Plus there are people who always seem to run it from a temp file or something no matter what you tell them so this fixes that.
That seems to be the norm where someone just runs it from within the zip file, or from the webpage.
That seems to be the norm where someone just runs it from within the zip file, or from the webpage.
There are many I hear of doing that but I know you are not one of them.
There are many I hear of doing that but I know you are not one of them.
How do you know for sure.
Maybe I'm a green newbie chucked full of malware whom wants my log to mysteriously disappear after running CCleaner only so that I can post a bogus CCleaner bug report (joking of course).
Maybe I will keep both. This new version doesn't look much different than the older. It sure isn't a major redesign.
It's absolutely useless to keep the old one. This new TM build has a number of bug fixes and additions and it is in fact for 99% identical to what Merijn originally meant to issue as v1.99.2
There's not a single reason why you'd want to hold on to v.199.1
I got both versions.
Well, as I said, there isn't really a good reason to hold on to the previous one...
Changelog:
[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
Strange thing is on the installer when you look at properties it says file version 1.0.0.1 yet when you open the program it says version 2.0.2.
Strange thing is on the installer when you look at properties it says file version 1.0.0.1 yet when you open the program it says version 2.0.2.
It could simply be that, whereas the program itself is now at v2.0.2, it really IS version 1.0.0.1 of their installer...
Thanks Tony for that info.
You're very welcome, Hazel.
So what improvements have they made, in laymens terms. It just seems the same as when it was owned by Merijn.
So what improvements have they made, in laymens terms. It just seems the same as when it was owned by Merijn.
Well, look at the changelog I posted. This is certainly not a dramatic re-write, but it fixes a couple of bugs, one of which failed to properly enumerate the contents of a startup location used by recent malware.
It also adds a few new startup locations that had been requested for quite a while.
The result of this is that a log run with the new version of HijackThis simply gives a more complete and correct picture of the operating system in question, allowing analysts to help you better.
Two questions: Without any evidence of malware present, there is not a need for this, correct? Secondly, out of curiosity, what forum would you all recommend for posting a log?
Two questions: Without any evidence of malware present, there is not a need for this, correct?
HijackThis being a diagnostic tool, posting a log and having it analyzed is an excellent way to find out whether there IS something that needs to be looked at more closely.
Secondly, out of curiosity, what forum would you all recommend for posting a log?
No need to look further than this very place; we have some first rate analysts right here.
A couple of other forums that offer expert help:
http://www.bleepingcomputer.com/forums/index.php?
http://www.techsupportforum.com/
http://forums.tomcoyote.org/index.php?
http://forums.spybot.info/index.php
(Just four out of many, of course...)
So here is my file! Well that didn't work, so do I post a screenshot?
So here is my file! Well that didn't work, so do I post a screenshot?
Just copy and paste
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Weather Pulse\weatherpulse.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PopTray\PopTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [bOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [RSD_HDDThermo] "C:\Program Files\HDD Thermometer\HDD Thermometer.exe"
O4 - HKCU\..\Run: [Weather Pulse] "C:\Program Files\Weather Pulse\weatherpulse.exe"
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://www.driveragent.com/files/driveragent.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9023 bytes
Well, you certainly have no shortage of security software... in fact it definitely amounts to overkill and can only cause conflicts
Alongside Nod32 and BOClean you certainly do NOT need both AVGAntiSpyware and SpySweeper as WELL as Windows Defender and Spyware Doctor running residently...
At the very least you need to make a choice between SpySweeper, AVG AS and Spyware Doctor. I suggest picking either SS or AVG. Feel free to keep the others, but use them ONLY to scan on demand.
Do you in fact still have Symantec software installed, and if so what exactly? This because there are a couple of Symantec services still present, and if you no longer have that software, you want to get rid of those.
Other than that it's a pretty clean log. I'd just check and have HijackThis fix the following lines in order to get rid of a couple of orphaned or empty registry keys/values:
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file)
Well, you certainly have no shortage of security software... in fact it definitely amounts to overkill and can only cause conflicts
Alongside Nod32 and BOClean you certainly do NOT need both AVGAntiSpyware and SpySweeper as WELL as Windows Defender and Spyware Doctor running residently...
At the very least you need to make a choice between SpySweeper, AVG AS and Spyware Doctor. I suggest picking either SS or AVG. Feel free to keep the others, but use them ONLY to scan on demand.
Do you in fact still have Symantec software installed, and if so what exactly? This because there are a couple of Symantec services still present, and if you no longer have that software, you want to get rid of those.
Other than that it's a pretty clean log. I'd just check and have HijackThis fix the following lines in order to get rid of a couple of orphaned or empty registry keys/values:
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file)
Thank you TK! lol, here is the story on the anti-spywares: I have license from work for SD and actually just turn it on periodically to update. I was not going to renew SS but when SD v5 came out there were a ton of problems so I renewed. AVG A-S two minute memory scan returns leaked RAM. Can't explain it but it does it. WD likes to create restore points, kind of like it watching out for me! Last but not least, I back up with Ghost10. Thank You again!
Alrighty then...
If you have no more Symantec software installed you also want to fix the following lines:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe