Much2Much
09-21-2009, 01:08 PM
Hi. Here's my hijack this log. What can I delete from here? I want to ask someone here first before I do anything. I also posted the log from www.hijackthis.de
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:38 PM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4A6598A4-1B46-43D1-B151-0EEEBC299C82} - C:\WINDOWS\system32\ati3dua.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [A00F38E37A.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F38E37A.exe
O4 - HKCU\..\Run: [A00F3F2AE.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F3F2AE.exe
O4 - HKCU\..\Run: [A00FBAB8C.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00FBAB8C.exe
O4 - HKCU\..\Run: [A00FCE506.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00FCE506.exe
O4 - HKCU\..\Run: [A00F3B6CE.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F3B6CE.exe
O4 - HKCU\..\Run: [A00F240B5B.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F240B5B.exe
O4 - HKCU\..\Run: [A00F5B889E.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F5B889E.exe
O4 - HKCU\..\Run: [A00F41B54.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F41B54.exe
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpwsock32.dll
O20 - Winlogon Notify: 20e6aa18654 - C:\WINDOWS\System32\dpwsock32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c0017579 - C:\WINDOWS\
O20 - Winlogon Notify: __c001EF84 - C:\WINDOWS\
O20 - Winlogon Notify: __c00215A8 - C:\WINDOWS\system32\__c00215A8.dat (file missing)
O20 - Winlogon Notify: __c0022239 - C:\WINDOWS\
O20 - Winlogon Notify: __c0029583 - C:\WINDOWS\system32\__c0029583.dat (file missing)
O20 - Winlogon Notify: __c00359D2 - C:\WINDOWS\
O20 - Winlogon Notify: __c00361D6 - C:\WINDOWS\system32\__c00361D6.dat (file missing)
O20 - Winlogon Notify: __c00377C8 - C:\WINDOWS\
O20 - Winlogon Notify: __c003878 - C:\WINDOWS\system32\__c003878.dat (file missing)
O20 - Winlogon Notify: __c004571D - C:\WINDOWS\
O20 - Winlogon Notify: __c00574B8 - C:\WINDOWS\
O20 - Winlogon Notify: __c005B081 - C:\WINDOWS\
O20 - Winlogon Notify: __c0073384 - C:\WINDOWS\
O20 - Winlogon Notify: __c0075CB1 - C:\WINDOWS\
O20 - Winlogon Notify: __c0078091 - C:\WINDOWS\
O20 - Winlogon Notify: __c008BF51 - C:\WINDOWS\
O20 - Winlogon Notify: __c008D704 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A3AB2 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A44D3 - C:\WINDOWS\system32\__c00A44D3.dat (file missing)
O20 - Winlogon Notify: __c00A8CA8 - C:\WINDOWS\
O20 - Winlogon Notify: __c00D6816 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DBB19 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DD92 - C:\WINDOWS\system32\__c00DD92.dat
O20 - Winlogon Notify: __c00E0CE9 - C:\WINDOWS\
O20 - Winlogon Notify: __c00F5341 - C:\WINDOWS\
O20 - Winlogon Notify: __c00FBDA4 - C:\WINDOWS\
O20 - Winlogon Notify: __c00FCF0C - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 9635 bytes
This log is from www.hijackthis.de
Actions Entry Kind Visitor's assessment Information
Logfile of Trend Micro HijackThis v2.0.2
This should be the newest version.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
This should be the newest version.
Boot mode: Normal
Very safe This entry was classified from our visitors as good.
C:\WINDOWS\System32\smss.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\winlogon.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\services.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\Ati2evxx.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\svchost.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\Ati2evxx.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\spoolsv.exe
Safe
This entry was classified from our visitors as good.
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Very safe Safe (4.43 / 5.00)
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Safe
Cyberlink
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
Very safe Safe (4.71 / 5.00)
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
Safe This is a unknown process.
This entry was classified from our visitors as good.
