CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
Reviewer: Paul
Company: Merijn, Visit Site
Product: HijackThis ... Version: 1.97.7
Visit the store. Write your own review!
Whitelist Approved by CastleCops Security Professionals


 
Reviewer's Ratings
Avg Company Rating
Overall Feeling
Customer Support
Value for the money
Product's ease of use
Ease of installation
Product website
Reliability

Compare Product Reviews in this Class

HijackThis, a program written by Merijn Bellekom is an excellent tool for reading your system's important information, saving that to a log, and allowing for the removal of bad items that may be associated with spyware or adware. Many folks are well versed in helping users read logfiles, and at ComputerCops such are called 1st Responders and Security Experts. There also exists a log tutorial that can be accessed http://computercops.biz/HijackThis.html.

Its a free program, distributed freely, and supported by many around the world. If you feel you may have been hijacked, run this program and post your logfile for expert help today.

Added: August 1st 2004

Hits: 20944
NOTE: Product reviews are independently written by our members and do not necessarily express the opinions or views of CastleCops.

  

[ Back to Reviews Index | Post Comment ]

HijackThis
Posted by Artras  on 2005-03-14 10:45:41
My Score:


For those who have troubles finding out what to fix or not with HijackThis, there is a little utility that analyzes the log file and gives the user suggestions on what to do. Ofcourse it is still the user who decides, but it can be a real help. Although some will say that the util is not perfect, at least it is of real help and saves a lot of time. For more information have a look at http://forum.avast.com/index.php?topic=5796.0

I hope this information is of help to a lot of people.

HijackThis
Posted by Zin  on 2005-01-15 07:58:08
My Score:


Hijack This! is one of the tools I was first introduced to when I encountered a hacker in my PC. It is, in my opinion, a required utility for any computer that accesses the internet. It is excellent.

Yes, it can be difficult to understand and know which entries to remove. But not to worry, the CastleCops HijackThis volunteer experts will help you. And, there are numerous other computer tech help resources on the internet where one can get assistance analyzing your report. At least four that I know of. A search would surely reveal others. It seems to be a very popular product.

After using it for awhile, with knowledgeable folks helping you to do clean ups, you will gain the experience to recognize SOME deletable entries. However, it is NOT ADVISED to delete any entires until you feel absolutely certain you know what you are doing.

Overall: Excellent. Essential PC maintenance tool. Can work wonders to improve speed (if related to unwanted pests). A bit difficult to understand. Usually requires some minimal outside assistance. Can''t beat the price! It''s free.

HijackThis
Posted by Paul  on 2004-08-22 11:12:47
My Score:


Hey folks, do not posty our logs in here. They will not be addressed here. You need to redirect them to the hijackthis forum on the site.

HijackThis
Posted by Poison_Arrows  on 2004-08-22 04:26:34
My Score:


Can someone please help me with this and tell me what i should remove?


Logfile of HijackThis v1.98.2
Scan saved at 2:32:27 AM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesNorton Internet SecurityNISUM.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32Ati2evxx.exe
C:Program FilesNorton Internet SecurityccPxySvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32carpserv.exe
C:Program FilesApointApoint.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesSonyHotKey UtilityHKserv.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSSystem32ezSP_Px.exe
C:program filessupport.comclientbintgcmd.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesMessenger Plus! 3MsgPlus.exe
C:Program FilesNaviSearchbinnls.exe
c:progra~1intern~1iexplore.exe
C:Program FilesMSN AppsUpdater

HijackThis
Posted by jclewis  on 2004-08-20 10:45:25
My Score:


can u please tell me what needs to be deleted plz ?
''


Logfile of HijackThis v1.98.2
Scan saved at 8:43:25 AM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32ibmpmsvc.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSAGRSMMSG.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesTrend MicroOfficeScan Clientpccntmon.exe
C:WINDOWSSystem32RunDll32.exe
C:WINDOWSSystem32rundll32.exe
C:PROGRA~1ThinkPadPkgMgrHOTKEYTPHKMGR.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
C:Program FilesThinkPadPkgMgrHOTKEYTPONSCR.exe
C:WINDOWSSystem32inetsrvinetinfo.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesTrend MicroOfficeScan Clientntrtscan.exe
C:WINDOWSSystem32tcpsvcs.exe
C:Program FilesTrend MicroOfficeScan Clienttmlisten.exe
C:WINDOWSsystem32TpKmpSVC.exe
C:DX90SDKUtilitiesDirectX extensions for Visual Studio .NETDXDebugService.exe
C:Program FilesCommon FilesSystemMSSearchBinmssearch.exe
C:Program FilesTrend MicroOfficeScan Clientofcdog.exe
C:Program FilesTrend MicroOfficeScan Clientpccntupd.exe
C:Documents and SettingsclewisDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:WINDOWSSystem32winb2s32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [OfficeScanNT Monitor] C:Program FilesTrend MicroOfficeScan Clientpccntmon.exe -HideWindow
O4 - HKLM..Run: [BMMGAG] RunDll32 C:PROGRA~1ThinkPadUTILIT~1pwrmonit.dll,StartPwrMonitor
O4 - HKLM..Run: [BMMLREF] C:Program FilesThinkPadUtilitiesBMMLREF.EXE
O4 - HKLM..Run: [BMMMONWND] rundll32.exe C:PROGRA~1ThinkPadUTILIT~1BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM..Run: [TPKMAPHELPER] C:Program FilesThinkPadUtilitiesTpKmapAp.exe -helper
O4 - HKLM..Run: [TPHOTKEY] C:PROGRA~1ThinkPadPkgMgrHOTKEYTPHKMGR.exe
O4 - HKLM..Run: [UC_Start] C:IBMToolsUpdaterucstartup.exe
O4 - HKLM..Run: [StorageGuard] C:Program FilesVERITAS SoftwareUpdate Managersgtray.exe /r
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://studentad/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) - http://www.begin2search.com/toolbar/winb2s32.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://studentad/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://studentad/officescan/clientinstall/setup.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://studentad/officescan/clientinstall/RemoveCtrl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O17 - HKLMSystemCCSServicesTcpipParameters: Domain = Student.Northface.local
O17 - HKLMSoftware..Telephony: DomainName = Student.Northface.local
O17 - HKLMSystemCCSServicesTcpip..{ED51A750-5AF7-4AB6-B57B-AD8FDB250347}: NameServer = 10.245.27.3
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = Student.Northface.local
O17 - HKLMSystemCS2ServicesTcpipParameters: Domain = Student.Northface.local
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll


