[John Burns]

Quote:

Originally Posted by franca

Understand HijackThis Results with HijackReader

This is a good site - and I use it just for my own learning process - however, I think people should be warned that it really takes an expert in this forum to fully understand and resolve issues on an infected computer. I only use it to confirm my own peace of mind - not to resolve issues which might be causing my pc to act strangely or slow down, etc. If I thought I had a problem, I would ask for help in here and post the log for them (the experts) to look at and advise me.

[ChuckE]

Quote:

Originally Posted by ferrija1

Easy (and stunning) multiplication.
http://www.metacafe.com/watch/296904...ication_trick/

Well, yeah, that is very interesting, but try it on something a bit more complicated than one or two digits, with values greater than 5. It gets complicated real fast!

Try 765 x 468.
Or simpler, but still gets confusing, just 84 x 67.

I did like the image of this multiplication "trick", but now that I've seen it, I will try my best to forget it.

I once talked to a person from Europe, and had seen the method she used, and was taught, to multiply. I was so glad to not have been raised in Europe. What a confusion!

I, sure as heck, would not want to show her the method we were taught to calculate square roots. . . .
For the uninitiated, way back before calculators, there was a long form method we were taught to calculate square roots. It was not easy or pretty, but it does work.

[ferrija1]

Yes, it's not easy to use with long numbers but I just found it interesting that you could multiply with lines.

[hewee]

Quote:

Originally Posted by franca

Understand HijackThis Results with HijackReader

Cool but I would only use it for info and have someone that knows how to read your HijackThis log tell you what is what.

I just ran it and out of 38 things only 13 said OK and the rest said FIX IF UNKNOWN.

Text version of the log below.

Quote:

HijackReader Analysis Log
----------------------------------------------------------------------

Analysis date: 02-12-2008, 23:02:40
HijackThis Version: v2.0.2
Log-length: 74 lines
HijackReader Version: HijackReader v1.03 Beta


RESULTS:


FIX IF UNKNOWN: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/My_homepage.html(Fix it, if you don't recognize the the program. Internet Explorer Start/Search pages URLs)


FIX IF UNKNOWN: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = (Fix it, if you don't recognize the the program. Internet Explorer Start/Search pages URLs)


FIX IF UNKNOWN: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = (Fix it, if you don't recognize the the program. Internet Explorer Start/Search pages URLs)


OK: O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\PROGRAM FILES\SNAGIT 7\SNAGITBHO.DLL(Checked with TonyK's List. No threats found. Browser Helper Objects)


OK: O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL(Checked with TonyK's List. No threats found. Browser Helper Objects)


OK: O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX(Checked with TonyK's List. No threats found. IE toolbars)


OK: O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\PROGRAM FILES\SNAGIT 7\SNAGITIEADDIN.DLL(Checked with TonyK's List. No threats found. IE toolbars)


UNDETERMINED: O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun(*** POSSIBLE THREAT: nsrvnt.exe - Added by the NERTE TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe. *** POSSIBLE THREAT: scanregv.exe. *** GOOD: Scanregw.exe - "Scans the system registry and makes back-ups at start-up. Important should the registry become corrupt. The executable ""Scanregw.exe"" is located in %windir% (where %windir% is the Windows directory - C:Windows or C:Winnt)". *** POSSIBLE THREAT: Scanregw.exe. *** POSSIBLE THREAT: N/A. *** POSSIBLE THREAT: scanregw.exe. *** POSSIBLE THREAT: update.exe. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\Run: [SystemTray] SysTray.Exe(*** GOOD: SystemtrayV100B.exe - Apparently Annex A ADSL modem related. What does it do and is it required?. *** GOOD: CLI.exe SystemTray. *** GOOD: FoneSyncSystemTray.exe. *** GOOD: SDWTRAY.EXE. *** GOOD: SysTray.Exe. *** POSSIBLE THREAT: SystemTray.exe - Added by the BIGFOOT TROJAN! Note - this is not the legitimate systray.exe process. *** POSSIBLE THREAT: SysTray.exe. *** GOOD: SDSystemTray.exe. *** GOOD: SRSystemTray.exe. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme(*** POSSIBLE THREAT: ASDAPI.EXE - Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll. *** GOOD: Rundll32.exe powrprof.dll - Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings. *** POSSIBLE THREAT: Rundll.exe powerprof.dll. *** POSSIBLE THREAT: rundl.exe. *** POSSIBLE THREAT: Rundll32.exe. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE(*** GOOD: zlclient.exe - Firewall program from Zonelabs. Pro version inlcudes other online security options. *** POSSIBLE THREAT: svchost.exe - Added by the NETSKY.F WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE(*** GOOD: KHALMNPR.EXE - Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint. *** GOOD: Khalmnpr.exe. *** GOOD: KEM.exe. *** GOOD: KHALMNPR.EXE. *** GOOD: Setpoint.exe. *** POSSIBLE THREAT: SetPoint.exe - Added by the RBOT-BWI WORM! Note - this is not the valid Logitech Setpoint mouse and keyboard entry that uses the same filename and is located in the LogitechSetpoint sub-folder of Program Files. This file is located in the System (9x/Me) or System32 (NT/2K/XP/Vista) folder. *** GOOD: Setpoint.exe. *** POSSIBLE THREAT: KHALMNP.exe. Autoloading programs from Registry or Startup group)