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
Safe (4.49 / 5.00)
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Safe
Cyber Link PowerDVD
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
Neutral Safe (4.13 / 5.00)
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
Very safe
Ahead Nero InCD
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Very safe
Java Runtime
C:\PROGRA~1\AVG\AVG8\avgtray.exe
Very safe Safe (4.71 / 5.00)
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
Safe (4.53 / 5.00)
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
Safe Safe (4.3 / 5.00)
C:\Program Files\Messenger\msmsgs.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\ctfmon.exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\java\jre1.5.0_02\bin\! Check if you know this process and arrange a viruscheck where required. Part of Java
C:\WINDOWS\System32\mshta.exe
Microsoft HTML Application Host
C:\WINDOWS\System32\mshta.exe
Microsoft HTML Application Host
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Safe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! This entry was classified from our visitors as good.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Safe This entry was classified from our visitors as good.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This entry was classified from our visitors as good.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This entry was classified from our visitors as good.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Safe This entry was classified from our visitors as good.
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
This entry should be fixed by HijackThis!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
This entry should be fixed by HijackThis!
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
Safe Should be fixed if you do not know this application. This entry was classified from our visitors as good.
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
Nasty (2.36 / 5.00)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Safe Unknown application. This entry was classified from our visitors as good.
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Neutral Neutral (3.04 / 5.00)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: (no name) - {4A6598A4-1B46-43D1-B151-0EEEBC299C82} - C:\WINDOWS\system32\ati3dua.dll (file missing)
Unknown application.
Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Neutral Neutral (3.34 / 5.00)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Very safe This entry was classified from our visitors as good.
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Neutral Neutral (3.07 / 5.00)
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
Nasty Must be fixed! alot.dll - Alot_Toolbar, http://www.alot.com/toolbar/privacy/ - detected by Kaspersky, http://www.kaspersky.com/ antivirus as AdWare.Win32.Comet.be
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Neutral Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Safe Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
Neutral Safe (4.13 / 5.00)
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
Safe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Very safe Java von Sun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
Very safe Unknown application. This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
Safe Safe (4.44 / 5.00)
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
Very safe Safe (4.51 / 5.00)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Very safe Microsoft s MSN Messenger 6
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [A00F38E37A.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F38E37A.exe
Neutral (3.2 / 5.00)
O4 - HKCU\..\Run: [A00F3F2AE.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F3F2AE.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00FBAB8C.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00FBAB8C.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00FCE506.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00FCE506.exe
Safe (3.98 / 5.00)
O4 - HKCU\..\Run: [A00F3B6CE.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F3B6CE.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00F240B5B.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F240B5B.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00F5B889E.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F5B889E.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00F41B54.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F41B54.exe
Neutral (3.12 / 5.00)
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
Neutral Nasty (2.83 / 5.00)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Neutral The entry E&xport to Microsoft Excel has been identified as safe.
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Safe The entry Research has been identified as safe.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Safe This entry was classified from our visitors as good.
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Safe This entry was classified from our visitors as good.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe This entry was classified from our visitors as good.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Neutral The entry Windows Messenger has been identified as safe.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Very safe Check if you know this site and fix it if you do not. This entry was classified from our visitors as good.
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
Safe This entry was classified from our visitors as good.
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpwsock32.dll
O20 - Winlogon Notify: 20e6aa18654 - C:\WINDOWS\System32\dpwsock32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
Safe This entry was classified from our visitors as good.
O20 - Winlogon Notify: __c0017579 - C:\WINDOWS\
O20 - Winlogon Notify: __c001EF84 - C:\WINDOWS\
O20 - Winlogon Notify: __c00215A8 - C:\WINDOWS\system32\__c00215A8.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c0022239 - C:\WINDOWS\
O20 - Winlogon Notify: __c0029583 - C:\WINDOWS\system32\__c0029583.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c00359D2 - C:\WINDOWS\
O20 - Winlogon Notify: __c00361D6 - C:\WINDOWS\system32\__c00361D6.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c00377C8 - C:\WINDOWS\
O20 - Winlogon Notify: __c003878 - C:\WINDOWS\system32\__c003878.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c004571D - C:\WINDOWS\
O20 - Winlogon Notify: __c00574B8 - C:\WINDOWS\
O20 - Winlogon Notify: __c005B081 - C:\WINDOWS\
O20 - Winlogon Notify: __c0073384 - C:\WINDOWS\
O20 - Winlogon Notify: __c0075CB1 - C:\WINDOWS\
O20 - Winlogon Notify: __c0078091 - C:\WINDOWS\
O20 - Winlogon Notify: __c008BF51 - C:\WINDOWS\
O20 - Winlogon Notify: __c008D704 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A3AB2 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A44D3 - C:\WINDOWS\system32\__c00A44D3.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c00A8CA8 - C:\WINDOWS\
O20 - Winlogon Notify: __c00D6816 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DBB19 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DD92 - C:\WINDOWS\system32\__c00DD92.dat
O20 - Winlogon Notify: __c00E0CE9 - C:\WINDOWS\
O20 - Winlogon Notify: __c00F5341 - C:\WINDOWS\
O20 - Winlogon Notify: __c00FBDA4 - C:\WINDOWS\
O20 - Winlogon Notify: __c00FCF0C - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
Safe This service (Ati2evxx.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Very safe Unknown service. (avgwdsvc.exe) This entry was classified from our visitors as good.
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Safe This service (GoogleUpdaterService.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
Neutral This service (InCDsrv.exe) was identified as a good one.
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Safe This service (LSSrvc.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
Safe This service (NBService.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
Safe This service (NMIndexingService.exe) was identified as a good one.
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Very safe This service (RichVideo.exe) was identified as a good one.
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
Very safe Safe (4.49 / 5.00)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
Very safe Unknown service. (pctsAuxs.exe) This entry was classified from our visitors as good.
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
Very safe Unknown service. (pctsSvc.exe) This entry was classified from our visitors as good.
Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:38 PM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4A6598A4-1B46-43D1-B151-0EEEBC299C82} - C:\WINDOWS\system32\ati3dua.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [A00F38E37A.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F38E37A.exe
O4 - HKCU\..\Run: [A00F3F2AE.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F3F2AE.exe
O4 - HKCU\..\Run: [A00FBAB8C.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00FBAB8C.exe
O4 - HKCU\..\Run: [A00FCE506.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00FCE506.exe
O4 - HKCU\..\Run: [A00F3B6CE.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F3B6CE.exe
O4 - HKCU\..\Run: [A00F240B5B.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F240B5B.exe
O4 - HKCU\..\Run: [A00F5B889E.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F5B889E.exe
O4 - HKCU\..\Run: [A00F41B54.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F41B54.exe
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpwsock32.dll
O20 - Winlogon Notify: 20e6aa18654 - C:\WINDOWS\System32\dpwsock32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c0017579 - C:\WINDOWS\
O20 - Winlogon Notify: __c001EF84 - C:\WINDOWS\
O20 - Winlogon Notify: __c00215A8 - C:\WINDOWS\system32\__c00215A8.dat (file missing)
O20 - Winlogon Notify: __c0022239 - C:\WINDOWS\
O20 - Winlogon Notify: __c0029583 - C:\WINDOWS\system32\__c0029583.dat (file missing)
O20 - Winlogon Notify: __c00359D2 - C:\WINDOWS\
O20 - Winlogon Notify: __c00361D6 - C:\WINDOWS\system32\__c00361D6.dat (file missing)
O20 - Winlogon Notify: __c00377C8 - C:\WINDOWS\
O20 - Winlogon Notify: __c003878 - C:\WINDOWS\system32\__c003878.dat (file missing)
O20 - Winlogon Notify: __c004571D - C:\WINDOWS\
O20 - Winlogon Notify: __c00574B8 - C:\WINDOWS\
O20 - Winlogon Notify: __c005B081 - C:\WINDOWS\
O20 - Winlogon Notify: __c0073384 - C:\WINDOWS\
O20 - Winlogon Notify: __c0075CB1 - C:\WINDOWS\
O20 - Winlogon Notify: __c0078091 - C:\WINDOWS\
O20 - Winlogon Notify: __c008BF51 - C:\WINDOWS\
O20 - Winlogon Notify: __c008D704 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A3AB2 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A44D3 - C:\WINDOWS\system32\__c00A44D3.dat (file missing)
O20 - Winlogon Notify: __c00A8CA8 - C:\WINDOWS\
O20 - Winlogon Notify: __c00D6816 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DBB19 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DD92 - C:\WINDOWS\system32\__c00DD92.dat
O20 - Winlogon Notify: __c00E0CE9 - C:\WINDOWS\
O20 - Winlogon Notify: __c00F5341 - C:\WINDOWS\
O20 - Winlogon Notify: __c00FBDA4 - C:\WINDOWS\
O20 - Winlogon Notify: __c00FCF0C - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 9635 bytes
This log is from www.hijackthis.de
Actions Entry Kind Visitor's assessment Information
Logfile of Trend Micro HijackThis v2.0.2
This should be the newest version.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
This should be the newest version.
