TonyKlein Posted July 9, 2007 Share Posted July 9, 2007 Well, as I said, there isn't really a good reason to hold on to the previous one... Changelog: [v2.00.0] * AnalyzeThis added for log file statistics * Recognizes Windows Vista and IE7 * Fixed a few bugs in the O23 method * Fixed a bug in the O22 method (SharedTaskScheduler) * Did a few tweaks on the log format * Fixed and improved ADS Spy * Improved Itty Bitty Procman (processes are frozen before they are killed) * Added listing of O4 autoruns from other users * Added listing of the Policies Run items in O4 method, used by SmitFraud trojan * Added /silentautolog parameter for system admins * Added /deleteonreboot [file] parameter for system admins * Added O24 - ActiveX Desktop Components enumeration * Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted July 9, 2007 Moderators Share Posted July 9, 2007 Strange thing is on the installer when you look at properties it says file version 1.0.0.1 yet when you open the program it says version 2.0.2. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
TonyKlein Posted July 9, 2007 Share Posted July 9, 2007 Strange thing is on the installer when you look at properties it says file version 1.0.0.1 yet when you open the program it says version 2.0.2. It could simply be that, whereas the program itself is now at v2.0.2, it really IS version 1.0.0.1 of their installer... Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted July 9, 2007 Moderators Share Posted July 9, 2007 Thanks Tony for that info. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
TonyKlein Posted July 9, 2007 Share Posted July 9, 2007 You're very welcome, Hazel. Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
DJpailo Posted July 9, 2007 Share Posted July 9, 2007 So what improvements have they made, in laymens terms. It just seems the same as when it was owned by Merijn. http://www.lavasoftusa.com http://wiki.lunarsof.../PC_Maintenance Link to comment Share on other sites More sharing options...
TonyKlein Posted July 9, 2007 Share Posted July 9, 2007 So what improvements have they made, in laymens terms. It just seems the same as when it was owned by Merijn. Well, look at the changelog I posted. This is certainly not a dramatic re-write, but it fixes a couple of bugs, one of which failed to properly enumerate the contents of a startup location used by recent malware. It also adds a few new startup locations that had been requested for quite a while. The result of this is that a log run with the new version of HijackThis simply gives a more complete and correct picture of the operating system in question, allowing analysts to help you better. Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
slowday444 Posted July 10, 2007 Share Posted July 10, 2007 Two questions: Without any evidence of malware present, there is not a need for this, correct? Secondly, out of curiosity, what forum would you all recommend for posting a log? Link to comment Share on other sites More sharing options...
TonyKlein Posted July 10, 2007 Share Posted July 10, 2007 Two questions: Without any evidence of malware present, there is not a need for this, correct? HijackThis being a diagnostic tool, posting a log and having it analyzed is an excellent way to find out whether there IS something that needs to be looked at more closely. Secondly, out of curiosity, what forum would you all recommend for posting a log? No need to look further than this very place; we have some first rate analysts right here. A couple of other forums that offer expert help: http://www.bleepingcomputer.com/forums/index.php? http://www.techsupportforum.com/ http://forums.tomcoyote.org/index.php? http://forums.spybot.info/index.php (Just four out of many, of course...) Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
slowday444 Posted July 10, 2007 Share Posted July 10, 2007 So here is my file! Well that didn't work, so do I post a screenshot? Link to comment Share on other sites More sharing options...
JDPower Posted July 10, 2007 Share Posted July 10, 2007 So here is my file! Well that didn't work, so do I post a screenshot? Just copy and paste Link to comment Share on other sites More sharing options...
slowday444 Posted July 10, 2007 Share Posted July 10, 2007 Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Comodo\CBOClean\BOC424.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\HDD Thermometer\HDD Thermometer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Weather Pulse\weatherpulse.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\KeirNet\K9\K9.exe C:\Program Files\MemInfo\meminfo.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\PopTray\PopTray.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1 F3 - REG:win.ini: load= F3 - REG:win.ini: run= F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file) O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [bOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [RSD_HDDThermo] "C:\Program Files\HDD Thermometer\HDD Thermometer.exe" O4 - HKCU\..\Run: [Weather Pulse] "C:\Program Files\Weather Pulse\weatherpulse.exe" O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://www.driveragent.com/files/driveragent.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 9023 bytes Link to comment Share on other sites More sharing options...
TonyKlein Posted July 11, 2007 Share Posted July 11, 2007 Well, you certainly have no shortage of security software... in fact it definitely amounts to overkill and can only cause conflicts Alongside Nod32 and BOClean you certainly do NOT need both AVGAntiSpyware and SpySweeper as WELL as Windows Defender and Spyware Doctor running residently... At the very least you need to make a choice between SpySweeper, AVG AS and Spyware Doctor. I suggest picking either SS or AVG. Feel free to keep the others, but use them ONLY to scan on demand. Do you in fact still have Symantec software installed, and if so what exactly? This because there are a couple of Symantec services still present, and if you no longer have that software, you want to get rid of those. Other than that it's a pretty clean log. I'd just check and have HijackThis fix the following lines in order to get rid of a couple of orphaned or empty registry keys/values: F3 - REG:win.ini: load= F3 - REG:win.ini: run= O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file) O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file) Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
slowday444 Posted July 11, 2007 Share Posted July 11, 2007 Well, you certainly have no shortage of security software... in fact it definitely amounts to overkill and can only cause conflicts Alongside Nod32 and BOClean you certainly do NOT need both AVGAntiSpyware and SpySweeper as WELL as Windows Defender and Spyware Doctor running residently... At the very least you need to make a choice between SpySweeper, AVG AS and Spyware Doctor. I suggest picking either SS or AVG. Feel free to keep the others, but use them ONLY to scan on demand. Do you in fact still have Symantec software installed, and if so what exactly? This because there are a couple of Symantec services still present, and if you no longer have that software, you want to get rid of those. Other than that it's a pretty clean log. I'd just check and have HijackThis fix the following lines in order to get rid of a couple of orphaned or empty registry keys/values: F3 - REG:win.ini: load= F3 - REG:win.ini: run= O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file) O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file) Thank you TK! lol, here is the story on the anti-spywares: I have license from work for SD and actually just turn it on periodically to update. I was not going to renew SS but when SD v5 came out there were a ton of problems so I renewed. AVG A-S two minute memory scan returns leaked RAM. Can't explain it but it does it. WD likes to create restore points, kind of like it watching out for me! Last but not least, I back up with Ghost10. Thank You again! Link to comment Share on other sites More sharing options...
TonyKlein Posted July 11, 2007 Share Posted July 11, 2007 Alrighty then... If you have no more Symantec software installed you also want to fix the following lines: O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now