OK: O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE(*** GOOD: Khalmnpr.exe - Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp(*** GOOD: rundll32.exe tweakui.cpl, tweakmeup - "Restores settings that can't be retained if you have Microsoft's Tweak UI ""powertoy"" installed". *** GOOD: rundll32.exe tweakui.cpl, tweaklogon. *** POSSIBLE THREAT: RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup - "Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is ""rundll32.exe tweakui.cpl, tweakmeup""". *** GOOD: RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp. *** GOOD: TWEAK-ME.exe. Autoloading programs from Registry or Startup group)


OK: O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE(*** GOOD: Avgamsvr.exe - AVG antivirus related. Autoloading programs from Registry or Startup group)


OK: O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP(*** GOOD: AVGCC.exe - AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates. *** GOOD: avgcc.exe. <b>***USERLIST: </b>AVG Antivirus software, Usually safe if located in the Program Files folder (or the like). Autoloading programs from Registry or Startup group)


OK: O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE(*** GOOD: AVGEMC.exe - AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe(*** POSSIBLE THREAT: netdaemon /v - "Malware designed to ""kill"" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)". *** GOOD: WinPatrol.exe - "WinPatrol - ""Manage Startup programs, tasks, cookies. *** GOOD: WinPatrolEx.exe. Autoloading programs from Registry or Startup group)


OK: O4 - HKLM\..\Run: [Dimension4] F:\PROGRAM FILES\D4\D4.EXE(*** GOOD: d4.exe - Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down. Autoloading programs from Registry or Startup group)


OK: O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe(*** GOOD: devldr16.exe - "Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use ""Sound Play Control"" and ""Sound Recorder"". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable ""Creative SB16 Emulation"" under Creative Miscellaneous Devices". *** GOOD: devldr16.exe. Autoloading programs from Registry or Startup group)


OK: O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run(*** GOOD: hidserv.exe - This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards. *** GOOD: mmhid.dll. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme(*** POSSIBLE THREAT: ASDAPI.EXE - Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll. *** GOOD: Rundll32.exe powrprof.dll - Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings. *** POSSIBLE THREAT: Rundll.exe powerprof.dll. *** POSSIBLE THREAT: rundl.exe. *** POSSIBLE THREAT: Rundll32.exe. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service(*** GOOD: VSMON.EXE - Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this. *** POSSIBLE THREAT: vsmon.exe - Added by the RBOT.BO WORM! If this was the ZoneAlarm firewall the name column would be TrueVector. Autoloading programs from Registry or Startup group)


OK: O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE(*** GOOD: KB918547.EXE - Bug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me only. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\RunServices: [U891711] C:\WINDOWS\SYSTEM\U891711\KB891711.EXE( Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon(*** GOOD: rundll32.exe tweakui.cpl, tweakmeup - "Restores settings that can't be retained if you have Microsoft's Tweak UI ""powertoy"" installed". *** GOOD: rundll32.exe tweakui.cpl, tweaklogon. *** POSSIBLE THREAT: RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup - "Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is ""rundll32.exe tweakui.cpl, tweakmeup""". *** GOOD: RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp. *** GOOD: TWEAK-ME.exe. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKCU\..\Run: [HostsServer] "C:\PROGRAM FILES\ABELHADIGITAL.COM\HOSTSMAN\HOSTSSRV.EXE" --start( Autoloading programs from Registry or Startup group)