Boot mode: Normal
Very safe This entry was classified from our visitors as good.
C:\WINDOWS\System32\smss.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\winlogon.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\services.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\Ati2evxx.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\svchost.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\Ati2evxx.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\spoolsv.exe
Safe
This entry was classified from our visitors as good.
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Very safe Safe (4.43 / 5.00)
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Safe
Cyberlink
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
Very safe Safe (4.71 / 5.00)
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
Safe This is a unknown process.
This entry was classified from our visitors as good.
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
Safe (4.49 / 5.00)
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Safe
Cyber Link PowerDVD
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
Neutral Safe (4.13 / 5.00)
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
Very safe
Ahead Nero InCD
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Very safe
Java Runtime
C:\PROGRA~1\AVG\AVG8\avgtray.exe
Very safe Safe (4.71 / 5.00)
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
Safe (4.53 / 5.00)
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
Safe Safe (4.3 / 5.00)
C:\Program Files\Messenger\msmsgs.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\ctfmon.exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\java\jre1.5.0_02\bin\! Check if you know this process and arrange a viruscheck where required. Part of Java
C:\WINDOWS\System32\mshta.exe
Microsoft HTML Application Host
C:\WINDOWS\System32\mshta.exe
Microsoft HTML Application Host
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Safe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! This entry was classified from our visitors as good.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Safe This entry was classified from our visitors as good.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This entry was classified from our visitors as good.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This entry was classified from our visitors as good.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Safe This entry was classified from our visitors as good.
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
This entry should be fixed by HijackThis!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
This entry should be fixed by HijackThis!
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
Safe Should be fixed if you do not know this application. This entry was classified from our visitors as good.
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
Nasty (2.36 / 5.00)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Safe Unknown application. This entry was classified from our visitors as good.
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Neutral Neutral (3.04 / 5.00)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: (no name) - {4A6598A4-1B46-43D1-B151-0EEEBC299C82} - C:\WINDOWS\system32\ati3dua.dll (file missing)
Unknown application.
Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Neutral Neutral (3.34 / 5.00)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Very safe This entry was classified from our visitors as good.
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Neutral Neutral (3.07 / 5.00)
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
Nasty Must be fixed! alot.dll - Alot_Toolbar, http://www.alot.com/toolbar/privacy/ - detected by Kaspersky, http://www.kaspersky.com/ antivirus as AdWare.Win32.Comet.be
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Neutral Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Safe Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
Neutral Safe (4.13 / 5.00)
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
Safe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Very safe Java von Sun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
Very safe Unknown application. This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
Safe Safe (4.44 / 5.00)
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
Very safe Safe (4.51 / 5.00)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Very safe Microsoft s MSN Messenger 6
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [A00F38E37A.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F38E37A.exe
Neutral (3.2 / 5.00)
O4 - HKCU\..\Run: [A00F3F2AE.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F3F2AE.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00FBAB8C.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00FBAB8C.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00FCE506.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00FCE506.exe
Safe (3.98 / 5.00)
O4 - HKCU\..\Run: [A00F3B6CE.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F3B6CE.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00F240B5B.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F240B5B.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00F5B889E.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F5B889E.exe
Neutral (3.12 / 5.00)
O4 - HKCU\..\Run: [A00F41B54.exe] C:\DOCUME~1\Operator\LOCALS~1\Temp\_A00F41B54.exe
Neutral (3.12 / 5.00)
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
Neutral Nasty (2.83 / 5.00)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Neutral The entry E&xport to Microsoft Excel has been identified as safe.
