On my website http://mrspock.dsmirc.co.uk (http://mrspock.dsmirc.co.uk), I have a section about/for HijackThis.
I have received only positives reactions on it.
Many people where/are very pleased with it, so I thought let's share it with more people.
I created a little util (HiLoA, HIjackthis LOg Analyzer) that can analyze a HJT log.
It does not only tell what is nasty/safe or for the user to choose, but also gives explanations about many things that are in the log
Sample of what can be in the result after analyzing:
Quote
General data
================================================================================
You are using the latest version of HijackThis.
You are using the latest version of Internet Explorer.
Your OS seems to be up to date.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
================================================================================
=========================================================================
L Legitimate items. Do not fix/remove these.
X Definatly bad ones. Fix/remove them.
? Unknow things. If you have information about them, let us know.
U Users choice. These items are not needed for a system to work properly.
We suggest to fixed/remove them. But the choice is yours.
M Check this item manualy in strings.dat.
This can be caused by a known issue.
(See readme.txt > known issues > nr.1)
==========================================================================
L c:\windows\explorer.exe
Windows Program Manager or Windows Explorer which handles the Windows Graphical Shell
L c:\program files\alwil software\avast4\aswupdsv.exe
Avast's anti-virus update service
I am not saying it is the perfect tool for analyzing HJT logs, and I am not saying it will ever be, but for many people it is a lot of help.
Feel free to use it as it as. It is freeware and will always stay that way.
Since I am only one person and also got other things to do, I could a little help for this util.
If you can and are willing/able to, please add descritptions about items it recognizes and send strings.dat and desc.dat to me after doing so.
That way I can improve the util.
Very much thanks in advance.
Artras, :)
First of all, Welcome to our forum :thumbsup: :gwave:
I tried out your tool and honestly I´m not impressed. It needs some tweaking, before you go public.
The task you have endeavoured is very complicated and complex.There are others, who have made the same without success.
Analyzing a HJT-log manually is very time conduming and needs a lot of investigation because most malwares use random names and startup commands.To do it automaticly is bound to come up with results in error or incorrectinformation.
I have been analyzing HJT-logs for several years, and quite frankly, if you´d take an advice I´d say it´s better you spend your time doing something else that eventually has a chance of success. An automated HJT-analyzer could never succeed.
You might think I´m discouraging and maybe even rude saying so. But it´s a well intended advice when HJT is such a compex tool that could generate so many errors if a human eye is not present. One wrong move and !!pooof!! goes your system.
Anyway, I tried the tool and below is the result.
1. I added a couple of items that aren´t in my system, just to see what the result of malicious items should be.
These two aren´t in my original log:
O4 - HKLM\..\Run: [Loadqm] C\Windows\svchost.exe
and...
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mfcmw.exe" /s (file missing)
The O4-object is run from "Windows" and is always malicious in Win2K-XP if not in the System32-folder
The O-23 object is a malicious service and is very difficult to remove,when it needs a lot of registry tweaking to change the permissions before it could be deleted.
2. Your tool also states that /s (file missing) is the filename, which of course is incorrect.
When HJT says a (file missing) among the services, most likely the file is there, it´s only HJT that doesn´t "see" it.
The same issue appears among the O8-objects in a HJT-log.
3. The tool doesn´t recognize a "CounterSpy" file !! Nor "PestPatrol"
4. I use the swedish edition of XP, and the default program folder is "Program".
5. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = is what it says, "Window Title". That´s on top of the IE page and always "safe" . Sometimes annoying, yes, but still safe :).
6. The O-18 object in my log (msgrapp.dll) is a file that comes with MSN messenger v 7.5. What is does and what it´s good for I´m still confused about. It´s not malicious ,thogh. :)
My logfile, with the tampered entries in blue
Entry Kind
(Safe, Nasty, Unknown) Description Tip
Logfile of HijackThis v1.99.1
Safe. Shows the version of HijackThis an. The newest version is: v1.99.1!
This should be the newest version. (v1.99.1)
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180!
This should be the newest version. (6.00.2900.2180)
C:\WINNT\System32\smss.exe
Safe. running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.
C:\WINNT\system32\winlogon.exe
Safe. running process. (winlogon.exe)
Systemprozess - Windows Login Routine
C:\WINNT\system32\services.exe
Safe. running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.
C:\WINNT\system32\lsass.exe
Safe. running process. (lsass.exe)
Systemprozess
C:\WINNT\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\WINNT\System32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
Safe. running process. (StyleXPService.exe)
C:\WINNT\Explorer.EXE
Safe. running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste.
