Jump to content

My HijackThis log

iceangel89
 Share

Recommended Posts


iceangel89

iceangel89

Posted
  • Author
Posted (edited)

thanks.

i got the results:

Full Image:

HijackThisFull.gif

Unknown "threats"?:

HijackThis2.gif

HijackThis.gif

do i Fix checked? what do u think? something like

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

seems like nLite? ... mmm... but i didn't install nLite, but this XP is nLited

Edited by iceangel89
Tarun

Tarun

Posted
Posted

I would not trust HijackThis.de. It's better to have an actual person analyze the results.

I would definitely recommend getting rid of Comodo AntiVirus, switch to Avast or AVG. You mentioned your install has had nLite used on it. I would also highly recommend backing up everything, formatting and reinstalling with a normal Windows install. If you need a download manager, try using DownThemAll!, the Firefox extension instead of the free download manager program. Those kind of programs are often bundled with malware.

Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta.

Default-color items are optional, red are known to be malicious.

Created registry value

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

Changed registry value

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Created registry value

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

Changed registry value

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Created registry value

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Enumeration of existing IE's BHO's

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

Enumeration of existing IE's toolbars

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

Enumeration of suspicious auto-loading registry entries

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

Extra IE context menu items

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

iceangel89

iceangel89

Posted
  • Author
Posted
I would definitely recommend getting rid of Comodo AntiVirus, switch to Avast or AVG. You mentioned your install has had nLite used on it. I would also highly recommend backing up everything, formatting and reinstalling with a normal Windows install. If you need a download manager, try using DownThemAll!, the Firefox extension instead of the free download manager program. Those kind of programs are often bundled with malware.

so remove COMODO Anti-Virus, OK. its annoying anyway. what abt CFP3? this version is annoying too... but is it good, for security?

dont use nLite? why is nLite bad?

OK use DownThemAll! as my Download Manager, it does not have malware i suppose. but does the Firefox extension has stop/resume capabilities?

Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta.

...

O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

...

how do i make sense of this?

and

Enumeration of suspicious auto-loading registry entries

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

...

are from NVIDIA drivers, neros etc looks safe to me?

thanks

Tarun

Tarun

Posted
Posted
so remove COMODO Anti-Virus, OK. its annoying anyway. what abt CFP3? this version is annoying too... but is it good, for security?

dont use nLite? why is nLite bad?

OK use DownThemAll! as my Download Manager, it does not have malware i suppose. but does the Firefox extension has stop/resume capabilities?

For an anti-virus, I would say use Avast or AVG, both have very high detection rates. I personally prefer avast as you can customize it a bit more. AVG is customizable as well, though finding some settings is a bit of a hassle for many users.

I use Comodo Firewall Pro 3 but I only use the Firewall feature, none of that Defense+ stuff. Works great in my opinion.

nLite is used to remove services and other necessary things from your Windows install. While people believe that this improves their performance, they are actually hurting their Windows install and reducing performance. People even go as far as to claim they are getting more RAM back. Idle RAM is wasted RAM, and when there are services that are idle, you're not losing any performance at all. Also, with the size of hard drives now you have plenty of disk space; even with notebook computers. Trimming off a few megabytes to get "better performance" doesn't really happen at all. These things have been debunked on many websites and forums, yet many users still believe in this myth.

Microsoft has even said to CNet News, "Microsoft does not recommend using any tool to strip out applications from Windows prior to installing it on your system, as it may affect your ability to download future Windows updates and service packs, and may cause your system to become unstable."

DownThemAll! is a Firefox extension that allows pausing, resuming and many more things. It's perfectly safe to use. You can find out more about it on http://downthemall.net

how do i make sense of this?

are from NVIDIA drivers, neros etc looks safe to me?

thanks

They're items not needed to startup with your computer. While they are safe, you don't need them at startup and removing them will not cause any issues.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...