| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 149540 | 2021-01-26 03:37:00 | HJT | Lurking (218) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1474711 | 2021-01-26 03:37:00 | Earlier thread closed. Certainly miss Speedy on this, but, help maybe still out there. Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 2:50:02 p.m., on 26/01/2021 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) CHROME: 51.0.2704.103 Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\1.3.36.52\GoogleCrashHandler.e xe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Everything\Everything.exe C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\explorer.exe H:\My Documents from NEC\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [Restoro] "C:\Program Files\Restoro\bin\RestoroApp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Express Accounts Accounting Software (ExpressAccountsService) - Unknown owner - C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google LLC - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google LLC - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe -- End of file - 6136 bytes Appreciate what needs deleting. Have run all the CC, MWB, SuperAnti crap removers'. Had the ram replaced on this XP SP3 machine, I use it for genealogy to laptop from the larger screen. Greta would be very pleased I don't replace to the latest thing available. rofl. lurking. |
Lurking (218) | ||
| 1474712 | 2021-01-26 18:28:00 | From manually inspecting what I can see its OK. The only thing Wasn't sure about was "C:\Program Files\Restoro\bin\RestoroApp.exe" But looking it up its some sort of System Repair Scanner. The majority of the log analyzers have not been updated in years, one reason is because windows changes so much they cant keep up and the old analyzers ( most are from XP Days) either don't know, or mark legit files as bugs. |
wainuitech (129) | ||
| 1474713 | 2021-01-26 19:19:00 | Whats this? C:\Program Files\Everything\Everything.exe |
piroska (17583) | ||
| 1474714 | 2021-01-26 19:51:00 | Whats this? C:\Program Files\Everything\Everything.exe Its a 3rd party search tool. Anyway, cam Panda AV & Superantispyware co-exist happily. I would uninstall or disable one of them . |
1101 (13337) | ||
| 1474715 | 2021-01-26 22:21:00 | Would also pay to run AdwCleaner through if not already done www.malwarebytes.com |
Lawrence (2987) | ||
| 1474716 | 2021-01-26 23:59:00 | Everything is a great search tool | bevy121 (117) | ||
| 1474717 | 2021-01-27 02:11:00 | Thanks everyone and I forgot to run AdwCleaner, it's out there on H drive's back-ups. Bevy121, Everything is a very fast search program. lurking. |
Lurking (218) | ||
| 1474718 | 2021-01-28 22:01:00 | I love Everything, not just because it breaks English when trying to refer to it... For Linux, there's a clone of Everything, called fsearch: github.com |
Agent_24 (57) | ||
| 1 | |||||