C:\WINNT\system32\spoolsv.exe
Safe. running process. (spoolsv.exe)
Systemprozess
C:\WINNT\SOUNDMAN.EXE
Safe. running process. (SOUNDMAN.EXE)
C:\Program\Babylon\Babylon.exe
Safe. running process. (Babylon.exe)
Possibly nasty! According to our database this process runs normally in c:\programme\babylon\! Check if you know this process and arrange a viruscheck where required.
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
Safe. running process. (avgemc.exe)
Antivirensoftware
Possibly nasty! According to our database this process runs normally in c:\program files\grisoft\avg free! Check if you know this process and arrange a viruscheck where required.
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
Safe. running process. (avgcc.exe)
Antivirensoftware
Possibly nasty! According to our database this process runs normally in c:\program files\grisoft\avg free! Check if you know this process and arrange a viruscheck where required.
C:\WINNT\system32\rundll32.exe
Safe. running process. (rundll32.exe)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
C:\Program\DELADE~1\TerraTec\SCHEDU~1\TTTimer.exe
Safe. running process. (TTTimer.exe)
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required.
C:\Program\Delade filer\TerraTec\Remote\TTTVRC.exe
Safe. running process. (TTTVRC.exe)
Possibly nasty! According to our database this process runs normally in c:\programme\terratec\cinergy 400 tv\! Check if you know this process and arrange a viruscheck where required.
C:\Program\AnalogX\CookieWall\cookie.exe
Unknown running process. (cookie.exe)
CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
This is a unknown process.
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
Safe. running process. (avgamsvr.exe)
Antivirensoftware
Possibly nasty! According to our database this process runs normally in c:\program files\grisoft\avg free! Check if you know this process and arrange a viruscheck where required.
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
Safe. running process. (avgupsvc.exe)
Antivirensoftware
Possibly nasty! According to our database this process runs normally in c:\progra~1\grisoft\avgfre~1! Check if you know this process and arrange a viruscheck where required.
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
Safe. running process. (jusched.exe)
Java Runtime
Possibly nasty! According to our database this process runs normally in c:\programme\java\.*\bin\! Check if you know this process and arrange a viruscheck where required.
C:\Program\ewido\security suite\ewidoctrl.exe
Safe. running process. (ewidoctrl.exe)
Ewido Security Suite
C:\Program\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
Unknown running process. (sunasDTServ.exe)
This is a unknown process.
C:\Program\ewido\security suite\ewidoguard.exe
Safe. running process. (ewidoguard.exe)
Ewido Security Suite
C:\Program\PestPatrol\PPMemCheck.exe
Safe. running process. (PPMemCheck.exe)
C:\Program\Microsoft SQL Server\MSSQL$SPCS\Binn\sqlservr.exe
Safe. running process. (sqlservr.exe)
Possibly nasty! According to our database this process runs normally in c:\programme\microsoft sql server\mssql\binn\! Check if you know this process and arrange a viruscheck where required.
C:\Program\PestPatrol\CookiePatrol.exe
Safe. running process. (CookiePatrol.exe)
C:\Program\WHATPU~1\WHATPU~1.EXE
Unknown running process. (WHATPU~1.EXE)
This is a unknown process.
C:\Program\Tracks Eraser Pro\te.exe
Unknown running process. (te.exe)
Tracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity"
This is a unknown process.
C:\WINNT\System32\nvsvc32.exe
Safe. running process. (nvsvc32.exe)
NVIDIA graphics card driver
Not dangerous, but unnecessary.
C:\Program\TGTSoft\StyleXP\StyleXP.exe
Safe. running process. (StyleXP.exe)
Tool um Windows schöner zu gestalten.
C:\Program\GoldenSection Notes\GSNotes.exe
Unknown running process. (GSNotes.exe)
This is a unknown process.
C:\Program\eDonkey2000\edonkey2000.exe
Safe. running process. (edonkey2000.exe)
C:\Program\INCRED~1\bin\IMApp.exe
Safe. running process. (IMApp.exe)
Incredi Mail
Possibly nasty! According to our database this process runs normally in c:\programme\incred~1\bin\! Check if you know this process and arrange a viruscheck where required.
C:\WINNT\System32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\Program\Delade filer\Real\Update_OB\realsched.exe
Safe. running process. (realsched.exe)
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\real\update_ob\! Check if you know this process and arrange a viruscheck where required.
C:\Program\Internet Explorer\iexplore.exe
Safe. running process. (iexplore.exe)
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
C:\Program\HiJack This\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben.