OK: O4 - HKCU\..\Run: [HostsMan] "C:\PROGRAM FILES\ABELHADIGITAL.COM\HOSTSMAN\HM.EXE" -s(*** GOOD: hm.exe - HostsMan is a freeware application that lets you manage your Hosts file with ease. It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file. Autoloading programs from Registry or Startup group)


UNDETERMINED: O4 - HKUS\.DEFAULT\..\Run: [HostsServer] "C:\PROGRAM FILES\ABELHADIGITAL.COM\HOSTSMAN\HOSTSSRV.EXE" --start (User 'Default user')( Autoloading programs from Registry or Startup group)


OK: O4 - HKUS\.DEFAULT\..\Run: [HostsMan] "C:\PROGRAM FILES\ABELHADIGITAL.COM\HOSTSMAN\HM.EXE" -s (User 'Default user')(*** GOOD: hm.exe - HostsMan is a freeware application that lets you manage your Hosts file with ease. It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file. Autoloading programs from Registry or Startup group)


FIX IF UNKNOWN: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present(Fix it, unless you use SpyBot's 'Lock homepage' or caused intentionally by admin. IE Options access restricted by Administrator)


FIX IF UNKNOWN: O8 - Extra context menu item: Save Flash - res://C:\PROGRAM FILES\UNH SOLUTIONS\FLASH SAVING PLUGIN\FLASHSBUTTON.DLL/210(Fix it, if you don't recognize the name of the item in IE's right-click menu. Extra items in IE right-click menu)


FIX IF UNKNOWN: O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL(Fix it, if you don't recognize the button or menuitem (in the IE menu). Extra buttons or menu-items on main IE toolbar)


FIX IF UNKNOWN: O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL(Fix it, if you don't recognize the button or menuitem (in the IE menu). Extra buttons or menu-items on main IE toolbar)


FIX IF UNKNOWN: O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\PROGRAM FILES\UNH SOLUTIONS\FLASH SAVING PLUGIN\FLASHSBUTTON.DLL (HKCU)(Fix it, if you don't recognize the button or menuitem (in the IE menu). Extra buttons or menu-items on main IE toolbar)


FIX IF UNKNOWN: O15 - Trusted Zone: http://download.windowsupdate.com(Usually only AOL and CoolWebSearch add URLs here. Fix if you didn't add the URL yourself. Unwanted sites in Trusted Zone)


FIX IF UNKNOWN: O15 - Trusted Zone: http://*.windowsupdate.com(Usually only AOL and CoolWebSearch add URLs here. Fix if you didn't add the URL yourself. Unwanted sites in Trusted Zone)


FIX IF UNKNOWN: O15 - Trusted Zone: http://*.update.microsoft.com (Usually only AOL and CoolWebSearch add URLs here. Fix if you didn't add the URL yourself. Unwanted sites in Trusted Zone)

[Byteman]

Hi, Right hewee.....We definitely do not trust those automated Hijackthis readers at all. They have all given bad results.

[hewee]

Byteman,
That is so right. Now I have gone and looked at other web sites where you can have your Hijackthis and they can be good to look at and they did better then this HijackReader but still I use it only to look at and if I want to really know I have always posted my log here for those that know to look at it.
I also save copies of the Hijackthis logs and once I am told all is OK with my Hijackthis log I save it marked as OK. I then have it to look at and when anything new is added I know what new thing is there and if I don't understand what it is I will post it again.

What is funny is the last 3 things in that log are what I have added to IE trust zone and the only sites I have added to the IE trust zone because they are needed for MS Updates.
The SDHELPER.DLL one was added after Spybot - Search & Destroy 1.4 came out or added because what or how I installed it.

[franca]

5 Steps to Using Online Financial Sites Safely

[franca]

Malicious Web sites on the rise

[ferrija1]

Finding a Mac-compatible MP3 player
http://www.komando.com/tips/

[franca]

Always check the cables

[franca]

Using your backups



Attaching files to an e-mail

[franca]

Burn better

[franca]

Dude! Where's my icons? What to do when all your desktop icons disappear

[franca]

How to download AVG Free edition

[franca]

Scan Attachments Before Downloading with VirusTotal

Automatically Lock Your Computer When You Walk Away with Blue Lock

Share Large Files Instantly with EatLime