Code:
Logfile of HijackThis v1.99.1
Safe. Shows the version of HijackThis an. The newest version is: v1.99.1! This should be the newest version. (v1.99.1)
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106! This should be the newest version. (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
Safe. running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.
C:\WINDOWS\system32\winlogon.exe
Safe. running process. (winlogon.exe)
Systemprozess - Windows Login Routine
C:\WINDOWS\system32\services.exe
Safe. running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.
C:\WINDOWS\system32\lsass.exe
Safe. running process. (lsass.exe)
Systemprozess
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\WINDOWS\System32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\WINDOWS\Explorer.EXE
Safe. running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste.
C:\WINDOWS\system32\spoolsv.exe
Safe. running process. (spoolsv.exe)
Systemprozess
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. running process. (ccEvtMgr.exe)
Event logging application
C:\windows\system\hpsysdrv.exe
Safe. running process. (hpsysdrv.exe)
C:\WINDOWS\System32\hkcmd.exe
Safe. running process. (hkcmd.exe)
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Safe. running process. (hpgs2wnd.exe)
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Safe. running process. (hpqcmon.exe)
Hewlett-Packard Digital Imaging
Possibly nasty! According to our database this process runs normally in c:\programme\hp\digital imaging\unload\! Check if you know this process and arrange a viruscheck where required.
C:\HP\KBD\KBD.EXE
Unknown running process. (KBD.EXE)
This is a unknown process.
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
Safe. running process. (sgtray.exe)
Sonic Update Manager
C:\Program Files\Real\RealPlayer\RealPlay.exe
Safe. running process. (RealPlay.exe)
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Safe. running process. (mcvsshld.exe)
c:\progra~1\mcafee.com\vso\mcvsescn.exe
Safe. running process. (mcvsescn.exe)
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Unknown running process. (AOLSPScheduler.exe)
This is a unknown process.
C:\WINDOWS\System32\igfxtray.exe
Safe. running process. (igfxtray.exe)
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Safe. running process. (hpgs2wnf.exe)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Safe. running process. (ccApp.exe)
Part of Norton AntiVirus
C:\Program Files\Winad Client\Winad.exe
Nasty running process. (Winad.exe)
Trojan This is a nasty process! You should fix it and try to delete it manually!
C:\PROGRA~1\Toolbar\TBPS.exe
Nasty running process. (TBPS.exe)
WebSearch toolbar, HuntBar parasite variant This is a nasty process! You should fix it and try to delete it manually!
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Safe. running process. (acsd.exe)
AOL dial-up connection
Possibly nasty! According to our database this process runs normally in c:\progra~1\common~1\aol\acs! Check if you know this process and arrange a viruscheck where required.
C:\Program Files\Messenger\msmsgs.exe
Safe. running process. (msmsgs.exe)
MSN Messenger
C:\Program Files\Winad Client\WinClt.exe
Nasty running process. (WinClt.exe)
Trojan This is a nasty process! You should fix it and try to delete it manually!
C:\Program Files\Common Files\Command Software\dvpapi.exe
Unknown running process. (dvpapi.exe)
This is a unknown process.
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Safe. running process. (mcvsrte.exe)
C:\PROGRA~1\Toolbar\PIB.exe
Unknown running process. (PIB.exe)
This is a unknown process.
C:\Program Files\Norton AntiVirus\navapsvc.exe
Safe. running process. (navapsvc.exe)
Norton AntiVirus application that provides auto-protection of the system.
C:\PROGRA~1\Toolbar\TBPSSvc.exe
Unknown running process. (TBPSSvc.exe)
This is a unknown process.
C:\WINDOWS\wanmpsvc.exe
Safe. running process. (wanmpsvc.exe)
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Safe. running process. (SymWSC.exe)
Symantec NAV compability to SP2 on Windows XP
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Safe. running process. (mcvsftsn.exe)
C:\Program Files\AOL Companion\companion.exe
Safe. running process. (companion.exe)
AOL Companion
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Unknown running process. (KodakSoftwareUpdater.exe)
This is a unknown process.
C:\WINDOWS\system32\wscntfy.exe
Safe. running process. (wscntfy.exe)
Windows XP Securitycenter (Service Pack 2)
C:\WINDOWS\system32\wuauclt.exe
Safe. running process. (wuauclt.exe)
Windows Update AutoUpdate Client
C:\HijackThis\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
Safe. This page has been identified as safe.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
Safe. This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
Safe. This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
Safe. This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
Safe. This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
Safe. This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
Safe. This page has been identified as safe.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
Safe. This page has been identified as safe.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
Safe. This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0...ir.asp?Ext=sit
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
Safe. This page has been identified as safe.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Safe.
