I believe it is clean but am concerned about a few things can someone either confirm my worry or confirm they are safe, cheers.
Logfile of HijackThis v1.99.1
Scan saved at 14:09:42, on 01/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Installed Software\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Installed Software\Avast Antivirus\ashServ.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\security\FireDaemon.exe
C:\WINDOWS\security\FireDaemon.exe
C:\WINDOWS\security\msagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\security\netclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\INSTAL~1\AVASTA~1\ashDisp.exe
C:\Program Files\Installed Software\ZoneAlarm\zlclient.exe
C:\Program Files\Installed Software\PeerGuardian2\pg2.exe
C:\Program Files\Installed Software\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Installed Software\Rainlendar\Rainlendar.exe
C:\Program Files\Installed Software\Avast Antivirus\ashWebSv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Installed Software\Seti@Home\SETI@home.exe
C:\Program Files\Installed Software\Mozilla Firefox\firefox.exe
D:\Shared Documents\Free Or Open Source Software & Games\HijackThis (1.99.1)\HijackThis (1.99.1).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\INSTAL~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\INSTAL~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Installed Software\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\Installed Software\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Installed Software\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Installed Software\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119540975875
O17 - HKLM\System\CCS\Services\Tcpip\..\{6933693C-A036-4223-B8AA-E2F59C379B51}: NameServer = 62.241.162.200 158.43.240.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Installed Software\Avast Antivirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Installed Software\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Installed Software\Avast Antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Installed Software\Avast Antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: FireDaemon Service: msagent (msagent) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
O23 - Service: FireDaemon Service: netclient (netclient) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
My concern are as follows:
Why are their 2 of these?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
What is this?
O17 - HKLM\System\CCS\Services\Tcpip\..\{6933693C-A036-4223-B8AA-E2F59C379B51}: NameServer = 62.241.162.200 158.43.240.3
What are these?
O23 - Service: FireDaemon Service: msagent (msagent) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
O23 - Service: FireDaemon Service: netclient (netclient) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
Full Version: Can someone confrim a few things
Yeah you have some bad entries in their. Try ewido and run Trend Micro online scanner. Look at Djlizards response here:
http://forum.CCleaner.com/index.php?showtopic=1766
http://forum.CCleaner.com/index.php?showtopic=1766
O17 - HKLM\System\CCS\Services\Tcpip\..\{6933693C-A036-4223-B8AA-E2F59C379B51}: NameServer = 62.241.162.200 158.43.240.3
i have this aswell what is it? expect the ip is different
i have this aswell what is it? expect the ip is different
I scanned my pc via Trend micro just yesterday and i scanned during boot up via Avast this morning no infections found. I also updated spyware blaster adware se and spybot yesterday and scanned with adware-se and spybot and nothing.
QUOTE(englishmen @ Aug 1 2005, 08:21 AM)
Why are their 2 of these?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
I suspect HKCU is the start up page for the current user, and the HKLM one is the default one when you click to use the default startup page to reset IE to it's defaults.
QUOTE(englishmen @ Aug 1 2005, 08:21 AM)
What is this?
O17 - HKLM\System\CCS\Services\Tcpip\..\{6933693C-A036-4223-B8AA-E2F59C379B51}: NameServer = 62.241.162.200 158.43.240.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{6933693C-A036-4223-B8AA-E2F59C379B51}: NameServer = 62.241.162.200 158.43.240.3
HijackThis shouldn't be using abbreviations like "CCS" when the references "I believe" are actually in one of these or all of them:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip]
I also had the reference when I scanned with HijackThis. The confusing part is the IP address didn't match mine.
QUOTE(Andavari @ Aug 1 2005, 06:10 PM)
I suspect HKCU is the start up page for the current user, and the HKLM one is the default one when you click to use the default startup page to reset IE to it's defaults.
HijackThis shouldn't be using abbreviations like "CCS" when the references "I believe" are actually in one of these or all of them:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip]
I also had the reference when I scanned with HijackThis. The confusing part is the IP address didn't match mine.
HijackThis shouldn't be using abbreviations like "CCS" when the references "I believe" are actually in one of these or all of them:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip]
I also had the reference when I scanned with HijackThis. The confusing part is the IP address didn't match mine.
QUOTE
What is this?
O17 - HKLM\System\CCS\Services\Tcpip\..\{6933693C-A036-4223-B8AA-E2F59C379B51}: NameServer = 62.241.162.200 158.43.240.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{6933693C-A036-4223-B8AA-E2F59C379B51}: NameServer = 62.241.162.200 158.43.240.3
I was reading a HJT tutorial here:
Tutorial
that said to input the addresses here:
Net tools
and if the IP is your's or your provider's it's OK to leave as is. Mine were from my provider.
Thanks for all the help guys
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.