Please add CounterSpy

[venicecore]

Hello All,

I am hoping to be a contributor to this forum. I happen to use Hijackthis all the time with my clients. It is most useful. Below is a log of my own personal machine. Please make comments as to the things you see below. I would just like to see them add the CounterSpy items to the OK list.

Code:

Logfile of HijackThis v1.99.1
Scan saved at 4:07:37 PM, on 10/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\installed.apps\thunder.bird\thunderbird.exe
D:\temporary\trillian\trillian.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
D:\maintenance\pc.apps\hijack.this\hijackthis_199\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jigsaw.puzzle
O17 - HKLM\Software\..\Telephony: DomainName = jigsaw.puzzle
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jigsaw.puzzle
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

I appreciate your time and thank the developers of Hijackthis for their time as well. Excellent program and it helps out quite a bit.

Kind regards,
Venicecore

http://www.venicecore.com

[Ruby]

Welcome to HijackThis.de @ Venicecore

Please post your Logfiles in vB Code too.

I would like to have a feedback to the following files.
Please scan them with Virustotal and Jotti:

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe

You will want to make us know every result by copy&paste.

Could you please tell me more about the following entries:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jigsaw.puzzle
O17 - HKLM\Software\..\Telephony: DomainName = jigsaw.puzzle
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jigsaw.puzzle

Where does they belong to? Do you need them? Do you want these entries?

Regards
Ruby

[venicecore]

Hello Ruby,

I was looking around for forum rules and I cannot find them. At least not in the english speaking forum or support. In regards to vb code. I am unsure what you want me to do. Should I be putting some tag before and after my log copy and paste? CounterSpy is a Spyware application ( I think it really does a great job ) in fact it based on reading and research covers about 73% of the spyware out there, that combined with spybot, hijackthis and a great virus scanner ( NOD32 ) pretty much covers the lot. Having a hardware firewall like the firebox x5w edge also helps from watchguard.

The domain is mine, so those domain listings are just fine. Do you still want me to list the log from Online Malware Scan on the CounterSpy files? I know what they are, and I know they are OK.

http://www.sunbelt-software.com/

Please advise.

Kind regards,
Venicecore

http://www.venicecore.com

[Marc]

Counterspy has been added to our database. Your Log looks a little bit more green then before. Thx for your support venicecore, you´re welcome!

Marc

[venicecore]

Thanks,

I update my version of Java, so I replaced the log file with a new one showing that. Also, What exactly should I be putting on the page when I post to show VB? I would like to do it right in the future.

Kind regards,
Venicecore

http://www.venicecore.com

Also, Would you be interested in seeing a log file from windows 2003 server / with DNS for Active Directory Running and IIS 6 with PHP and MYSql? Just so you can see what things it shows are Nasty? or is HJT just for Desktops?

[Ruby]

Hello Venicecore

You may want to click the link I have given to you in my first answer to see what vb-Code means. It's a tag that has to be set at the beginning of a logfile and at the end of a logfile. We ask our users to get their logfiles in vb-Code. You may als have a look to Know how - HijackThis to learn more about it.

Please feel free to show us more HijackThis Logfiles.

[lamda]

Users are sure to find in open .dbx file and dbx reader tool, simple yet versatile, to solve potential problems and stay in control of damaged dbx files in the safe folder.

[Ruby]

Thank you for your message and these tools @ Lamda
We will try it.