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
Nasty Should be fixed if you do not know the application or if no application is mentioned. This entry should be fixed.
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([02478D38-C3F9-4efb-9B51-7695ECA05670] - Result: 02478D38-C3F9-4efb-9B51-7695ECA05670) has been checked. Hit rate: 99 %
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 %
O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([3C060EA2-E6A9-4E49-A530-D4657B8C449A] - Result: 3C060EA2-E6A9-4E49-A530-D4657B8C449A) has been checked. Hit rate: 99 %
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 99 %
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([56071E0D-C61B-11D3-B41C-00E02927A304] - Result: 56071E0D-C61B-11D3-B41C-00E02927A304) has been checked. Hit rate: 99 %
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
Nasty Entries found in this registry zone are potentially nasty. This application ([8952A998-1E7E-4716-B23D-3DBE03910972] - Result: 8952A998-1E7E-4716-B23D-3DBE03910972) has been checked. Hit rate: 99 % Must be fixed!
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([BDF3E430-B101-42AD-A544-FADC6B084872] - Result: BDF3E430-B101-42AD-A544-FADC6B084872) has been checked. Hit rate: 99 %
O3 - Toolbar: Search - {C814AC0A-D0F2-3097-1D9C-CC7CE273176B} - C:\WINDOWS\Eyduomxo.dll
Unknown Entries found in this registry zone are potentially nasty. This application ([C814AC0A-D0F2-3097-1D9C-CC7CE273176B] - Result: ) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: -1 % If you do not know that application, fix it.
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([EF99BD32-C1FB-11D2-892F-0090271D4F88] - Result: EF99BD32-C1FB-11D2-892F-0090271D4F88) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([BA52B914-B692-46c4-B683-905236F6F655] - Result: BA52B914-B692-46c4-B683-905236F6F655) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6] - Result: 42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
Nasty Entries found in this registry zone are potentially nasty. This application ([339BB23F-A864-48C0-A59F-29EA915965EC] - Result: 339BB23F-A864-48C0-A59F-29EA915965EC) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 % Must be fixed!
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
Safe. Hewlett-Packard
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
Safe. Application that implements the Intel Hotkey command.
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Safe. "HPs exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites." In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start -> Programs
Hit rate: 99 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Safe. Part of Hewlett-Packard
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
Unknown
Hit rate: -1 % (result) Unknown application.
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
Safe. Sonic Update Manager
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
Safe. Hewlett Packard Software
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
Safe. Application that allows a users to have 32 virtual desktops, get a desktop larger than the viewable area of the monitor, divide the display across more than one monitor, manage applications, and many more features.
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
Safe. System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
Hit rate: 99 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
Safe. McAfee
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
Safe. McAfee VirusScan On-line. See also McAgentExe
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
Safe. From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if youre running Windows XP). If you dont see the agent icon, VirusScan Online may not be installed
Hit rate: 94 % (result)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Safe. From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions
Hit rate: 94 % (result)
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
Safe.
Hit rate: 6 % (result)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
Safe. Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
Hit rate: 86 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Safe. Part of Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Safe. Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
Hit rate: 92 % (result)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
Safe. Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadates but probably requireD if you leave them to run automatically - hence the "U" recommendation
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
Safe. If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
Hit rate: 99 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
Safe. If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled
Hit rate: 75 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
Unknown
Hit rate: 2 % (result) Unknown application.
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
Safe.
Hit rate: 9 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
Nasty WinAd adware by eXact Advertising
Hit rate: 99 % (result) Must be fixed!
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
Nasty WebSearch toolbar, HuntBar parasite variant
Hit rate: 99 % (result) Must be fixed!
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
Safe. NVidia Nview
Hit rate: 99 % (result)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Safe. Windows Messenger utility. If you don\'t use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
Hit rate: 99 % (result)
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Safe. Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
Hit rate: 84 % (result) Not dangerous, but unnecessary.
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
Safe. Windows Registry Repair Pro
Hit rate: 99 % (result)
O4 - HKCU\..\Run: [odtext321093r.exe] "C:\WINDOWS\system32\odtext321093r.exe"
Possibly nasty
Hit rate: 8 % (result) It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
Safe. Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
Hit rate: 92 % (result) Not dangerous, but unnecessary.