HijackThis
Posted by jebusbob  on 2004-08-19 03:50:57
My Score:


hey can someone please help me and tell me what needs to be removed?

THANKS!!!
heres my log

ogfile of HijackThis v1.98.1
Scan saved at 12:40:40 AM, on 8/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:WINDOWSsystem32slserv.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSExplorer.EXE
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSkdxKHost.exe
C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe
C:Program FilesAres Lite EditionAresLite.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkCalRem.exe
C:Program FilesMusicmatchMusicmatch JukeboxMMJB.EXE
C:Program FilesMusicmatchMusicmatch JukeboxMMDiag.exe
C:Program FilesMusicmatchMusicmatch Jukeboxmm_director.exe
C:PROGRA~1MUSICM~1MUSICM~2MM_TDM~1.EXE
C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsOwnerDesktopHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.emachines.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST

HijackThis
Posted by buckman  on 2004-08-18 18:55:38
My Score:


Please advise what needs to be deleted.

Thanks in advance.

ogfile of HijackThis v1.98.2
Scan saved at 6:55:18 PM, on 8/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32driversKodakCCS.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:WINDOWSSystem32ScsiAccess.EXE
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesDellEUSWSupport.exe
C:Program FilesDellMedia ExperiencePCMService.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmm_tray.exe
C:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
C:WINDOWSSystem32hkcmd.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSBCMSMMSG.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
C:Program FilesKodakKODAK Software Updater7288971ProgrambackWeb-7288971.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program Fileshijack thisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [DwlClient] C:Program FilesCommon FilesDellEUSWSupport.exe
O4 - HKLM..Run: [UpdateManager] C:Program FilesCommon FilesSonicUpdate Managersgtray.exe /r
O4 - HKLM..Run: [TkBellExe] C:Program FilesCommon FilesRealUpdate_OBrealsched.exe -osboot
O4 - HKLM..Run: [PCMService] C:Program FilesDellMedia ExperiencePCMService.exe
O4 - HKLM..Run: [MMTray] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmm_tray.exe
O4 - HKLM..Run: [mmtask] c:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [ccRegVfy] C:Program FilesCommon FilesSymantec SharedccRegVfy.exe
O4 - HKLM..Run: [ccApp] C:Program FilesCommon FilesSymantec SharedccApp.exe
O4 - HKLM..Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM..Run: [QuickTime Task] C:Program FilesQuickTimeqttask.exe -atboottime
O4 - HKCU..Run: [MSMSGS] C:Program FilesMessengermsmsgs.exe /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:Program FilesKodakKODAK Software Updater7288971ProgrambackWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll (file missing)
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra ''Tools'' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3123/cpbrkpie.cab


HijackThis
Posted by leonel  on 2004-08-17 13:45:57
My Score:


What can I delete? Thanks

Logfile of HijackThis v1.98.1
Scan saved at 12:28:51 PM, on 8/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:PROGRA~1GrisoftAVG6avgserv.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:HPKBDKBD.EXE
C:windowssystemhpsysdrv.exe
C:WINDOWSALCXMNTR.EXE
C:Program FilesJavaj2re1.4.2_04binjusched.exe
C:Program FilesGrisoftAVG6avgcc32.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:unzippedhijackthishijackthis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://qus10.hpwis.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [RCScheduleCheck] C:Program FilesVCOMRecovery CommanderRCSCHED.EXE -CHECK
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04binjusched.exe
O4 - HKLM..Run: [Breg] C:Program FilesCommon FilesJavabreg.exe
O4 - HKLM..Run: [AVG_CC] C:Program FilesGrisoftAVG6avgcc32.exe /startup
O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
O4 - HKLM..Run: [Zone Labs Client] C:Program FilesZone LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [TkBellExe] C:Program FilesCommon FilesRealUpdate_OBrealsched.exe -osboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyPokerIEExtension.dll
O9 - Extra ''Tools'' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyPokerIEExtension.dll
O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab


HijackThis
Posted by cephaelis  on 2004-08-11 12:21:47
My Score:


The product is really nice but expert help is not that easy accessible how I have learnt. I have posted my log file here (and to another web forum) long time ago and stayed neglected... :-/

HijackThis
Posted by Twister  on 2004-08-08 18:01:01
My Score:


Very good program!

2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
166ppm 0.168s (0.007s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer