Is any of this spyware or malware?

Dell / Dell dv051...
January 13, 2011 at 15:37:45
Specs: Windows XP, 2.793 GHz / 502 MB
Ok, so I have done some research on other forums and figured out that I had to install the spyware scanner "HijackThis." So i installed that and did a system scan. I do nt know what any of the scan results mean to be able to locate any spyware or any type of virus's so here is a list of the scan results. Can anyone help me and tell me what is a virus?
Thank you.

edited by moderator: remove un-requested log

See More: Is any of this spyware or malware?

Report •

January 13, 2011 at 16:40:04
1.) Programs like HiJackThis should be used to help remove malware, not routinely checked to see if malware exists. Do you have any signs of malware on your computer, like an unusual message or scan results from an anti-malware program? Have you used respectable anti-malware programs like Malwarebytes' Antimalware and/or SUPERAnti-spyware?

It would be a waste of anyone's time looking through the log unless their is a possible problem. I'm certainly not going to give a comprehensive analysis without probable cause. Any decent malware specialist would manually inspect the log themselves instead of relying on an online log scanner, so don't bother going there either.

2.) It has been a long time since HiJackThis was last updated and newer malware can easily evade detection from it, so more and more malware removal specialists are using up to date programs like OTL.

Report •

January 13, 2011 at 16:48:05
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

There is no need for that ^^ to be in system.ini

O2 - BHO: (no name) - {0203090B-4E4D-4280-AD0E-2A9DFC10D3E6} - C:\WINDOWS\system32\geede.dll (file missing)

O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{80F24~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{80F24~1\reboot.ini -l0x9

O4 - HKLM\..\RunOnce: [DSC3 updater] "C:\Documents and Settings\benny\Local Settings\Temporary Internet Files\Content.IE5\MBGDRQ2A\aulauncher[1].exe" /launchrunonce

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

They don't belong in RunOnce. Legit file names are sometimes used for malware. That's what I think is happening on your machine.

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\..\{021E6494-2A96-4163-9D1F-A55BDA5D1EB3}: NameServer =,
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =,

O17 - HKLM\System\CS2\Services\Tcpip\..\{021E6494-2A96-4163-9D1F-A55BDA5D1EB3}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =,

If you don't live in the Ukraine, your DNS has been hijacked.
O20 - Winlogon Notify: cbxxxxv - cbxxxxv.dll (file missing)
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll (file missing)
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll (file missing)
O20 - Winlogon Notify: __c00CAA64 - C:\WINDOWS\system32\__c00CAA64.dat (file missing)

How do you know when a politician is lying? His mouth is moving.

Report •

January 14, 2011 at 07:24:13
The log files are not that easy to understand right off the bat.
If you think you have a problem you can...for free... copy and paste it at and get an opinion

Report •

Related Solutions

January 14, 2011 at 10:10:13
He has my opinion. That's all he needs.

How do you know when a politician is lying? His mouth is moving.

Report •

Ask Question