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
Safe. AOL Companion
Hit rate: 92 % (result)
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
Nasty User Interface for HP Center
Hit rate: 91 % (result) Must be fixed!
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
Nasty Based upon HP's own description from here - "With the My HP Center, consumers have access directly from the desktop to Internet sites featuring special offers for HP customers ranging from personal finance and shopping to digital imaging and music" I have classified this as adware. The number may change - if yours is different let me know
Hit rate: 76 % (result) Must be fixed!
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Safe. Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually.
Hit rate: 95 % (result)
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Unknown
Hit rate: 9 % (result) Unknown application.
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
Safe. Quicken background downloading module
Hit rate: 95 % (result) Not dangerous, but unnecessary.
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
Safe. The entry &Yahoo! Search has been identified as safe. If the entry '&Yahoo! Search ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
Safe. The entry Yahoo! &Dictionary has been identified as safe. If the entry 'Yahoo! &Dictionary ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
Safe. The entry Yahoo! &Maps has been identified as safe. If the entry 'Yahoo! &Maps ' is not needed anymore, it should be fixed.
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
Safe. The entry Yahoo! Messenger has been identified as safe. If the entry 'Yahoo! Messenger ' is not needed anymore, it should be fixed.
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
Safe. The entry Real.com has been identified as safe. If the entry 'Real.com ' is not needed anymore, it should be fixed.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe. The entry Windows Messenger has been identified as safe. If the entry 'Windows Messenger ' is not needed anymore, it should be fixed.
O9 - Extra button: (no name) - {02F67C7D-00DF-455E-A65E-DEC2B66F4C54} - C:\WINDOWS\system32\comctl32750i.dll (file missing) (HKCU)
Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry '' is unknown.
Unnecessary (deactivated) entry that can be fixed.
O9 - Extra button: (no name) - {183EF25B-864E-412A-8B08-485CB8C08765} - C:\WINDOWS\system32\kernel32652k.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry '' is unknown.
O9 - Extra button: (no name) - {2CE0ABEB-368A-4502-939C-1AEE94B97D3F} - C:\WINDOWS\system32\datime582d.dll (file missing) (HKCU)
Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry '' is unknown.
Unnecessary (deactivated) entry that can be fixed.
O9 - Extra button: (no name) - {A0D67EB9-738A-48F3-A4F9-9DA9368E6649} - C:\WINDOWS\system32\cmdial32602u.dll (file missing) (HKCU)
Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry '' is unknown.
Unnecessary (deactivated) entry that can be fixed.
O9 - Extra button: (no name) - {D7BB9A83-C8D2-4390-8611-3A5C9B0D789F} - C:\WINDOWS\system32\MpActcmd635i.dll (file missing) (HKCU)
Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry '' is unknown.
Unnecessary (deactivated) entry that can be fixed.
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
Safe. This entry has been identified as safe.
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
Safe. This entry has been identified as safe.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
Safe. This entry has been identified as safe.
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
Safe. This entry has been identified as safe.
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
Safe. This entry has been identified as safe.
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
Possibly nasty Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed.
O20 - AppInit_DLLs: C:\WINDOWS\system32\ddraw802m.dll
Unknown
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
Unknown
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (acsd.exe) was identified as a good one.
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ccEvtMgr.exe) was identified as a good one.
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ccPwdSvc.exe) was identified as a good one.
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (dvpapi.exe)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (mcshield.exe) was identified as a good one.
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (mcupdmgr.exe) was identified as a good one.
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (mcvsrte.exe) was identified as a good one.
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (navapsvc.exe) was identified as a good one.
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (nvsvc32.exe) was identified as a good one.
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (SNDSrvc.exe) was identified as a good one.
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (SymWSC.exe) was identified as a good one.
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (TBPSSvc.exe)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (wanmpsvc.exe) was identified as a good one.
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Unnecessarily These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (WToolsS.exe (file missing))
Unnecessary (deactivated) entry that can be fixed.
12 Nasty
Save analysis | Short analysis
(NOTICE: Your analysis will only be saved for 3 days.)
You should save this file on your hard disk drive. (right click -> save target as)
Use these tips at your own risk!
Copyright © 2004 - 2005 by Mathias Mattner | Contact | File Database | Malwareupload
[CODE] HijackThis Logfile [/CODE] Countryrds
