hjt log some 1 check plox

[snapshot]

i havent really had any problems with my pc i just wanted to know how secure i am

 

 

 

 

 

 

 

also i did install sp2 but it messed up my wireless network so i removed (i know how important it is but meh)

 

 

 

 

 

 

 

ps: i aint the onli 1 who uses this pc so any porn aint mine

 

 

 

:wink:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 16:45:45, on 30/04/2005

 

 

 

Platform: Windows XP SP1 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\slserv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\zHotkey[Caution: ExecutableFile]

 

 

 

C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler[Caution: ExecutableFile]

 

 

 

C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\BigFix\BigFix[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\Windows Media Player\wmplayer[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\alex\Desktop\runescape[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\alex\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.co.uk

 

 

 

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

 

 

 

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

 

 

 

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

 

 

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O4 - HKLM\..\Run: [CHotkey] zHotkey[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler[Caution: ExecutableFile]"

 

 

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... zeb032YYUS

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk

 

 

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

 

 

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: ExecutableFile]

 

 

 

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv[Caution: ExecutableFile]

 

 

 

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv[Caution: ExecutableFile]

 

 

 

 

 

 

 

 

 

 

 

plz dnt tell me its as bad as im imagining it is.......

 

 

 

 

 

 

 

thx for help

[Mercifull]

Ever considered PATCHING YOUR PC ONCE IN A WHILE!!!!!!

 

 

 

http://www.windowsupdate.com you are miles out of date. Upgrade today!

 

 

 

 

 

 

 

You got NO firewall, youve got NO anti virus!!!!!!! No wonder you got so much rubbish.

 

 

 

 

 

 

 

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

 

 

 

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

 

 

 

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

 

 

 

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

 

 

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

 

 

 

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon[Caution: ExecutableFile]

 

 

 

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... zeb032YYUS

[snapshot]

ya like i mentiond tho last time i did all critical updates it messed ma whole pc up :? i was told i use my network firewall and apparentli these r very secure

 

 

 

 

 

 

 

could be rong tho lol?

[Mercifull]

ya like i mentiond tho last time i did all critical updates it messed ma whole pc up :? i was told i use my network firewall and apparentli these r very secure

 

 

 

 

 

 

 

could be rong tho lol?

 

 

 

 

 

 

 

t messed up ure pc cus you obviously did it wrong. and you are also wrong about a network firewall protecting you.

[snapshot]

ughh i have a norton cd lyin around some where and im planning on downloading spy bot that should get it covered

 

 

 

 

 

 

 

 

 

 

 

hehe currently installin number 11 of 30 criticle updates :oops:

 

 

 

 

 

 

 

shudda done this a while bk :roll:

[blade995]

dude you sound like you don't care about your pc sercurity. Might as well say "PLEASE HACK ME"

 

 

 

 

 

 

 

get spybot AND ad-aware, and posibly microsoft antispyware beta.

 

 

 

 

 

 

 

For a firewall i recamend Zonealarm free edition. http://www.zonelabs.com

 

 

 

 

 

 

 

install all critical updates! it is important to keep your pc patched!

[snapshot]

should this cover it?

 

 

 

 

 

 

 

il post another log when im done but i have installed all criticle updates

 

 

 

i now have norton internet security package (fully updated)

 

 

 

 

 

 

 

ad aware

 

 

 

spy bot

 

 

 

and aol spy ware remover

 

 

 

still workin on it

 

 

 

 

 

 

 

ps shud i install zonealarm or will the norton 1 be ok?

[blade995]

i don't know anything on nortan, can't help ya, sorry. :oops:

 

 

 

 

 

 

 

Aol spyware doesn't pick up much since it doesn't scan for alot. Still good to have though.

 

 

 

 

 

 

 

For all your scans make sure you update them regularly with the newest definitions.

 

 

 

 

 

 

 

Spybot has an imuninize button that can stop some spyware from getting on your pc in the first place. :D Use it.

[snapshot]

right iv taken all advise iv installed all critical updates (still on sp1 bcos apparentli sp2 isnt critical) but im going to find the sp2 download and get it just to be sure

 

 

 

 

 

 

 

i scanned with norton then spy bot and afterwards i scanned with adaware.

 

 

 

and thankfully adaware didnt find 1 thing at all

 

 

 

 

 

 

 

any way some 1 plz have a look at this it looks clean to me but im not as advanced as u guys

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 21:10:59, on 30/04/2005

 

 

 

Platform: Windows XP SP1 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\slserv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\zHotkey[Caution: ExecutableFile]

 

 

 

C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\BigFix\BigFix[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\alex\Desktop\runescape[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\alex\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.co.uk

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

 

 

 

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

 

 

 

O4 - HKLM\..\Run: [CHotkey] zHotkey[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [urlLSTCK[Caution: ExecutableFile]] C:\Program Files\Norton Internet Security\UrlLstCk[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... zeb032YYUS

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk

 

 

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

 

 

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd[Caution: ExecutableFile]

 

 

 

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

 

 

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

 

 

 

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

[Mercifull]

I dont have time for a detailed analysis but on first glance it all look ok. SP2 IS critical tho really.

[snapshot]

ya i was just expecting it to appear on critical updats but il scan throught the dowloads site later n find it

[blade995]

did you restart your computer after installing the updates? then scan for updates again.

[snapshot]

well after the first set had done it restarted automatically then when i tried after restart it said no necessery updates

[blade995]

did you uninstall sp2 (the first time) from add-remove program list? if not you may have missed a file which winupdate looks for to see if you have the update or not.

 

 

 

 

 

 

 

Or just download sp2 striaght from the main page. :lol: