Edeneye
asked on
Couple of Question Marks in My HijackThis Log, Could You Take A Look?
Hello,
I've recently been removing spyware and other nasties from a system which appears to be clean now.
Both Ad-Aware and Spybot S&D show clean scans everytime I boot.
HijackThis still shows a couple of things that I am slightly unsure of though and would like a second opinion.
I have used the analyzer at http://www.hijackthis.de/index.php?langselect=english to check the log and it comes up with a few unknowns, a few unecessaries and a few possibly nasty's.
Any input would be greatly appreciated.
Thanks,
Edeneye
Logfile of HijackThis v1.98.2
Scan saved at 4:00:47 PM, on 12/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32 .DLL
C:\WINDOWS\SYSTEM\MSGSRV32 .EXE
C:\WINDOWS\SYSTEM\mmtask.t sk
C:\WINDOWS\SYSTEM\MPREXE.E XE
C:\WINDOWS\SYSTEM\MSTASK.E XE
C:\WINDOWS\SYSTEM\SSDPSRV. EXE
C:\WINDOWS\SYSTEM\DEVLDR16 .EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY. EXE
C:\WINDOWS\SYSTEM\RESTORE\ STMGR.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E XE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY .EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\HIDSERV. EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\AMERICA ONLINE 5.0F\AOLTRAY.EXE
C:\TOOLS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.dellnet.com/
F1 - win.ini: run=hpfsched
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radi o - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\SYSTEM\MSDXM.OC X
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor t\PCHSchd. exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey .exe"
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16 .exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv. exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\ StateMgr.e xe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0f\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\PROGRA~1\MESSEN~1\MSMSG S.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\PROGRA~1\MESSEN~1\MSMSG S.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-0 06097DBED3 7} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-0 06097DBED3 7} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-0 06097DBED3 7} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-0 06097DBED3 7} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-3 8AE1B80C1F A} - http://www.dellnet.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-0 0A0C970049 8} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c379/chat.cab
O16 - DPF: {81361155-FAF9-11D3-B0D3-0 0C04F612FF 1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/msnchat3.cab
O16 - DPF: Yahoo! Checkers - http://yog8.yahoo.com/yog/y/km0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog13.yahoo.com/yog/y/ks3_x.cab
O16 - DPF: ChatSpace Java Client 2.0.0.66 - http://64.170.166.238:8000/Java/cs4ms066.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-0 06097DF231 7} (EABootStrap Class) - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {34805D32-AD89-469E-8503-A 5666AEE433 3} (RdxIE Class) - http://207.188.7.150/298ebcea9d590b1e6020/netzip/RdxIE.cab
O16 - DPF: ChatSpace Java Client 2.1.0.86 - http://www.suzannesomers.com:8000/Java/cs4ms086.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9 B663A28DFC B} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
I've recently been removing spyware and other nasties from a system which appears to be clean now.
Both Ad-Aware and Spybot S&D show clean scans everytime I boot.
HijackThis still shows a couple of things that I am slightly unsure of though and would like a second opinion.
I have used the analyzer at http://www.hijackthis.de/index.php?langselect=english to check the log and it comes up with a few unknowns, a few unecessaries and a few possibly nasty's.
Any input would be greatly appreciated.
Thanks,
Edeneye
Logfile of HijackThis v1.98.2
Scan saved at 4:00:47 PM, on 12/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\MSTASK.E
C:\WINDOWS\SYSTEM\SSDPSRV.
C:\WINDOWS\SYSTEM\DEVLDR16
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\WINDOWS\SYSTEM\RESTORE\
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\HIDSERV.
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\AMERICA ONLINE 5.0F\AOLTRAY.EXE
C:\TOOLS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\In
F1 - win.ini: run=hpfsched
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - SOFTWARE - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radi
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0f\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-0
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-0
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-0
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-0
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-3
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c379/chat.cab
O16 - DPF: {81361155-FAF9-11D3-B0D3-0
O16 - DPF: Yahoo! Checkers - http://yog8.yahoo.com/yog/y/km0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog13.yahoo.com/yog/y/ks3_x.cab
O16 - DPF: ChatSpace Java Client 2.0.0.66 - http://64.170.166.238:8000/Java/cs4ms066.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-0
O16 - DPF: {34805D32-AD89-469E-8503-A
O16 - DPF: ChatSpace Java Client 2.1.0.86 - http://www.suzannesomers.com:8000/Java/cs4ms086.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yep that's what I thought.
I had checked all of those odds and ends programs to see that they were legit.
That one BHO and all of the O16 entries were what I was curious about.
Thanks a lot
Edeneye.
I had checked all of those odds and ends programs to see that they were legit.
That one BHO and all of the O16 entries were what I was curious about.
Thanks a lot
Edeneye.
You are Welcome! ^_^
>> C:\WINDOWS\SYSTEM\DEVLDR16
http://www.windowsstartup.com/wso/detail.php?id=709
>> C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY
http://www.windowsstartup.com/wso/detail.php?id=2601
>> C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
http://www.windowsstartup.com/wso/detail.php?id=1682
>> C:\WINDOWS\SYSTEM\HIDSERV.
http://www.liutilities.com/products/wintaskspro/processlibrary/hidserv/
>> F1 - win.ini: run=hpfsched
this is from a HP Product you are using
>> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
nopes its not nasty... in a Win98\ME system this is a valid process
and rest are Possibly Nasty ActiveX Objects which can be removed or can be left alone by you, coz next timewhen you will visit those pages they will get reinstalled :)
Anything else ?? :)