New HJT log

Started by Mike Rochip, Sep 14 2005 03:33 AM

You cannot reply to this topic

7 replies to this topic

#1 OFFLINE Mike Rochip

Power Member

Members
844 posts

Posted 14 September 2005 - 03:33 AM

Hello-

Ran HJT in safe mode and got quite a different result than in normal mode. Could you check it out?

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 9:19:15 PM, on 9/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [C-Media Echo Control] D:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Arovax Shield] D:\Program Files\Arovax Shield\ArovaxShield.exe /h
O4 - HKCU\..\Run: [NetZero_uoltray] D:\Program Files\NetZero\exec.exe regrun
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1102734175719
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

Back to top

#2 OFFLINE Tarun

Lunarian

Banned
3,071 posts

Posted 14 September 2005 - 03:35 AM

Clean.

Back to top

#3 OFFLINE Mike Rochip

Power Member

Members
844 posts

Posted 14 September 2005 - 03:54 AM

Tarun, on Sep 13 2005, 09:35 PM, said:

Clean.

<{POST_SNAPBACK}>

Would it hurt to remove the first four items? They don't appear when I run HJT in normal mode.

Thanks

Back to top

#4 OFFLINE Andavari

Captain Spectacular

Moderators
13,496 posts

Gender:Male
Location:Shadow Moses

Posted 14 September 2005 - 08:38 AM

Mike Rochip, on Sep 13 2005, 10:54 PM, said:

Would it hurt to remove the first four items? They don't appear when I run HJT in normal mode.

<{POST_SNAPBACK}>

If you're talking about what's listed below the answer is leave them alone:
D:\Windows\System32\smss.exe
D:\Windows\System32\winlogon.exe
D:\Windows\System32\services.exe
D:\Windows\System32\lsass.exe

Complexity of incoherent design.