CastleCops® HijackThis Review

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Reviewer: Anginator
Company: Merijn, Visit Site
Product: HijackThis ... Version: 1.97.7
Visit the store. Write your own review!
Whitelist Approved by CastleCops Security Professionals

	Reviewer's Ratings	Avg Company Rating
Overall Feeling
Customer Support
Value for the money
Product's ease of use
Ease of installation
Product website
Reliability

Compare Product Reviews in this Class

This program has saved my butt a few times. One of the 1st programs I install on a freshly formatted drive.

Added: August 26th 2004

Hits: 8595
NOTE: Product reviews are independently written by our members and do not necessarily express the opinions or views of CastleCops.

[ Back to Reviews Index | Post Comment ]

HijackThis
Posted by Paul on 2004-08-31 17:13:06
My Score:

Please post your hijackthis log in our forums:

http://castlecops.com/forums.html

HijackThis
Posted by alabamagirlie20032003 on 2004-08-29 15:27:33
My Score:

I was told by someone on my friends list that i had a keylogger that had been put on my computer...Can you tell me if anything looks suspisious on my Hijack this log and if so what do i need to do?

Logfile of HijackThis v1.98.2
Scan saved at 2:37:01 PM, on 8/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:windowssystemhpsysdrv.exe
C:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
C:HPKBDKBD.EXE
C:Program FilesWildTangentDDCDDCManagerDDCMan.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program Fileshp center137903ProgramBackWeb-137903.exe
C:Program FilesTrojan Guarder Gold VersionTrojan Guarder.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:Program FilesInternet Exploreriexplore.exe
C:unzippedhijackthis[1]HijackThis.exe
C:Program FilesMessengermsmsgs.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://us6.hpwis.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://srch-us6.hpwis.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://srch-us6.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:HPEXPLOREBARHPTOOLKT.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [CamMonitor] c:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 - HKLM..Run: [StorageGuard] C:Program FilesVERITAS SoftwareUpdate Managersgtray.exe /r
O4 - HKLM..Run: [DDCM] C:Program FilesWildTangentDDCDDCManagerDDCMan.exe -Background
O4 - HKLM..Run: [DDCActiveMenu] C:Program FilesWildTangentDDCActiveMenuDDCActiveMenu.exe -boot
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
O4 - HKLM..Run: [ccApp] C:Program FilesCommon FilesSymantec SharedccApp.exe
O4 - HKLM..Run: [Advanced Tools Check] C:PROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [Instan-t] C:Program FilesSurfSecretIMSafeitload.exe monitor
O4 - HKCU..Run: [MSMSGS] C:Program FilesMessengermsmsgs.exe /background
O4 - HKCU..Run: [Yahoo! Pager] C:Program FilesYahoo!Messengerypager.exe -quiet
O4 - Global Startup: hp center UI.lnk = C:Program Fileshp center137903ShadowShadowBar.exe
O4 - Global Startup: hp center.lnk = C:Program Fileshp center137903ProgramBackWeb-137903.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:Program FilesTrojan Guarder Gold VersionTrojan Guarder.exe
O4 - Global Startup: Trojan Guarder.lnk = C:Program FilesTrojan GuarderTrojan Guarder.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycdict.htm
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neopets4.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O17 - HKLMSystemCCSServicesTcpip..{B8E280D2-2624-423A-95BE-C8812EF634A0}: NameServer = 166.102.165.11 166.102.165.13


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 163ppm 0.078s (0.002s) Making cybercriminals unhappy since 2002*