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dn.se/
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se
Safe. This page has been identified as safe.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.landzdown.com/index.php
Safe. This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dn.se
Safe. This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se
Safe. This page has been identified as safe.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.se/
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WINDOWS VARNING SÅ ATT INTE CONRAD DRIBLAR AV DIG!!!!!och CONRAD rockar FET
Safe. This page has been identified as safe.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
Safe. This page has been identified as safe.
O1 - Hosts: 62.119.189.4 dn.se
Possibly nasty Unknown entries within the HOSTS-file should be fixed.
Unknown URLs should be fixed.
O1 - Hosts: 192.71.238.76 aftonbladet.se
Possibly nasty Unknown entries within the HOSTS-file should be fixed.
Unknown URLs should be fixed.
O1 - Hosts: 193.180.57.70 expressen.se
Possibly nasty Unknown entries within the HOSTS-file should be fixed.
Unknown URLs should be fixed.
O1 - Hosts: 82.165.180.19 forum.expertfixes.info
Possibly nasty Unknown entries within the HOSTS-file should be fixed.
Unknown URLs should be fixed.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 %
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([AA58ED58-01DD-4d91-8333-CF10577473F7] - Result: AA58ED58-01DD-4d91-8333-CF10577473F7) has been checked. Hit rate: 99 %
O3 - Toolbar: TreeHugger.DeskBand - {685F6BAC-B410-4914-9563-AE3D1C33188E} - C:\WINNT\Treehugger\treehugger.dll
Unknown Entries found in this registry zone are potentially nasty. This application ([685F6BAC-B410-4914-9563-AE3D1C33188E] - Result: ) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: -1 %
If you do not know that application, fix it.
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([2318C2B1-4965-11d4-9B18-009027A5CD4F] - Result: 2318C2B1-4965-11D4-9B18-009027A5CD4F) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 96 %
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
Safe. Find more information about its use here
Hit rate: 99 % (result)
Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
Safe. System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel
Hit rate: 40 % (result)
Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Safe. Application that allows a users to have 32 virtual desktops, get a desktop larger than the viewable area of the monitor, divide the display across more than one monitor, manage applications, and many more features.
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
Safe. Part of NVidia
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
Safe. Part of NVidia
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
Safe. Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Hit rate: 91 % (result)
O4 - HKLM\..\Run: [Babylon Client] C:\Program\Babylon\Babylon.exe -AutoStart
Safe. Babylon Translator
Hit rate: 80 % (result)
O4 - HKLM\..\Run: [AVG7_EMC] C:\Program\Grisoft\AVGFRE~1\avgemc.exe
Safe. AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
Hit rate: 69 % (result)
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Safe. AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
Hit rate: 71 % (result)
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\Program\DELADE~1\TerraTec\SCHEDU~1\TTTimer.exe
Safe.
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program\Delade filer\TerraTec\Remote\TTTVRC.exe
Safe. TerraTec Remote Control
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [CookieWall] C:\Program\AnalogX\CookieWall\cookie.exe
Safe. CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
Safe. Part of RealPlayer
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
Safe. System Tray access to Apple's "Quick Time" viewer from version 5 onwards
Hit rate: 94 % (result)
Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe
Safe. Java von Sun
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [sunasDTServ] C:\Program\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
Unknown
Hit rate: 12 % (result)
Unknown application.
O4 - HKLM\..\Run: [sunasServ] C:\Program\Sunbelt Software\CounterSpy Client\sunasServ.exe
Unknown
Hit rate: 14 % (result)
Unknown application.
O4 - HKLM\..\Run: [PestPatrolRegistration] C:\Program\PestPatrol\Register.exe
Unknown
Hit rate: 6 % (result)
Unknown application.
O4 - HKLM\..\Run: [PestPatrol Control Center] C-\Program\PestPatrol\PPControl.exe
Safe. PestPatrol Control Terminal - launches PestPatrol features such as PPMemCheck and CookiePatrol
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [PPMemCheck] C:\Program\PestPatrol\PPMemCheck.exe
Safe.
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [CookiePatrol] C:\Program\PestPatrol\CookiePatrol.exe
Safe.
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [Loadqm] C\Windows\svchost.exe
Unknown
Hit rate: 9 % (result)
Unknown application.
O4 - HKCU\..\Run: [WhatPulse] C:\Program\WHATPU~1\WHATPU~1.EXE
Unknown
Hit rate: 6 % (result)
Unknown application.
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program\Tracks Eraser Pro\te.exe min
Safe. Tracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity"
Hit rate: 82 % (result)
O4 - HKCU\..\Run: [STYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide
Safe. Tool um Windows mit anderen Styles zu versorgen.