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Safe The entry Research has been identified as safe.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Safe This entry was classified from our visitors as good.
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Safe This entry was classified from our visitors as good.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe This entry was classified from our visitors as good.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Neutral The entry Windows Messenger has been identified as safe.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Very safe Check if you know this site and fix it if you do not. This entry was classified from our visitors as good.
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
Safe This entry was classified from our visitors as good.
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpwsock32.dll
O20 - Winlogon Notify: 20e6aa18654 - C:\WINDOWS\System32\dpwsock32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
Safe This entry was classified from our visitors as good.
O20 - Winlogon Notify: __c0017579 - C:\WINDOWS\
O20 - Winlogon Notify: __c001EF84 - C:\WINDOWS\
O20 - Winlogon Notify: __c00215A8 - C:\WINDOWS\system32\__c00215A8.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c0022239 - C:\WINDOWS\
O20 - Winlogon Notify: __c0029583 - C:\WINDOWS\system32\__c0029583.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c00359D2 - C:\WINDOWS\
O20 - Winlogon Notify: __c00361D6 - C:\WINDOWS\system32\__c00361D6.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c00377C8 - C:\WINDOWS\
O20 - Winlogon Notify: __c003878 - C:\WINDOWS\system32\__c003878.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c004571D - C:\WINDOWS\
O20 - Winlogon Notify: __c00574B8 - C:\WINDOWS\
O20 - Winlogon Notify: __c005B081 - C:\WINDOWS\
O20 - Winlogon Notify: __c0073384 - C:\WINDOWS\
O20 - Winlogon Notify: __c0075CB1 - C:\WINDOWS\
O20 - Winlogon Notify: __c0078091 - C:\WINDOWS\
O20 - Winlogon Notify: __c008BF51 - C:\WINDOWS\
O20 - Winlogon Notify: __c008D704 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A3AB2 - C:\WINDOWS\
O20 - Winlogon Notify: __c00A44D3 - C:\WINDOWS\system32\__c00A44D3.dat (file missing)
Unnecessary (deactivated) entry that can be fixed.
O20 - Winlogon Notify: __c00A8CA8 - C:\WINDOWS\
O20 - Winlogon Notify: __c00D6816 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DBB19 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DD92 - C:\WINDOWS\system32\__c00DD92.dat
O20 - Winlogon Notify: __c00E0CE9 - C:\WINDOWS\
O20 - Winlogon Notify: __c00F5341 - C:\WINDOWS\
O20 - Winlogon Notify: __c00FBDA4 - C:\WINDOWS\
O20 - Winlogon Notify: __c00FCF0C - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
Safe This service (Ati2evxx.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Very safe Unknown service. (avgwdsvc.exe) This entry was classified from our visitors as good.
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Safe This service (GoogleUpdaterService.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
Neutral This service (InCDsrv.exe) was identified as a good one.
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Safe This service (LSSrvc.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
Safe This service (NBService.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
Safe This service (NMIndexingService.exe) was identified as a good one.
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Very safe This service (RichVideo.exe) was identified as a good one.
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
Very safe Safe (4.49 / 5.00)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
Very safe Unknown service. (pctsAuxs.exe) This entry was classified from our visitors as good.
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
Very safe Unknown service. (pctsSvc.exe) This entry was classified from our visitors as good.
Thanks.