF1699E1] - Result: 9ECB9560-04F9-4bbc-943D-298DDF1699E1) has been checked. Hit rate: 99 %               
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll               Safe.
Safe.               Entries found in this registry zone are potentially nasty. This application ([BDF3E430-B101-42AD-A544-FADC6B084872] - Result: BDF3E430-B101-42AD-A544-FADC6B084872) has been checked. Hit rate: 99 %               
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx               Safe.
Safe.               Entries found in this registry zone are potentially nasty. This application ([8E718888-423F-11D2-876E-00A0C9082467] - Result: 8E718888-423F-11D2-876E-00A0C9082467) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %               
        O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll               Safe.
Safe.               Entries found in this registry zone are potentially nasty. This application ([0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7] - Result: 0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %               
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll               Safe.
Safe.               Entries found in this registry zone are potentially nasty. This application ([42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6] - Result: 42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %               
        O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe               Safe.
Safe.               The entered application PROMon.exe was identified: Promon.exe. Hit rate: 61 % (result)               Not dangerous, but unnecessary.
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe               Safe.
Safe.               The entered application IgfxTray was identified: igfxtray. Hit rate: 82 % (result)               Not dangerous, but unnecessary.
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe               Safe.
Safe.               The entered application HotKeysCmds was identified: HotKeysCmds. Hit rate: 99 % (result)               
        O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe               Safe.
Safe.               The entered application GWMDMMSG was identified: GWMDMMSG. Hit rate: 95 % (result)               Not dangerous, but unnecessary.
        O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe               Safe.
Safe.               The entered application GWMDMpi was identified: GWMDMpi. Hit rate: 94 % (result)               
        O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER               Safe.
Safe.               The entered application RealTray was identified: RealTray. Hit rate: 74 % (result)               Not dangerous, but unnecessary.
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"               Safe.
Safe.               The entered application ccApp was identified: ccApp. Hit rate: 94 % (result)               
        O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe               Safe.
Safe.               The entered application URLLSTCK.exe was identified: UrlLstCk. Hit rate: 60 % (result)               
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe               Safe.
Safe.               The entered application NeroFilterCheck was identified: NeroFilterCheck. Hit rate: 99 % (result)               
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui               Safe.
Safe.               The entered application SmcService was identified: SmcService. Hit rate: 91 % (result)               
        O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe               Safe.
Safe.               The entered application SSC_UserPrompt was identified: SSC_UserPrompt. Hit rate: 99 % (result)               
        O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\Netscape\Netscape\Netscp.exe" -turbo               Safe.
Safe.               The entered application Mozilla Quick Launch was identified: Mozilla Quick Launch. Hit rate: 78 % (result)               Not dangerous, but unnecessary.
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background               Safe.
Safe.               The entered application MSMSGS was identified: MSMSGS. Hit rate: 94 % (result)               
        O4 - HKCU\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe               Safe.
Safe.               The entered application Symantec NetDriver Monitor was identified: Symantec NetDriver Monitor. Hit rate: 79 % (result)               
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe               Safe.
Safe.               The entered application ctfmon.exe was identified: ctfmon. Hit rate: 81 % (result)               
        O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000               Safe.
Safe.               The entry E&xport to Microsoft Excel has been identified as safe.               If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed.
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL               Possibly nasty
Possibly nasty               Unknown buttons or entries in the 'Extras'-menu should be fixed.               To be fixed if the entry 'Research ' is unknown.
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll               Safe.
Safe.               The entry Real.com has been identified as safe.               If the entry 'Real.com ' is not needed anymore, it should be fixed.
        O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll               Safe.
Safe.               Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.               
        O17 -
HKLM\System\CCS\Services\Tcpip\..\{F205A15B-9269-484C-8DF5-AF9CF4BE69D2}:
NameServer = 66.155.128.12 66.155.128.20               Possibly nasty
Possibly nasty               If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.               Do you know the IP or Domain '66.155.128.12 66.155.128.20 '? If not, fix this entry.
        
0 Nasty
LVL 1
LucynkaAsked:
Who is Participating?
 
SheharyaarSaahilConnect With a Mentor Commented:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =www.access-4-free.com/portal.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =www.access-4-free.com/portal.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =www.access-4-free.com/portal.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =www.access-4-free.com/portal.asp
========================

Fix the above entries, rest is all OK :)
so they cannot be the reason of slowness, go and get some more RAM !! ;-)
Cheers ^_^
0
 
SheharyaarSaahilCommented:
Hello Lucynka =)

U are not required to post the WHOLE analysation here..... just scroll down to the bottom of the analysed page, and u will see the SAVE ANALYSE button, hit it and it will save ur log in a new page, copy the address of that page and paste it here.... we will look at it :)

and BTW dont forget to explain abt ur problem !! =)
0
 
LRI41Commented:
HijackThis log file analysis

HijackThis is a program used by experienced users in order to detect browser hijackers. It allows you to identify any sort of spyware and malware (as well as some trojan horses and worms). This is achieved by scanning special zones of the registry as well as the hard disk drive, the results being listed in a structured window. Another feature of HijackThis is the creation of a log file, which can be saved as a simple text file and opened by any text editor (notepad as default). Until now, inexperienced users, who could not analyze the log file by themselves, had no other choice than posting it in a specialized forum and to hope that a more experienced user takes some time to analyze it. The script presented on this page is a way to analyze your log without help from the outside: simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed.

 simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed.

http://www.hijackthis.de/index.php?langselect=english
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
LucynkaAuthor Commented:

Here is the saved analysis:
http://www.hijackthis.de/logfiles/4f91135e46bf60319cc6cf9d0db845b9.html

I don' t have a specific problem - I just want to detect any spyware etc on my system, and it's still running a bit slow.  I haven't added memory yet.  The bugs I was struggling with before the clean install are gone though!

Thanks!  :)
0
 
LucynkaAuthor Commented:
Thanks!  Do you know whether adding ram invalidates the Gateway warranty?  I'll have to open the box.
0
 
SheharyaarSaahilCommented:
hmmmmmmmm not sure,, are u having the warranty sticker on it which can tear if u will open the box ??
if yes then im afraid the warranty will invalidate in this case,,,, why dont u contact the provider of this system and tell them the situation, they must understand that now-a-days more RAM can be needed !! :)
0
 
LucynkaAuthor Commented:
Thanks!  :)
0
 
SheharyaarSaahilCommented:
my pleasure ^_^
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.