Hit rate: 99 % (result)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Safe. Part of Acrobat Reader 7
Hit rate: 79 % (result)
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program\INCRED~1\bin\resources\WebMenuImg.htm
Safe. The entry &Add animation to IncrediMail Style Box has been identified as safe.
If the entry '&Add animation to IncrediMail Style Box ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html
Safe. The entry &Google Search has been identified as safe.
If the entry '&Google Search ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html
Safe. The entry Backward &Links has been identified as safe.
If the entry 'Backward &Links ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html
Safe. The entry Cac&hed Snapshot of Page has been identified as safe.
If the entry 'Cac&hed Snapshot of Page ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
Safe. The entry E&xport to Microsoft Excel has been identified as safe.
If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
Safe. The entry E&xportera till Microsoft Excel has been identified as safe.
If the entry 'E&xportera till Microsoft Excel ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html
Safe. The entry Si&milar Pages has been identified as safe.
If the entry 'Si&milar Pages ' is not needed anymore, it should be fixed.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
Safe. The entry has been identified as safe.
If the entry '' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
Safe. The entry Sun Java has been identified as safe.
If the entry 'Sun Java' is not needed anymore, it should be fixed.
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
Safe. The entry Referensinformation has been identified as safe.
If the entry 'Referensinformation ' is not needed anymore, it should be fixed.
O9 - Extra button: Kalkylatorn - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINNT\System32\calc.exe
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed.
To be fixed if the entry 'Kalkylatorn ' is unknown.
O9 - Extra 'Tools' menuitem: Kalkylatorn - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINNT\System32\calc.exe
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed.
To be fixed if the entry 'Kalkylatorn ' is unknown.
O9 - Extra button: HiJackThis - {75DD409A-46C2-4F53-8B2F-74C74FC9A174} - C:\Program\HiJack This\HijackThis.exe (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed.
To be fixed if the entry 'HiJackThis ' is unknown.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
Safe. This entry has been identified as safe.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1120179461453
Safe. This entry has been identified as safe.
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
Safe. This entry has been identified as safe.
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
Possibly nasty Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed.
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mfcmw.exe" /s (file missing)
Unnecessarily These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
Unknown service. (s (file missing))
Unnecessary (deactivated) entry that can be fixed.
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (avgamsvr.exe) was identified as a good one.
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (avgupsvc.exe) was identified as a good one.
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (ewidoctrl.exe) was identified as a good one.
O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido\security suite\ewidoguard.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (ewidoguard.exe) was identified as a good one.
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (nvsvc32.exe) was identified as a good one.
O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (StyleXPService.exe) was identified as a good one.
This log has been checked automatically.
Check your log file automatically at www.hijackthis.de.
Like I said, I hope I didn´t upset you, not my intention at all. If you continue to improve your tool I whish you all the best .
If you want to come back for a new review :P I´d gladly look at it again .
And by the way, among the help links on your page, you´re welcome to add "LandzDown" if you whish.
Regards
Die Hard :)
Hello,To all
Well i have to say i'm with Die Hard on this one.
now i am by far no Pro on HijackThis just a newbie
but have to say these things will just start problems
it gives the user the idea that it's a fix all.
& as we have seen before some users will remove
anything they think is bad but keep-up the great work
Thank you
First of all, sorry for my late reply. Busy times and heavy health problems prevented me from replying.
As I said "I am not saying it is the perfect tool for analyzing HJT logs, and I am not saying it will ever be"
Serious replies like the one from Die Hard, are never taken offensive by me.
They are a good contribution and provide me with info/ideas to improve the util.
I always take them serious and I am thankfull that people take their time to write a serious and extended reaction.
The util is nor ever was ment to be a "perfect" HJT log analyzer.
It is ment to give people at least some idea on some of the entries in the HJT log.
Since many people consider it a nice help, I will keep working on it. Any serious reactions/ideas are always welcome. Ofcourse everyone is free to use it or not. The choice is yours.
For those who are interested, here is a little history and reactions:
http://forum.avast.com/index.php?topic=5796.0 (http://forum.avast.com/index.php?topic=5796.0)
Again, thanks for your input Die Hard.
Keep up the good work and stay healthy everyone!
Artras :)
Thank you for coming back. I was afraid I scared you off :roll:
QuoteSince many people consider it a nice help, I will keep working on it.
Yes it is, if it gives adequate results. I´m sure it will if you continue working on it.
You will have to clearly tell users of your tool not to start deleting items blindly.If something fishy is discovered, the user should immediately turn to a reputable forum for technival help and advice.
A long list of forums are listed here, all members of ASAP, (Alliance of Security Analyzis Professionals) :
http://asap.maddoktor2.com/
regards
Die Hard :)